Tech Features
Making Sense of Identity Threat Risks
By David Warburton, Director, F5 Labs
The growing maturity of cloud computing, including shifts towards decentralized architectures and APIs, has highlighted the complexity of managing credentials in increasingly interconnected systems. It has also underlined the importance of managing non-human entities like servers, cloud workloads, third-party services, and mobile devices.
F5 Labs’ 2023 Identity Theft Report defines identity as an artifact that an entity uses to identify itself to a digital system – such as a workload, a computer, or an organization. Examples of digital identities include username/password pairs and other personally identifiable information or cryptographic artifacts such as digital certificates.
Digital identities cannot stand on their own. They require a system to accept and validate them. In other words, for a digital identity to function there must be at least two parties involved: an entity and an identity provider (IdP) that are responsible for issuing and vetting digital identities. However, not all organizations that provide resources are IdPs—many digital services rely on third-party IdPs such as Google, Facebook, Microsoft, or Apple to vet identities.
Based on our recent analysis, the three most prominent forms of attack in the identity threat arena currently are credential stuffing, phishing, and multi-factor authentication (MFA) bypass.
Credential stuffing
Credential stuffing is an attack on digital identity in which attackers use stolen username/password combinations from one identity provider to attempt to authenticate to other identity providers for malicious purposes, such as fraud.
It is a numbers game that hinges on the fact that people reuse passwords,
but the likelihood that any single publicly compromised password will work on another single web property is still small. Making credential stuffing profitable is all about maximizing the number of attempts, which requires automation.
Phishing
Phishing is perhaps rivaled only by denial of service (DoS) attacks in being fundamentally different from other kinds of attacks. It is an attack on digital identity, to be sure, but since it usually relies on a social engineering foothold, it is even more difficult to detect or prevent than credential stuffing.
Phishing attacks have two targets: there is the end user who is in possession of a digital identity, and there is the IdP, which the attacker will abuse once they’ve gotten credentials. Depending on the motives of the attacker and the nature of the system and the data it stores, the impact of a successful phishing trip can land primarily on the user (as in the case of bank fraud), solely on the organization (as in the case of compromised employee credentials), or somewhere in the middle.
On the attacker side, phishing can range from simple, hands-off solutions for unskilled actors to custom-built frameworks including infrastructure, hosting, and code. The most hands-off setup is the Phishing-as-a-service (PhaaS) approach in which the threat actor pays to gain access to a management panel containing the stolen credentials they want, and the rest is taken care of by the “vendor.”
Dark web research indicates that the most popular subtype of phishing service is best described as phishing infrastructure development, in which aspiring attackers buy phishing platforms, infrastructure, detection evasion tools, and viable target lists, but run them on their own.
Brokering phishing traffic, or pharming, is the practice of developing infrastructure and lures for the purposes of driving phishing traffic, and then selling that traffic to other threat actors who can capitalize on the reuse of credentials and collect credentials for other purposes.
Finally, the attacker community has a niche for those who exclusively rent out hosting services for phishing.
The most important tactical development in phishing is undoubtedly the rise of reverse proxy/ man-in-the-middle phishing tools (sometimes known as real-time phishing proxies or RTPPs), the best known of which are Evilginx and Modlishka. This is largely because it grants attackers the ability to capture most multi-factor authentication codes and replay them immediately to the target site facilitating MFA bypass but also making it less likely that the user victim will detect anything is amiss.
Multi-factor authentication (MFA) bypass
Recent years have seen attackers adopt a handful of different approaches to bypassing multi-factor authentication. The differences between these approaches are largely driven by what attackers are trying to accomplish and who they are attacking.
Nowadays, the reverse proxy approach has become the new standard for phishing technology, largely because of its ability to defeat most types of MFA.
MFA bypass tactics include:
- Malware. In mid-2022, F5 malware researchers published an analysis of a new strain of Android malware named MaliBot. While it primarily targeted online banking customers in Spain and Italy when it was first discovered, it had a wide range of capabilities, including the ability to create overlays for web pages to harvest credentials, collect codes from Google’s Authenticator app, capture other MFA codes including SMS single-use codes, and steal cookies.
