In an exclusive interview during Black Hat, Mohammad Flaifel, Regional Sales Director of KSA and Türkiye at Group-IB, shared exclusive insights into Saudi Arabia’s rise as a cybersecurity hub. The conversation delves into the rising threat of AI-driven cyberattacks, the importance of intelligence sharing, and how Group-IB is empowering local talent to strengthen the Kingdom’s cyber defenses.
1. Can you give a brief background on Group-IB’s journey in Saudi Arabia and how it operates in the cybersecurity space?
The company has been around for 23 years, but we started operating in Saudi Arabia three years ago. Since then, we’ve engaged with a wide range of customers, including government entities, financial institutions, and regulators. Our focus has been on supporting them in combating cybercrime. Saudi Arabia is now emerging as a regional cybersecurity hub, and we are proud to contribute to this momentum by advancing investments in local operators and expertise.
2. How do you see Saudi Arabia evolving as a cybersecurity hub, and what role does Group-IB play in this transformation?
Saudi Arabia is one of the fastest-growing economies in the region and is leading the way in digital transformation. With nearly 98–99% mobile phone penetration, the adoption of technology is exploding. However, this rapid digitalization has also attracted cybercriminals, whose attacks are becoming more sophisticated with the use of artificial intelligence (AI). AI allows attackers to dynamically scale their operations, target vulnerabilities with precision, and bypass traditional detection methods, which presents a significant challenge.
As Group-IB, we’re deeply engaged in supporting local entities, telecom operators, banks, and regulators to defend against these emerging threats. Beyond offering solutions, we prioritize building local expertise by training Saudi professionals to combat cybercrime effectively.
3. From your perspective, what are the most pressing trends in cyberattacks within Saudi Arabia today?
Digital transformation has resulted in two primary types of attacks dominating the landscape. First, nation-state attacks target the Kingdom’s critical infrastructure. Second, financially motivated attacks, like phishing and fraud schemes, focus heavily on sectors such as banking.
We’re also seeing a rise in AI-enabled cyberattacks. Attackers are leveraging AI to automate phishing campaigns, develop more convincing social engineering attacks, and create malware capable of bypassing advanced security measures. For example, phishing attacks now use AI to craft highly personalized messages, making them harder to detect and more effective in tricking individuals. These trends underline the need for advanced threat detection solutions, continuous intelligence sharing, and enhanced security measures.
4. What makes the Cyber Fraud Intelligence Platform particularly relevant to Saudi organizations dealing with rising digital fraud?
The Cyber Fraud Intelligence Platform (CFIP) is one of our flagship products. It addresses the growing challenge of combating cyber fraud. A critical issue we’ve identified globally—and particularly in Saudi Arabia—is the lack of intelligence sharing between entities. In cybersecurity, no organization can succeed in isolation. Collaboration is key.
CFIP allows entities to share fraud intelligence securely while respecting privacy regulations. Regulators traditionally prevent financial institutions and others from sharing sensitive data. However, our platform anonymizes and aggregates intelligence, enabling a cooperative approach to fight threats. By learning from each other, entities can detect and address threats proactively, even before they escalate.
5. If you could emphasize one critical takeaway from your latest intelligence work, what would it be?
Sharing intelligence is absolutely crucial. Over the years, I’ve observed that cyberattacks often replicate quickly. Once an attacker succeeds with one organization, they will attempt the same tactics with others across industries and verticals. The only way to prevent this is to equip others with timely intelligence while also learning from them. This drives faster responses—almost zero-day speed—and a unified defense strategy against emerging threats.
6.Saudi Arabia is rapidly building local cybersecurity talent. What gaps still exist, and how is Group-IB addressing them?
While many companies focus solely on bringing their solutions to Saudi Arabia, Group-IB has taken a different approach from day one. We believe the key lies in investing in local capacity and training, as technology requires skilled professionals to operate and optimize it.
Our "glocal" (global + local) approach emphasizes hiring and training local Saudi talent. We also established the Digital Crime Resistance Center (DCRC) to localize cybersecurity expertise. The DCRC equips Saudi professionals with the tools, training, and understanding they need to combat attackers—including those using AI-enhanced techniques—while being mindful of the cultural and operational nuances unique to the region.
This approach helps bridge the talent gap, ensuring a sustainable workforce equipped with cutting-edge knowledge to defend the Kingdom against increasingly sophisticated cyber threats.
