As organizations face an overwhelming array of fragmented, siloed and reactive cybersecurity tools, Proofpoint Prime is the industry’s only integrated solution that unifies threat defense and human risk management into seamless workflows that span the full attack chain. Proofpoint Prime consolidates real-time threat detection, response, and behavior-based guidance across communication and digital channels to lower operational overhead and costs, accelerate time to response, and equip security teams for a future powered by AI-driven security automation.

In today’s expanding digital workspace, where 90% of breaches involve the human element, threat actors exploit people however they work—via email, cloud apps, messaging, browsers, file sharing, collaboration tools, and social media. In addition to targeting multiple channels, they also use a variety of techniques spanning social engineering, malicious links, impersonation, and compromised accounts to bypass traditional, fragmented defenses as part of their multistage attacks. For example, the ransomware group Black Basta has used email-based subscription bombing followed by Microsoft Teams messages to impersonate IT support and compromise organizations.

To defend against these multistage, multichannel attacks, enterprises today use 45 or more disconnected cybersecurity tools on average, each with separate workflows, interfaces, and integrations. Most also rely on standalone security awareness platforms that are disconnected from real threat activity, resulting in minimal behavior change and poor operational efficiency for security teams. Organizations spend millions managing these siloes while critical tasks like incident triage, takedown, and user remediation are often delayed or overlooked due to complexity and staffing gaps.

Unlike disparate tools that treat threats and human behaviors as separate challenges, Proofpoint Prime changes this dynamic by bringing them together in intelligent workflows—transforming signals into actionable risk insights, streamlining operations, and delivering scalable protection. The result: stronger threat prevention, reduced costs, faster response times, and lasting human resilience. Organizations that unify their defenses with a single human-centric security solution have saved $2.7M on average in reduced risk exposure and avoided $390K in operational costs. Proofpoint Prime simplifies deployment with pre-built integrations and licensing efficiencies, offering an unmatched economic model for modern security teams.

“The most damaging attacks continue to target people, and security teams are overwhelmed by siloed software, scattered threat signals, and rising costs,” said Darren Lee, executive vice president and general manager, Threat Protection Group at Proofpoint. “Today’s collaboration landscape demands an adaptive approach. With Proofpoint Prime, organizations no longer need to stitch together dozens of disconnected detection and response tools and employee education. It integrates protection across multiple channels and attack stages, providing organizations a level of protection and peace of mind that is unmatched in the industry.”

To simplify threat defense for organizations, Proofpoint Prime brings together four critical capabilities in a single, integrated solution:

• Multichannel Defense with Nexus AI: Defends against threats across email, cloud apps, collaboration tools, messaging, browsers, and social platforms. Nexus AI applies consistent threat detection across all digital channels to eliminate blind spots and ensure full-surface protection.
• Multistage Attack Protection: Identifies and remediates account takeovers, lateral movement, and supply chain attacks through a unified detection and response workflow. Proofpoint Prime gives SecOps teams full visibility and the ability to investigate and act faster.
• Human Risk-Based Guidance and Insights: Provides employees real-time, risk-based guidance and education tailored to their behavior, while equipping security teams with adaptive insights to enforce dynamic policy and coach at-risk employees.
• Comprehensive Impersonation Protection: Combines email authentication, brand protection, and takedown services into a single system that protects trusted domains against domain spoofing and malicious lookalikes.

Proofpoint Prime Threat Protection is designed for today’s most urgent cyber risks and tomorrow’s intelligent automation. Its architecture is ready to support agentic AI, enabling organizations to automate tasks like threat investigation, abuse mailbox triage, and collaboration tool forensics. Proofpoint will continue to enhance its features and capabilities. Proofpoint Prime Threat Protection is available globally today, with additional capabilities rolling out through Q2 2025.

Trusted by 50% of the UAE and KSA-based companies listed in the Forbes Global 2000, Proofpoint’s comprehensive AI-driven cybersecurity solutions help organizations navigate today’s complex threat landscape with confidence, delivering robust protection. Available in Q1 2025, Proofpoint’s offerings will enable UAE-based customers to comply with local data residency policies and meet regulatory compliance.

The cyber threat landscape in the UAE continues to evolve. While Emirati CISOs continue to fear cyber-attacks, they are demonstrating increasing confidence in their ability to defend against them. Proofpoint’s 2024 Voice of the CISO Report reveals that two-thirds (66%) of CISOs in the UAE feel prepared to cope with a cyberattack, an increase from 43% last year. This growing confidence may be attributed to the 89% of Emirati CISOs surveyed looking to deploy AI-powered capabilities to help protect against human error and advanced human-centered cyber threats.