- Social engineering. There are several variations of social engineering for bypassing MFA. Some target the owner of the identity, and some target telecommunications companies to take control of phone accounts.
- Social Engineering for MFA Code—Automated. These are attacks in which attackers make use of “robocallers” to make phone calls to the target, emulating an identity provider and asking the victim for an MFA code or one-time password (OTP).
- Social engineering for MFA code—Human. This is the same as the above approach except that the phone calls come from humans and not an automated system.
- SIM swaps. In this kind of attack, a threat actor obtains a SIM card for a mobile account that they want to compromise, allowing them to assume control of the victim’s phone number, allowing them to collect OTPs sent over SMS. There are several variations of this approach.
So, what does it all mean?
Identity threats are constant and continuous. Whereas a vulnerability represents unexpected and undesirable functionality, attacks on identity represent systems working exactly as designed. They are therefore “unpatchable” not only because we can’t shut users out, but because there isn’t anything technically broken.
This brings us back to the question of what digital identity really is. To go from real, human identity to digital identity, some abstraction is inevitable (by which we mean that none of us is reducible to our username-password pairs). We often teach about this abstraction in security by breaking it down to “something we know, something we have, and something we are.” It is this abstraction between the entity and the digital identity that attackers are exploiting, and this is the fundamental basis of identity risk.
By thinking about digital identities in this way, what we are really saying is that they are
a strategic threat on par with, but fundamentally different from, vulnerability management. With nothing to patch, each malicious request needs to be dealt with individually, as it were. If modern vulnerability management is all about prioritization, modern identity risk management is essentially all about the ability to detect bots and differentiate them from real human users. The next logical step is quantifying the error rate of detecting these attacker-controlled bots. This is the basis on which we can begin to manage the risk of
the “unpatchables.”
Tech Features
How the power sector can attract the next generation of STEM talent
By Amjad Alqaqaa – Vice President – MEAI
Power sectors around the world are undergoing rapid transformation. Digital technologies, advanced materials, and the shift towards lower-carbon energy are reshaping how power plants and critical infrastructure are designed, operated, and maintained. Yet one persistent challenge continues to hold the sector back: a shortage of people with the right engineering and technical skills.
As the UAE continues to advance its ambitions as a leading hub for innovation and technology, there is an increasing need to strengthen and future-proof STEM capabilities to keep pace with evolving industry demands. According to a report by STEM workforce consultancy SThree, 40% of STEM professionals in the UAE believe that upskilling and reskilling are the most effective ways to boost productivity and competitiveness. While more than a third (32%) point to skills shortages as a barrier to productivity, highlighting a clear gap between workforce capabilities and industry needs.
Additionally, data from the Hays 2026 US Salary & Hiring Trends Guide indicates that companies in the UAE are starting to slow down recruitment and instead are investing in the skills of their existing workforce, with around 42% of employers prioritising upskilling over hiring.
Research from LinkedIn also suggests demand for green skills is rising much faster than supply, highlighting a widening gap between the skills needed for the energy transition and the talent currently available in the workforce.
For power generation companies, this is more than a recruitment issue. Skills shortages can impact equipment reliability, delay maintenance programmes, and slow the deployment of new technologies. In a sector where uptime, safety, and efficiency are critical, having the right expertise in place is essential.
At the same time, interest in STEM subjects among young people has fallen in recent years. This weakens the future talent pipeline. This means companies must do more to attract and develop STEM talent.
Showing young people what engineering looks like today
One of the challenges is perception. Many young people still associate engineering with traditional industrial roles, rather than the highly advanced, technology-driven careers available today.
Today’s engineers work with advanced digital tools, automation systems, and real-time monitoring technologies. In the power sector, they help keep turbines, pumps, and other critical systems running efficiently. They also work on challenges linked to sustainability, energy efficiency, and emissions reduction.
To address this gap, employers must play a more active role in educating emerging talent about the career opportunities in the sector. That means working more closely with schools, colleges, and universities to showcase the wide range of careers available across engineering and energy.
Partnerships between industry and academia play an important role here. For example, John Crane works closely with the University of Sheffield to support research and PhD programmes in areas such as materials science and engineering. Collaborations like this help connect academic research with real industrial challenges and encourage more students to consider careers in engineering.
