Follow ICT
شعار الموقع الاساسى
سامسونج طولى
جايزة 160

Derek Manky: Fortinet monitors cyber threats nonstop, and Egypt alone faced 7.7 billion attempts in 9 months

By Ahmed Azmy

The cybersecurity landscape in Egypt and the Middle East is no longer merely a rising growth curve; it has transformed into a rapidly evolving arena fraught with unprecedented threats. In Egypt alone, attempted cyberattacks surged by 60% within a single year, revealing a new reality that compels regional leaders to deeply understand the tactics of cybercriminals before these threats escalate into crises that undermine the stability of institutions and vital services.

In this conversation, Derek Manky, Chief Security Strategist and VP Global Threat Intelligence at Fortinet, offers an in‑depth analysis of emerging patterns targeting critical infrastructure in Egypt and across the region. Beyond the alarming figures, Manky explains the underlying drivers of this qualitative shift toward service disruption, highlighting how attacks have grown more sophisticated and increasingly tied to transnational criminal networks. He also lays out a practical roadmap for defense—beginning with managed security services, advancing through enhanced proactive monitoring capabilities, and culminating in AI‑powered agents that equip organizations with intelligent tools to predict and contain attacks before they occur.

Can you describe your roles and responsibilities as Chief Security Strategist and VP of Global Threat Intelligence?

I wear multiple hats. As Chief Security Strategist, I am responsible for industry development. I work with my own threat research team, FortiGuard Labs at Fortinet. We have over 500 people worldwide doing threat intelligence, following the latest developments on threats so we can respond to them and add new protections. My job as Chief Strategist is to take that and work in the industry to develop it, to work on initiatives to create new frameworks that we can use to actually describe threat intelligence.

This also involves emergency response, developing relationships to do threat intelligence sharing, private to private sector and private to public sector, so that we can actually take our threat intelligence and action it. The strategist’s job is to look at the latest intelligence we have and how we can work in the industry to create more hubs of threat intelligence sharing, scale that to a global level, and disrupt cybercrime.

The intelligence role is about learning the latest intelligence and empowering our technology. We get trillions of events coming in from our security fabric at Fortinet. The other part of my job is to make sense of that. We use machine learning, artificial intelligence, automation, and humans to take all of that data and discover new threats to ensure we can protect against them.

Based on AI trends, what are the significant changes in the past year and this year for Fortinet, and what are the associated opportunities and challenges?

We need to break it into two buckets. One is the blue team, the defense, like Fortinet and other security vendors. The big change has been moving from centralized AI, like generative AI and large language models, into agentic AI. These are agents put into products to augment humans. For example, a level one analyst in a security operations center would normally have to log into an appliance, look at logs, find a threat, and respond. The change is that agents are now being installed into those security appliances to do that work. It’s not a silver bullet; it’s to discover the threat and make expert recommendations to the analyst, who then makes a decision.

This has been the biggest change over the last year, making the response time a lot faster and helping with operational expenses, as many organizations lack the budget or expertise to hire new headcount. They are now starting to rely on these agents.

The other newest change is securing the AI models themselves against attacks. We are seeing new methods of attacks on AI models to poison or trick them through obfuscation, as attackers try to bypass security. Our job is to find what they’re up to.

Regarding the balance of power, defense is always harder than offense; attackers have the advantage because they only need to find one hole. However, when it comes to AI, the blue team—the security industry—has the advantage. Fortinet has been developing AI solutions for 13 years with over 500 patents, and there has been a huge investment in AI from vendors. Attackers are piggybacking and trying to use these AI solutions; they haven’t had to invest. So, I think the defenders have the advantage in the AI arms race due to that investment. The challenge is ensuring organizations implement this technology. If collectively, organizations implement agentic AI security, it will make it very tough for attackers.

How do you see the cybersecurity scene in the Middle East region?

It’s very active. My job is global, and I have viewpoints into different regions. We have a footprint in Egypt, and we can see all the attempted attack techniques. In Egypt, in the first three quarters of this year (January to end of September), there were 7.7 billion attempted attacks, which is a 60% year-over-year increase. The Middle East is no different; it’s also on the increase.

What we’re seeing here is a focus on service disruption. About 54% of all those attacks have been tactically focused on going after services to cause denial of service for critical infrastructure, operational technology, manufacturing, and healthcare. The reason is cybercrime monetization. They are not just encrypting data for ransom; they are taking down manufacturing production lines to demand higher ransom payments. It’s becoming more targeted. The strategy is different here compared to other regions, where we see more reconnaissance. Here, it’s very focused on services because attackers are trying to beat the wave before all security solutions are implemented to profit from it.

What is your advice for decision-makers in the cybersecurity sectors in the region, mainly in Egypt?

From the threat perspective, what I see coming next year is that this is only going to get worse. We are starting to see crime services and AI-enabled cyberattacks happening, and this will scale up next year. It doesn’t have to be scary, as we can go a long way to fight this problem. The technology exists today.

There are three levels of maturity for organizations:

  1. Basic Level (Managed Services): Things like SOC-as-a-service and managed services that organizations can use without building their own solution. Just having eyes on that to get visibility and respond can reduce risk dramatically.
  2. Enterprise Level: For large enterprises building their own solutions, the technology exists. The advice is to get these AI-enabled solutions to replace level one SOC analysts and upskill their existing analysts. This is a good approach we are seeing.

My advice also includes some simple steps like implementing zero trust and multi-factor authentication. We see successful attacks because of stolen credentials getting into systems with no multi-factor authentication enabled. Simple steps like that, combined with these solutions, can go a very long way to reduce a vast majority of that risk.

Do you have one personal prediction for what’s next in cybersecurity?

I have many predictions, and we are releasing our full threat predictions next week. But if I were to pick one, I would pick a good one. I think it goes down to the agentic AI implementation. We are going to see more adoption of that. This change is happening now but not at scale. I think next year, 2026, is the year for change; we will see more scale of these agents being put into networks.

This is a wonderful thing because these agents, due to AI, have gotten much smarter. They are able to make decisions and reason, though they are not able to execute those decisions autonomously; they can give advice. Next year, I think we will see more organizations adopting this to replace that manual level one work. This doesn’t mean layoffs; we need more good people in the industry. It means the mean time to respond and the agility of defenders will get better.

The average time of attack we see right now is about 4.75 days; that’s the attackers have. My prediction is that defenders are going to be in that 24-hour. They are going to be faster. So, it goes back to that arms race we’re talking about.

The short URL of the present article is: https://followict.news/4zjn
You might also like More from author