To address this, Proofpoint’s ongoing investments in the region will help organizations in the UAE address human-centric cybersecurity risks, providing the opportunity to benefit from Proofpoint’s market-leading email security solutions, running through an in-country data centre. Proofpoint Email Protection is the only AI/ML-powered, cloud-based threat protection platform that disarms today’s advanced attacks, including email fraud, ransomware, weaponized URLs, multifactor authentication (MFA) bypass for credential phishing, and more.

“Organizations in the United Arab Emirates face a rapidly evolving threat landscape and our main objective over the coming years is to continue protecting even more companies in the region, with innovative, AI-powered solutions,” said Sumit Dhawan, CEO at Proofpoint. “Our solutions being delivered through local a data center underscores our unrelented investment in a key region for us and highlights our commitment to keep pace with the region’s accelerating digital transformation. This will enable organizations in the UAE to roll out multi-layered, cloud-native cybersecurity protection that safeguards people and data from today’s biggest threats, while keeping their data in-country.”

Proofpoint Middle East by the Numbers:

• Proofpoint is trusted by 50% of the UAE and KSA-based companies listed in the Forbes Global 2000 and protects more than 1,200,000 employees across the Middle East.
• Proofpoint’s Middle East customer base saw a growth of more than 20% in 2024, with continued growth at-pace expected in the coming years
• Since 2019, Proofpoint has increased its employee base by more than 40% across the region
• Proofpoint works with over 550 partners across the Middle East, Turkey & Africa

“Organisations in the Middle East are leading the charge in implementing cybersecurity measures to protect their customers from today’s threat landscape,” said Emile Abou Saleh, Vice President, Northern Europe, Middle East, Turkey and Africa at Proofpoint. “At Proofpoint, we remain committed to empowering organizations with the tools and knowledge needed to safeguard their most valuable assets—their people. With our solutions being delivered through a local data center, we will bring our industry-leading human-centric cybersecurity to more organizations in the region, while better meeting local customer and regulatory needs.”

The analysis reveals that a vast majority of Middle East retailers (90%) have published a DMARC record, and 8 out of the top 20 (40%) have the strictest and recommended DMARC policy (‘reject’) in place. This is a slight improvement from last year – where findings suggested that only 30% had implemented the DMARC policy at the ‘reject’ level and were proactively blocking fraudulent emails from reaching consumers. According to a study by IMARC, the Middle East retail market size is projected to grow by 4.21% from 2024-2032, driven by a surge in population and evolving consumer preference for online shopping. Through the high traffic of retail activity, attackers are now using new tactics to exploit their human targets.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said, “Middle East retailers realize the risks millions of consumers face daily when they shop online. Our research shows that phishing, ransomware, and business email compromise remain among the top attack vectors plaguing organizations across all industries. Amid a surge in e-commerce in the region, deploying authentication protocols, such as DMARC, will be critical to support the growth and security posture of the retail sector.”

Email remains the number one threat vector, and phishing emails can lead to unsafe websites that gather personal data, such as credentials and credit card data. Therefore, it is always best to go directly to the source of the advertised deal by typing a known website address directly into a browser. For special offer codes, Proofpoint recommends entering them at the checkout to see if they are legitimate. It also recommends using a password manager to make the online experience seamless, whilst staying safe and using a multi-factor authentication for an added layer of security.

“Proofpoint is the trusted cybersecurity partner to some of the world’s most respected companies and is committed to its channel go-to-market strategy, giving us an exceptional opportunity for continued growth,” said Jerome Jullien. “Proofpoint continues to develop and launch innovative products to protect its customers’ people, wherever they are working. We believe this will help to expand our ecosystem’s reach and allow our channel partners to grow their Proofpoint business profitably whilst increasing customer relevance.”

Based out of Paris, France, Jullien brings more than 25 years of experience working in the IT industry. Prior to Proofpoint, he held senior leadership positions at Vectra AI, Nokia, Riverbed Technology and EMC. Joe Sykora, SVP, Worldwide Channels and Partner Sales at Proofpoint, commented: “Proofpoint is a channel-first organization. As we have expanded our ecosystem in EMEA, Proofpoint’s reputation as the leader in cybersecurity has enabled us to attract great talent. Jerome Jullien’s strong experience and drive will be invaluable in delivering our vision of human-centric security to our key partners, expanding our program in line with growing demand for our market-leading solutions.”