These partnerships also help ensure that new research translates into practical solutions that can support industries such as power generation.
Why apprenticeships matter
Alongside academic pathways, apprenticeships are another key way to attract new talent into engineering.
They offer a practical, accessible route into engineering, allowing individuals to gain hands-on experience while working towards recognised qualifications. For employers, apprenticeships provide an opportunity to develop skills aligned to real operational needs, from maintenance and reliability engineering to digital and software capabilities.
But apprenticeships are not only for new recruits. They can also help people who are already in work develop new skills. Programmes linked to areas such as leadership, project management, and digital technologies allow employees to adapt as roles change and technology evolves.
This matters because the skills challenge is not only about bringing new people into the sector. It is also about helping the existing workforce build the capabilities needed for the future.
Building the right skills through training partnerships
Developing a skilled workforce requires more than internal programmes alone. Strong partnerships with external training providers are essential to ensure employees gain the specialist knowledge needed in highly technical environments.
Working with a network of training providers enables organisations to deliver structured learning alongside on-the-job experience. This approach ensures that training remains aligned with real operational challenges, including maintaining equipment reliability, improving efficiency, and meeting evolving safety standards.
Reaching a broader talent pool
Engineering companies need to widen their outreach and look beyond traditional recruitment channels. This includes engaging with students earlier and encouraging people from different backgrounds to consider technical careers.
In addition, requalification programmes are increasingly important in some regions. For example, in the Czech Republic, targeted requalification initiatives are helping individuals transition from other industries into engineering roles, providing a practical route to address skills shortages while bringing valuable experience into the sector.
Ensuring training programmes cater to a wide range of people with varying levels of experience can upskill new and existing workers and build a healthier talent pipeline. Providing that support is an investment that helps create a stronger, more resilient workforce in the long term.
Building the workforce of the future
The power sector plays a central role in driving the global energy transition. In the Middle East, this transition is expected to drive demand for a wide range of engineering roles, particularly in renewable energy, grid infrastructure, and related technologies, highlighting the need for targeted training and workforce development programmes to equip both new entrants and existing workers with relevant technical skills.
Engineers and technicians will be needed to maintain power plants, improve equipment performance, and develop new energy technologies. But these goals will only be possible if the industry has access to the right skills.
To achieve this, companies must think differently about talent. Strengthening collaboration with educators, improving outreach to diverse talent, and offering practical training routes such as apprenticeships all play an important role in addressing the STEM skills gap.
Apprenticeships alone will not solve the skills gap. But when combined with research partnerships and targeted workforce development, they can play a major role in rebuilding the STEM talent pipeline. By investing in people and skills today, the power sector can build the workforce it needs to support a more reliable and sustainable energy system for the future.
Tech Features
THE AI REVOLUTION AND A FUTURE OF FAIRNESS
by Dr Ekaterina Abramova, Adjunct Assistant Professor of Management Science and Operations at London Business School
The AI revolution is not on the horizon; it is already transforming how we work, solve everyday problems, and interact both with one another and with technology. From generative models to agentic systems capable of disrupting entire industries, artificial intelligence has advanced at a pace that few institutions, businesses, or governments are fully prepared for. What once felt like a distant technological possibility has become a structural force shaping labour markets and economies. As a result, one of the most pressing questions facing societies is no longer whether AI will change the world, but whether it will make it fairer. Increasingly the answer depends not only on the technology itself, but on the choices organisations and governments make about how its benefits are shared.
AI has the potential to unlock unprecedented prosperity. Yet history shows that technological revolutions rarely distribute their rewards evenly. Without deliberate intervention, the benefits of AI risk concentrating in the hands of a small number of large technology firms, highly skilled professionals and capital owners. This pattern has already emerged in earlier waves of digital transformation, where wealth and opportunity accumulated disproportionately in regions best positioned to adapt. For AI to foster equality rather than widen disparity, policymakers must treat inclusion as an ex-ante design principle rather than an ex-post correction.
