Cyber resilience is a foundational requirement, not an afterthought, in Qatar’s digital transformation drive, a top official of a cybersecurity firm has said.
“Cybersecurity is a fundamental enabler of digital transformation,” Patrick Dannacher, chief executive of ITSEC Asia, told Gulf Times.
According to Dannacher, resilience against cyber threats is essential to sustaining growth and maintaining trust as Qatar presses ahead with artificial intelligence (AI), smart infrastructure, and the digital economy.
He identified three areas where the company can contribute: helping organisations strengthen their cybersecurity capabilities, developing local talent, and applying best practices drawn from engagements across Southeast Asia, Australia and the Middle East.
The threat environment facing small and medium-sized enterprises (SMEs) and individuals in the region has grown more dangerous and more deceptive, Dannacher said, noting that phishing, credential theft, ransomware, business email compromise and AI-enabled scams are now the most common attack types.
He also warned that what has changed is how convincing these attacks have become.
“Artificial intelligence allows attackers to create highly personalised phishing emails, realistic voice cloning and even deepfakes. The barrier to entry for cybercriminals has become much lower, while the scale and speed of attacks continue to increase,” he pointed out.
Unlike human operators, AI-powered attacks run continuously, making them harder to detect and more persistent than earlier generations of threats, he explained.
Dannacher said, “Smaller businesses are increasingly becoming targets because attackers understand that they often have fewer resources and less visibility than larger enterprises ... SMEs are part of larger supply chains, which means compromising one smaller organisation can provide access to many others.”
According to Dannacher, simple measures such as enabling multi-factor authentication, keeping systems updated, using strong passwords, and, raising awareness among employees and family members can significantly reduce risk.
“Cybersecurity does not have to be complicated. Good cyber hygiene and awareness remain some of the most effective defences available,” he said.
On state-sponsored threats, Dannacher pointed out that no single company, government agency, or technology can address the problem alone.
He further explained that these attacks tend to be well-funded, highly sophisticated, and persistent, which means the response has to be coordinated across government, regulators, critical infrastructure operators, universities, and the private sector.
Everyone has a defined role, he said. “The regulator helps establish the baseline; companies need to strengthen their defences, universities need to help develop talent, and information needs to be shared across the ecosystem,” Dannacher emphasised.
He noted that preparation matters as much as architecture. Dannacher said most organisations run fire drills several times a year, but far fewer conduct cyber exercises with the same regularity.
“Cyber drills help identify weaknesses, test response capabilities, and make sure people know what to do before an incident happens, not during one,” he said.
Supply chain security has become an equally pressing concern, given how deeply interconnected organisations now are, Dannacher said, adding that a single supplier’s weakness can run through an entire ecosystem.
“The countries that bring together government, industry, and academia most effectively will be the ones best positioned to deal with these increasingly sophisticated threats,” Dannacher added.