Announced today at the company’s flagship Protect conference, these new capabilities set a new standard for how organizations address human risk, by leveraging two key proprietary platform elements: Proofpoint Nexus, an AI, behavioural, and threat detection ensemble that identifies and mitigates risk; and Proofpoint Zen, a set of technologies that deliver world-class, comprehensive protection as people work with email, collaboration apps, the web, and data. Together, they provide an integrated, cohesive experience that brings human-centric protection to end users and security professionals alike.

“From ransomware to Business Email Compromise to data loss, the most damaging cyber risks all centre around humans and their identities,” said Sumit Dhawan, chief executive officer, Proofpoint. “But human risk is difficult to tackle as we all work across email, collaboration apps, the cloud, and the web, creating threat risk, identity sprawl, and data exposure in new ways. Proofpoint pioneered human-centric security, and now we’re redefining it by bringing together previously disparate processes and technologies into one unified platform to protect new digital channels, reduce risk for organizations, and better guide users in real-time, every day.”

Threat actors are increasingly using digital channels such as Slack, Microsoft Teams, Zoom, and LinkedIn to launch phishing attacks, tricking people into divulging personal information or performing certain actions, such as transferring money or revealing sensitive company data. Over the past three years, URL threats delivered by email have increased 119% and those delivered by SMS have skyrocketed by 2,524% according to Proofpoint data.

Powered by industry-leading threat intelligence and Proofpoint’s new ZenWeb browser extension, Proofpoint Collab Protection provides real-time advanced threat protection to block malicious URLs delivered in any messaging, collaboration or social media application and can be deployed across Google Chrome, Microsoft Edge, Apple Safari or any Chromium-based enterprise browser. Leveraging Nexus TI (Threat Intelligence), customers benefit from the collective defences that protect a network of thousands of the most critical organizations around the world.

While corporate identities empower employees to work with ease across Microsoft 365, GenAI, cloud storage and collaboration applications, threat actors have also learned to exploit them to launch ransomware attacks, hijack cloud accounts, and exfiltrate data. According to Proofpoint data, nearly all (96%) organizations have been targeted for cloud account takeover, and more than half have experienced it firsthand. Further, half of all hijacked accounts had multifactor authentication (MFA) enabled, demonstrating how unsecured applications—both enterprise-provided and shadow applications—are valuable stepping stones for attackers to take over corporate cloud accounts.

Proofpoint Nexus maps user identity sprawl and common attack paths and detects configuration and access anomalies to prevent unauthorized access and cloud account takeover; this helps security practitioners understand where an account is located and whether it creates risk due to its privilege, the data it’s linked to, or how well (or how poorly) its security is configured. Based on the posture and risk of an identity, Proofpoint Posture Management makes recommendations and performs configurations to improve it.

Identifying insider threats is a challenge, making internal investigations reactive: cybersecurity administrators concentrate on high-risk users, such as departing employees, those on a performance improvement plan, or contractors, only after being alerted to their potential risk to the company. Proofpoint’s Adaptive Information Protection empowers security teams to take a proactive approach to managing insider risks, shifting the responsibility of the security analyst from building manual policies to automating responses to a user’s risky behaviour. That, in turn, helps analysts work more efficiently.

Further, as GenAI tools have become pervasive in the workplace to accomplish tasks like summarizing meeting transcripts, rewording emails or writing code, careless or unintentional actions can expose business-critical information such as PII, source code and other corporate information. Some of this information is difficult to identify and protect using legacy DLP tools. Proofpoint’s new intent-aware GenAI protection and GenAI prompt redaction help organizations enable GenAI use while protecting both structured and unstructured organizational data from being overshared. It educates end users and guides behaviour change via compliance notifications when interacting with GenAI tools.

Traditional compliance-driven security awareness programs are not effective at mitigating human risk and guiding employees toward safer behaviours. In fact, research shows most employees (68%) knowingly engage in risky behaviours despite 99% of organizations having a security awareness program. Proofpoint is evolving its security awareness solution to empower organizations to reduce security incidents by cultivating real behavioural change and building a strong security culture.

Proofpoint’s ZenGuide (formerly Proofpoint Security Awareness Training) enables lean security teams to automate and scale personalized learning paths based on an individual’s unique risk profile, behaviours and role. It uses people-risk insights across the Proofpoint ecosystem to deliver relevant interventions that build security champions and reduce risky behaviours, enabling organizations to move beyond compliance-driven programs and provide targeted, context-awareness education that addresses specific risks and behaviours.