The first crucial step for achieving fairness is improving the data that AI systems rely upon. Algorithms are only as representative as the information used to train them. When datasets exclude marginalised or underrepresented communities, AI risks reinforcing existing biases. Organisations and governments developing AI algorithms should prioritise collecting data from communities historically overlooked in policy design, such as rural populations, low-income groups, minority communities and those outside the formal labour markets. More inclusive datasets lead to fairer systems, more effective public services and policy decisions that better reflect the realities of entire populations, rather than just their most visible segments.
Another equally important aspect is how governments distribute the productivity gains and wealth generated by AI into broader societal benefits. Different regions are experimenting with alternative approaches. In parts of the Middle East, including the United Arab Emirates, economic gains from technological advancement are often channelled through state-led investment strategies rather than relying solely on traditional taxation and redistribution mechanisms. While VAT and other taxes exist, governments often reinvest a significant share of national income derived from natural resources and state-owned enterprises directly into infrastructure, public services, education and economic diversification. This approach builds long-term national capability by funding human capital development, strengthening digital infrastructure and fostering new sectors that create employment and opportunity.
Such strategies highlight an important principle: AI benefits do not need to be redistributed after inequality has emerged. They can be embedded in development strategies from the outset. By investing in education, digital skills and access to technology, governments expand the number of people able to participate in the AI ecosystem rather than merely compensate those left behind. China, for example, has made substantial investments in AI education and research capacity, recognising human capital as central to technological leadership. Every year 100,000 selected teenagers are funnelled into elite science talent streams across top high schools. These “genius classes” systematically train students to excel in international maths, physics, chemistry, biology and computer science competitions.
The pace of the AI revolution makes this challenge more urgent than previous technological transitions. Earlier industrial transformations unfolded over decades, allowing societies time to adapt institutions and labour markets. AI development in recent years has gained pace. Breakthroughs that once took years are now emerging within months, with new capabilities rapidly spreading across sectors from healthcare diagnostics and financial analysis to logistics and defence industries. This acceleration has been further intensified by the present-day AI race to achieve Artificial General Intelligence (AGI), amid a widespread belief that the first government to reach this milestone will gain a decisive strategic advantage. Organisations at the forefront of AI development are reluctant to slow for fear of falling behind geopolitical or commercial rivals. Meanwhile, many governments are hesitant to introduce AI regulation, concerned that premature constraints could hinder innovation and weaken their competitiveness in the pursuit of AI leadership.
However, the path forward requires a global perspective. While governments should encourage innovation, they must also recognise that AI technology will diffuse across borders. Hence governments worldwide should collaborate towards a global AI governing body, or at the very least, agree on minimum safety and fairness standards for AI deployment. The EU AI Act provides an important foundation by identifying unacceptably high-risk AI applications that should be prohibited. When forming such regulatory frameworks, governments should seek guidance from leading AI scientists to ensure they fully understand where the principal risks originate. Indeed, many prominent experts in the field argue that regulation is failing to keep pace with AI innovation.
Allowing AI technology to evolve without placing guardrails in place early risks embedding structural inequalities, particularly in labour markets, education access and capital distribution. Ultimately, the debate about AI and inequality is not primarily about algorithms; it is about governance. Technology reflects the priorities of the societies that deploy it. If policymakers treat AI purely as an engine of leadership and economic growth, its benefits will likely accrue to those already best positioned to capture them. But if AI development is guided by a clear commitment to inclusion through better data, wider access and sustained investment in human capital, it has the potential to expand opportunity on a global scale. As AI reshapes labour markets, workers will need opportunities to develop capabilities that complement intelligent systems rather than compete directly with them. Access to AI infrastructure, computing resources, data and digital connectivity must not be confined to a small group of corporations or wealthy regions.
The direction of the AI revolution is not predetermined. The question is not whether AI will transform our world, but whether governments and institutions will act quickly and thoughtfully enough to ensure that its benefits are broadly shared. In the race to build increasingly powerful systems, equal attention must be given to building the social and economic frameworks that will ensure the future is genuinely fair.
