As cyber threats become more sophisticated and AI-driven, businesses in the UAE face mounting pressure to strengthen their cybersecurity posture. According to CPX, there are over 155,000 vulnerable assets across the nation, while Cisco’s Cyber Readiness Index suggests 70% of UAE firms use more than ten different security tools—often leading to fragmented defences.
To better understand the evolving threat landscape and how organisations can take practical steps to secure their infrastructure, we spoke with Danny Jenkins, CEO and Co-Founder of ThreatLocker. Drawing on his background as an ethical hacker and his experience in Zero Trust endpoint protection, Jenkins shares insights into the most common vulnerabilities, how cybercriminals are exploiting AI, and what UAE companies should prioritise in their defence strategies.
1. As a former ethical hacker, what are the most common blind spots you see in UAE companies’ cybersecurity strategies?
Common blind spots I see include the lack of allowlisting implementation, poor patch management, and tool fragmentation. CPX scans are identifying more than 155,000 vulnerable assets in the UAE. The United Arab Emirates is facing an intensified level of cyber risk. Cisco’s 2025 Cyber Readiness Index also suggests that 70% of UAE firms are running more than ten security tools, which can lead to inefficiencies and gaps.
2. How do cybercriminals typically think when planning an attack, and what can UAE businesses learn from this mindset?
Cybercriminals think opportunistically. They probe environments, searching for a single unlocked window of entry. UAE businesses need to secure their environments proactively—this includes blocking unknown or untrusted software and simulating attacks regularly through penetration testing or red teaming to uncover weaknesses and areas for improvement.
3. With AI advancing rapidly, how are hackers leveraging it to enhance their attacks in 2025?
Hackers are now using AI to run automated phishing campaigns, generate malware, and carry out large-scale password spraying. AI has lowered the entry barrier—where once technical expertise was required to create malware, today a chatbot can generate novel malware with just a bit of prompting.
4. What role should AI play in the cybersecurity strategies of UAE organisations moving forward?
Behavioural analytics is one of the most powerful applications of AI in cybersecurity. However, it’s important not to rely solely on detection-based systems, as these can be bypassed and often suffer from delayed response times.
5. What are the top three cybersecurity mistakes you see companies in the UAE repeatedly make?
-
Fragmented toolkits.
-
Inadequate patch management.
-
Allowing untrusted software to run, increasing the risk of malware and remote access abuse.
-
Insufficient least privilege access controls.
-
Lack of application restrictions, which can lead to supply-chain attacks such as the SolarWinds incident.
6. What practical steps should UAE businesses take today to secure their digital infrastructure against evolving threats?
Deploying a Zero Trust security strategy is critical. This approach addresses both existing and emerging threats by removing implicit trust and enforcing strict access controls across all systems and users.
7. How does ThreatLocker plan to support UAE organisations in staying ahead of increasingly complex cyber threats?
ThreatLocker has recently opened a data centre in the UAE to provide improved service to both existing and new customers in the region. We’ve also established a local team of engineers to deliver dedicated support and ensure a seamless experience for organisations operating in the UAE and neighbouring markets.
8. Where do you see the biggest growth opportunity for ThreatLocker in the UAE over the next 12 months?
The biggest opportunity lies in helping UAE businesses overcome common challenges such as weak patch management, lack of least privilege, overreliance on detection tools, and the urgent need for Zero Trust implementation.