Proofpoint’s new platform capabilities will be showcased during Proofpoint’s ‘Protect’ event series, which begins today in New York City. Proofpoint’s Collab Protection is expected to be available globally in the first half of 2025. Proofpoint’s Posture Management is expected to be available globally in Q1 2025. Proofpoint’s new Adaptive Information Protection is expected to be available in September 2024. Proofpoint’s new extended GenAI protections are expected to be available in Q1 2025. Proofpoint’s ZenGuide is currently available globally, with the new employee engagement features arriving in Q1 2025.

We all know that the internet can be a strange place at the best of times, so it should come as no surprise the world’s cybercriminals contribute their fair share of strangeness. Our researchers continue to encounter malicious campaigns that go way beyond the usual level of bizarre to achieve their social engineering aims.

Social engineering is a common tactic used by cybercriminals to gain access to a user’s passwords, account details, email accounts and even funds. It involves exploiting human behaviour to encourage people to open and respond to fraudulent emails. In the digital realm, threat actors use this psychological manipulation tactic to drive people to break normal security procedures. It is a con game that relies on human error rather than digital hacking.

Social Engineering in the UAE
In social engineering attacks, bad actors exploit psychological principles like trust, the fear of missing out, authority, and the desire to be helpful. Cybercriminals understand that people can be exploited, either through negligence or simply obliviousness. Social engineering is a part of many of the threats analysed by Proofpoint used to steal credentials, extract sensitive data, and fraudulently transfer funds.

Many users engage – either knowingly, or unknowingly – in actions which may heighten their risk of falling victim to these very social engineering attacks. Proofpoint’s 2024 State of the Phish report revealed a concerning trend: 86% of surveyed working adults in the UAE admitted to taking risky actions, such as reusing or sharing a password, clicking on links from unknown senders, or handing over their credentials to an untrustworthy source.

A vast majority (97%) of them did so knowing the inherent risks involved, meaning that 83% of employees in the UAE willingly undermined their organization’s security. The motivations behind risky actions are varied, with most employees citing convenience (32%), the desire to save time (46%), and a sense of urgency as their main reasons (31%).

As cybercriminals continue to refine their techniques, the lures they deploy are becoming increasingly outlandish and creative. This escalation in social engineering sophistication underscores the critical need for enhanced vigilance and education.

Tickets to Mars
Just a few years ago, space tourism was making big headlines. It seemed like the age of orbital jaunts was just around the corner and that NASA would be building moon bases before long. Sadly, there have been setbacks, and for now, space remains the preserve of astronauts, scientists, and the very rich. But following the “go big or go home” principle, a recent malicious email campaign didn’t just stop at sub-orbital spaceflight or visits to the moon, promising recipients the chance to win a trip to Mars.

With a subject line of “You win a trip to Mars,” the messages contained a PDF featuring an image of a recent Elon Musk biography and a spoofed update dialogue for Adobe Reader. The download button on the fake image linked to a tar.gz file containing an executable that ultimately downloaded Redline Stealer.

Occasionally threat actors come up with lures so improbable that it’s hard to imagine anyone falling for them. But there is a method in their madness. For some recipients, curiosity alone will be an effective lure. After all, social engineering is about getting your victim to do what you want—in this case, clicking a download link. And you don’t have to believe that you’re going to win a trip to Mars to be interested in finding out why you’re being offered one.

The Free Piano Scam
Equally unusual, another peculiar lure observed by Proofpoint involves a piano giveaway scam. In the campaigns, the threat actor purports to offer up a free piano, often due to alleged circumstances like a death in the family. When a target replies, the actor instructs them to contact a shipping company to arrange delivery.

When a victim responds, they are directed to arrange delivery with a fraudulent shipping company, also managed by the scammer, who demands payment for transportation costs upfront while also attempting to collect personal information such as names, addresses, and phone numbers. At least one Bitcoin wallet linked to these scams has seen transactions totalling over $900,000, indicating a substantial financial impact. Once the victim provides a small amount of money to the fraudster, however, they cut all contact and disappear.

These cases illustrate the odd yet effective nature of social engineering. Protecting against such threats requires constant vigilance, a deep understanding of the tactics employed, and robust security measures. Education and scepticism are crucial defences, as is the prudent use of technology. It’s essential to approach unsolicited offers with caution, particularly on social media, where these scams often find a ready audience.