Tech Features
THE REALITY OF AI DEPLOYMENT ACROSS THE WORKFORCE IN THE REGION
By Alfred Manasseh, COO & Co-Founder of Shaffra
Across the GCC, AI is becoming more operational. The conversation has moved beyond whether organisations are testing AI and toward how deeply these systems are being embedded into daily work. McKinsey’s finding that 84% of GCC organisations have adopted AI in at least one business function shows the region’s strong momentum, but the more important shift is where this technology is now creating measurable value.
AI is beginning to operate inside real enterprise workflows, where productivity, cost, speed, service quality, and governance can be measured. This practical shift means AI is being judged less by novelty and more by whether it can reduce manual work, improve response times, and support better execution across organisations.
Where AI is being deployed
AI deployment is gaining traction in structured, high-volume functions where it can remove this coordination burden and give employees more capacity for skilled output. Asana’s research has found that around 60% of time is spent on “work about work,” such as chasing updates, attending unnecessary meetings, and switching between tools.
Customer service teams are using AI for automated query handling, routing, escalation management, and multilingual support. Operations teams are applying AI to order processing, workflow coordination, and SLA monitoring.
In HR, AI is supporting CV screening, interview scheduling, and onboarding orchestration. In finance, it is being used for invoice processing, reconciliation, and anomaly detection. Sales teams are also applying AI to lead qualification, follow-ups, CRM hygiene, and pipeline updates.
Regional governments are also preparing the workforce for this reality. Digital Dubai recently launched the AI Workforce Transformation Program, known as AI+, to help train 50,000 government employees for an AI-ready workforce.
Three phases of AI workforce evolution
AI use across the workforce can be understood in three phases. First, AI acts as an assistant through copilots, chat interfaces, summarisation, drafting, search, and advisory tools that improve individual productivity. Second, AI becomes an operator, completing defined tasks across CRM, HR, finance, customer service, and operations systems within controlled boundaries. Third, AI develops into a workforce layer, where systems are assigned roles, KPIs, access rights, escalation pathways, and governance controls. At this stage, Autonomous AI Teams operate as governed digital employees, helping structure, assign, monitor, and improve work.
How mature AI deployments operate
AI is not replacing entire jobs. It is restructuring work by taking over repetitive tasks within roles. Human teams are shifting toward oversight, exception handling, decision-making, escalation management, and quality control.
Autonomous AI Teams operate as coordinated systems rather than standalone models. They support humans through role-based actions with defined responsibilities, structured access to enterprise systems, clear decision boundaries, controlled autonomy levels, human escalation pathways, performance metrics, auditability, and governance.
From tools to workforce infrastructure
Before scaling autonomous AI systems, executives need clear visibility into decision-making, accountability, risk controls, and human intervention points. Trust grows when productivity gains are measurable and governance is visible. IBM research shows that 77% of UAE senior leaders have already seen significant productivity gains from AI, which reflects growing confidence in its operational value.
Across Shaffra deployments, Autonomous AI Teams have contributed to more than 2 million manual work hours saved monthly across operational workflows. Organisations have reported up to 80% reductions in operational costs, customer service teams can manage up to five times more queries, and HR recruitment cycles that previously took weeks can be reduced to hours.
The future workforce layer
The GCC has a strong appetite for AI adoption, but many organisations still need to redesign workflows and overcome fragmented legacy systems before AI teams can function as part of daily operations. Research showing that 94% of UAE data leaders lack complete visibility into AI decision-making processes reinforces why explainability, governance, and workflow design must develop alongside deployment.
The next phase of AI is about building a governed workforce layer where humans and Autonomous AI Teams execute together with clarity, accountability, and valuable impact.
-
News11 years ago
SENDQUICK (TALARIAX) INTRODUCES SQOOPE – THE BREAKTHROUGH IN MOBILE MESSAGING
-
Trending9 months agoOPPO A6 Pro 5G Review: Reliable Daily Driver
-
Tech News2 years agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
VAR1 year agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Automotive2 years agoAGMC Launches the RIDDARA RD6 High Performance Fully Electric 4×4 Pickup
-
Tech Interviews2 years ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Tech News12 months agoNothing Launches flagship Nothing Phone (3) and Headphone (1) in theme with the Iconic Museum of the Future in Dubai
-
VAR2 years agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms


