Why Securing Smart Devices Is Key to Safeguarding the UAE’s Digital Future
As homes and businesses across the UAE become increasingly connected, Hessa Humaid Abdulla Al Matrooshi, Information Security Team Leader at Ajman Free Zone Authority, emphasizes the urgent need for stronger IoT security and AI-driven defense strategies. In this exclusive conversation, she discusses why smart devices remain vulnerable, how cybercriminals are weaponizing AI, and why collaboration between manufacturers, regulators, and consumers is vital to protect both privacy and national security.
Why are most smart home devices still vulnerable despite basic security measures?
Most smart home devices are still vulnerable because manufacturers often prioritize cost and usability over security. Basic protections like default passwords or simple encryption are not enough against today’s evolving cyber threats. In many cases, updates are delayed, or devices are not designed with security-by-design principles. As an Emirati cybersecurity leader, I believe we need to enforce stricter security standards from the very beginning of product development, not as an afterthought.
How are cybercriminals using AI to launch advanced attacks — and how can AI fight back?
Cybercriminals are using AI to create more convincing phishing messages, deepfakes, and automated attacks that can bypass traditional defenses. For example, AI allows them to mimic voices or generate malicious code faster than ever before. However, AI can also fight back: through threat detection, anomaly monitoring, and predictive analytics, we can stop attacks in real time. In the UAE, we are already moving toward adopting AI-powered SOCs (Security Operations Centers) to stay ahead of these threats.
What advanced steps can households and businesses take beyond passwords and updates?
Beyond passwords and updates, households should rely on simple, automated protections like routers with built-in firewalls, automatic updates, two-factor authentication, and separating devices on a guest Wi-Fi network. For businesses, the bar is higher — they should adopt zero-trust frameworks, MFA, endpoint monitoring, and staff training. In short: cybersecurity must be easy and invisible for homes, but layered and proactive for businesses.
What cybersecurity strategy needs to be adopted to counter AI-driven threats?
We need a proactive, intelligence-driven strategy that combines AI-powered defenses, continuous monitoring, and threat intelligence sharing. Here in the UAE, we are already ahead in this area — national cybersecurity initiatives, advanced SOCs, and AI-enabled defenses are giving us a strong foundation to counter these threats. The priority now is scaling these measures, while building local talent and capabilities.
How can manufacturers, providers, and regulators work together to secure smart devices?
All three parties must collaborate with clear security standards, certification requirements, and compliance monitoring. Manufacturers should design with security in mind, providers should ensure secure deployment and updates, and regulators should enforce accountability. This shared responsibility ensures consistency across the ecosystem.
What risks do insecure smart devices pose to critical infrastructure and public safety?
Insecure smart devices may seem harmless at home, but when millions are exploited together, they can become powerful weapons. Hackers can use them to create botnets capable of disrupting hospitals, airports, financial systems, or even government services. Beyond privacy breaches, the real risk is that weak devices become entry points into wider networks, threatening essential services and public safety. For a highly connected nation like the UAE, this makes securing IoT not just a personal responsibility, but a national security priority.
How can consumer awareness be improved to reduce smart device vulnerabilities?
We need to make cybersecurity simple and relatable. This can be done through awareness campaigns, easy-to-understand guides, and national programs that encourage safe digital habits. In the UAE, schools, workplaces, and community initiatives can play a central role in raising awareness. Ultimately, cybersecurity must be seen as a shared responsibility between government, businesses, and individuals.