Can you please elaborate on your role at Proofpoint? What does a typical day in your life at work look like?  
In my current role as a Staff Systems Engineer at Proofpoint in the Middle East I help companies find cybersecurity solutions to achieve their goals, and most importantly keep their people and their data safe.

As a self-starter and being solutions-oriented, I am constantly looking for the most effective solutions to meet the needs of our customers. The fast-moving, constantly evolving day-to-day work that comes hand in hand with the role constantly requires me to adapt to new challenges, with new solutions – and fast! I also think that targets are best met in collaborative, diverse teams, not in silos. With this in mind, it’s safe to say that no two days are the same in this industry!

Can you share a bit about your background and how you became interested in the tech industry?
I’ve always been drawn to technology, with a special focus on cybersecurity. The importance of IT security touches everyone, from individual users to large corporations. My passion lies in helping combat cyber threats for organizations of all sizes.

I studied Telecommunications at university, where my interest in cybersecurity guided my career choice. I started as a support engineer and quickly moved into pre-sales, working with both cybersecurity firms and resellers.

In terms of career development, cybersecurity presents a lot of opportunities for growth and ongoing development, as cybercrime isn’t slowing down! It’s a fast-paced, exciting industry, where no two days are the same, which keeps me on my toes. Being able to say my day-to-day work helps keep people safe and secure is a great motivator to continue on this path.

What were some obstacles that you had to overcome in your career?
While cybersecurity is one of the most fast-paced, rapidly evolving modern industries, this evolution has been slower when we look at the number of women taking up careers in cybersecurity. With that, I believe that women can be very skilled cyber professionals. At Proofpoint, I have been fortunate to work within an organization that empowers strong female role models and have a platform where I am encouraged and bolstered to grow my skillset. I have been able to find my voice and build confidence without being intimidated by any diversity issues that the industry has previously faced.

Improving diversity in the cybersecurity industry by hiring people from different backgrounds not only helps better reflect the population and create a culture of inclusivity at the workplace, but it can also bring different ways of thinking and different skills to the table. Diversity could also help improve online defences because it will enable information security teams to think about – and defend against – concepts and attack techniques they may not have considered before. The more we include new and varied viewpoints, evolved from different backgrounds and expertise, the better-informed our industry becomes, and the better equipped we are to innovate as a business and respond to the evolving threat landscape.

What advice would you give to women considering a career in the tech industry? Any learnings that you would like to share?
My advice to young women who want to pursue a career in the tech industry is to find their voice and confidence and go for it, without being intimidated by any diversity issues that the industry has previously faced.

Focus on your target and continue to work on enhancing your skills, building your self-confidence, and pursuing your goals. Constantly build your knowledge and network by attending workshops, technical sessions, networking events and industry shows. Cybersecurity is a field where learning never stops. staying up to date in the technology industry requires a multifaceted approach that combines continuous learning, networking, engagement with communities, and a proactive stance toward emerging threats and technologies.

Outside of work, what are some of your hobbies or interests?
For me, balancing between professional and personal life is critical to achieving an increased sense of accomplishment and to maintain a successful career and a healthy lifestyle. To maintain this balance, I focus on prioritizing and planning and spend my free time doing what I love. I love travelling and exploring new places, this helps me get out of my comfort zone and learn about new people and cultures. I also love cooking especially when gathering with friends and loved ones.

To support enterprise and government organizations across MENA to better protect sensitive data, and stop targeted threats while minimizing AI risks, CyberKnight has become a value-added distributor for Proofpoint. As a leading cybersecurity and compliance company that protects organizations’ greatest assets, Proofpoint helps companies around the world to safeguard their data and empower them to stop malicious email attacks, detect and prevent identity-based threats and defend sensitive data from theft, loss, and insider threats. This partnership will see CyberKnight selling, and supporting Proofpoint’s Email Security, Security Awareness and Training and Identity Threat Detection and Response solutions across the MENA region.

“2023 was a year of unprecedented creativity among threat actors as they leveraged AI for attacks. So, the timing could not be more prudent to partner with Proofpoint. This collaboration marks a significant milestone for us, combining CyberKnight’s commitment to cutting-edge cybersecurity solutions with Proofpoint’s industry-leading expertise and human-centric cybersecurity offerings. Together, we are poised to revolutionize the landscape of digital security in the region, offering our partners and their clients unparalleled protection and peace of mind. This partnership not only strengthens our position as a cybersecurity innovator but also underscores our dedication to providing robust solutions in an ever-evolving threat landscape. I am thrilled about this collaboration and am confident that it will yield tremendous benefits for our valued customers,” said Avinash Advani, Founder and CEO at CyberKnight.

