| T |
The News on Sunday: How do you see the cyber-security threats landscape evolving globally?
Emad Haffar: The cyber-security landscape is undergoing a rapid transformation, driven by technological advancements and global economic shifts. Emerging technologies like AI, IoT and cloud infrastructure are redefining how businesses operate. They’re also introducing new vulnerabilities We’re now seeing a move from passive defence to an approach we call active cyber defence. This means acquiring the intelligence, skills and capabilities necessary to understand the specific threat landscape of a business or a country and then taking proactive steps—like spotting threat actors and anticipating campaigns—before they escalate into actual incidents.
To stay ahead of the challenge, we must shift from a reactive to a proactive, and now an active defense strategy. This means not just defending against known threats, but anticipating and identifying potential attack vectors before they materialise. We encourage organisations—whether private businesses or government entities—to build capabilities that allow them to understand their unique threat landscape, analyse relevant campaigns and actors and respond with speed and precision. Cyber-security can no longer be just an IT problem; it’s a strategic imperative.
TNS: What are the key challenges businesses face today in securing financial data?
EH: There are traditional threats that persist, but new challenges have emerged, too, especially with the integration of AI and the growing use of cloud infrastructure. Many businesses struggle with the complexity introduced by these technologies. For example, when organisations migrate to the cloud, they often underestimate how drastically it alters their network boundaries. This expanded digital footprint introduces vulnerabilities that weren’t present in on-premises environments. Moreover, AI itself can be weaponised—for example, by generating highly convincing phishing content or automating attack campaigns.
Addressing these challenges requires a comprehensive security approach: modern tools, updated policies, and most importantly, skilled personnel who understand both legacy systems and new technologies.
TNS: What is your assessment of the cyber-security strategies of businesses in the Middle East, particularly in Pakistan?
EH: Businesses across the region face similar challenges due to similar technological environments. However, each country—and each sector—has unique factors that shape its threat landscape. In Pakistan, we see a very fast adoption of new technologies, especially in the financial sector. Encouragingly, there’s also growing maturity in how organisations understand and respond to threats. Many of our Pakistani clients demonstrate a high awareness of cyber risks, which is a positive sign. Ongoing success will depend on how these strategies are localised—tailored to the country’s threat landscape, user behaviour and economic realities.
TNS: Is the financial technology sector in Pakistan keeping pace with the cyber-security trends?
EH: While it’s difficult to make a one-to-one comparison with global benchmarks, it is clear that Pakistan is moving in the right direction. The fin-tech ecosystem is thriving. The regulators are paying attention to cyber-security requirements. We’ve seen institutions taking steps to secure apps, improve customer authentication and manage data privacy.
Still, there’s room for improvement—particularly in terms of awareness and training. The pace of digital innovation must be matched with a parallel investment in risk management frameworks and security expertise.
TNS: With the rise of IoT, AI and big data, how can businesses safely integrate new technologies without compromising cyber-security?
EH: Integration should never be rushed. Unfortunately, many companies are quick to adopt new technologies, eager for efficiency or competitive edge, but fail to fully grasp the associated risks. The first step should always be a thorough risk assessment. Understand what each technology brings to the table—not just in terms of benefits, but also its threat vectors.
Based on this understanding, organisations need to update their cyber-security strategies. This might mean revising security policies, investing in new monitoring tools or hiring personnel with specific technical expertise. It’s also important to take a long-term view: don’t just address today’s threats—plan for scalability and adaptability.
TNS: How important is human resource development in maintaining cyber-security readiness?
EH: It’s absolutely critical. Even the most advanced security tools are useless if your staff doesn’t know how to use them well. That’s why we emphasise professional training—everything from incident response to malware analysis. But it’s not just the IT team. A single unaware employee can open the door to a data breach. In fact, many breaches originate from user error, such as leaked credentials. So, awareness training for all employees is just as important.
TNS: What is your message to CEOs who still see cyber-security as just an IT problem?
EH: I would urge them to reconsider—and fast. Cyber-security is a business continuity issue. A single breach can shut down operations, damage your reputation and have regulatory consequences. We’ve seen threat actors use multi-stage attacks where the initial breach is just reconnaissance for a more devastating campaign.
Moreover, in today’s world, technology is the foundation of many businesses. That foundation needs to be protected not just technically, but strategically as well. CEOs should treat cyber-security as integral to governance, risk and compliance, and ensure it’s represented at the highest decision-making levels.
TNS: Have you observed any region-specific cyber-attack patterns in South Asia or Pakistan?
EH: Ransomware and social engineering are very prevalent in this region. Social engineering, though basic, remains an effective and common attack vector. These two methods—ransomware and phishing—remain dominant across South Asia.
TNS: Is Pakistan equipped to withstand a large-scale cyber-attack, particularly on its financial infrastructure?
EH: Preparation is a continuous process. Rather than focusing on a “yes or no,” I’d emphasise the importance of readiness and adaptability. Threat profiles change rapidly—especially with geopolitical factors at play. The key is to have robust threat intelligence, up-to-date policies and well-rehearsed response protocols.
Pakistan is taking the right steps. Through our work with various public and private entities, we see a clear commitment to improvement. But cyber-security is never a finished job—it’s a cycle of continuous learning and adaptation.
TNS: What are the common mistakes financial institutions make in handling cyber-security?
EH: A major oversight is underestimating user awareness. Financial institutions often focus on securing networks and software but forget that a single employee mistake—like clicking on a malicious link—can bypass all those defences. We always stress the importance of internal awareness programmes. Cyber-security should be part of employee onboarding. There should be regular training and simulated attack drills.
Think of cyber-security as a strategic asset, not just a compliance requirement. Whether you’re a start-up or a national agency, invest in understanding your threat landscape, train your people and prepare for the future. Cyber-security is not a destination—it’s a continuous journey.
TNS: Is Pakistan collaborating effectively with international partners in cyber-security? How does Kaspersky plan to support Pakistan’s digital transformation while maintaining security resilience?
EH: Yes, absolutely. Pakistan is a very important country for us in the META region. We collaborate with many local technology partners and government organisations. We provide not only cyber-security solutions but also share our intelligence and expertise. Our aim is to help Pakistan build internal capabilities so that they can manage cyber-ssecurity independently—whether it’s incident response, threat hunting or other critical tasks.
We’re committed to supporting any country or organisation that wants to build a secure digital future. Beyond providing cutting-edge cyber-security solutions, we offer threat intelligence based on our global insights, especially from our region. More importantly, we share our expertise to help countries like Pakistan develop their own cyber-security talent and infrastructure.
TNS: Do you believe Pakistan has the human resource needed to reach international cyber-security standards?
EF: From personal experience, some of the most talented cyber-security professionals I’ve met are from Pakistan. The raw talent is definitely there. With the right training and exposure, there’s no doubt Pakistan can meet and exceed international standards.
The writer is a senior economic correspondent at The News, He can be reached at jawwadar.