“Organisations in the MENA region face a fast-evolving threat landscape, with almost two-thirds (65%) of CISOs across the UAE and KSA feeling at risk of a material cyberattack in the next 12 months,” says Emile Abou Saleh Senior Regional Director of Middle East, Turkey, and Africa at Proofpoint. “With this collaboration, we aim to elevate the standard of digital defence across the region, providing organizations with the tools they need to navigate today’s complex threat landscape successfully, protecting their people and defending their data. This partnership reinforces Proofpoint’s commitment to its channel business across MENA and together with CyberKnight, we look forward to empowering further organizations in the region with robust and effective cybersecurity solutions.”

In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques, and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain.

Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behaviour rather than exploiting technological weaknesses. This is reflected in recent Proofpoint data, with CISOs in the Middle East, identifying phishing (smishing/vishing) as the most significant threat targeting their organizations of late.  In addition, 59% of global board directors believe generative AI is a security risk for their organization.

As we reflect on 2023, it becomes evident that cyber threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain.

Cyber Heists: Casinos are Just the Tip of the Iceberg
Cybercriminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances.

Generative AI: The Double-Edged Sword
The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT brings both promise and peril. At the moment, threat actors are making banks do other things. Why bother reinventing the model when it’s working just fine? But they’ll morph their TTPs when detection starts to improve in those areas.

On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we’ll start seeing statements being published about responsible AI policies.

Mobile Device Phishing: The Rise of Omni-Channel Tactics Take Centre Stage
A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls. This not only makes phishing attacks more effective on mobile devices but also complicates detection for corporate security teams.

Open-source and generative AI: Leveling the Ground for Malware Developers
Malware developers are leveraging open-source tools and generative AI, making advanced programming techniques accessible to a broader audience. As a result, malware capable of evading sandboxes and endpoint detection and response (EDR) tools is becoming more widespread. The accessibility of free and open-source software facilitates the incorporation of advanced detection-bypass capabilities into various malware projects. This democratization lowers the barrier to entry for less skilled developers, contributing to the proliferation of sophisticated malware families.

Identity-Centric Breaches: The Achilles Heel
Identity-based attacks will dominate breaches, exploiting vulnerabilities rooted in human behaviour and obscured by limited visibility. The conventional belief that cyber attackers rely on common vulnerabilities and exposures (CVEs) is losing relevance. The new truth: “Identity is the new vulnerability.” Organizations must shift their focus from primarily fortifying infrastructure to securing stored credentials, session cookies, and access keys, and addressing misconfigurations, especially when it comes to privileged accounts (very much now including their IDPs). The human link in the attack chain demands swift and innovative defences.

In conclusion, 2024 presents cyber defenders with a formidable challenge as threat actors refine their strategies to exploit the human element. To counter these evolving threats, defenders must adopt proactive and adaptive strategies, recognizing that the human factor remains a critical link in the cyber defence chain. As the battleground shifts, a resilient defence that addresses the multifaceted challenges of identity-based attacks, generative AI-driven threats, and mobile device phishing are essential to secure the digital frontier and create a greater focus on breaking the attack chain.

Dhawan is a highly respected and seasoned technology leader with a proven track record of building market-leading security, cloud, and end-user computing businesses. In his most recent role as president of VMware, Dhawan was responsible for driving over $13B of revenue and led the company’s go-to-market functions including worldwide sales, customer success and experience, strategic ecosystem, industry solutions, marketing, and communications. Before that, he was chief executive officer of Instart, a cybersecurity business delivering innovations in web application security services. He has held senior executive and general management roles at both VMware and Citrix and has successfully established category-leading businesses at scale.

“Over the years, Proofpoint has built an exceptional brand and is trusted by some of the world’s leading organizations as their cybersecurity partner of choice,” said Sumit Dhawan. “I’m honoured to join a leader at the forefront of cybersecurity innovation and to shepherd its continuing and unwavering commitment to helping organizations across the globe protect people and defend data.”

Proofpoint recently announced it has entered into a definitive agreement to acquire Tessian, a leader in the use of advanced AI to automatically detect and guard against both accidental data loss and evolving email threats. Tessian’s cloud-native, API-enabled inbound and outbound email protection solution will extend Proofpoint’s award-winning offering to address the most frequent form of data loss including, misdirected email and data exfiltration.