Trusted by 50% of the UAE and KSA-based companies listed in the Forbes Global 2000, Proofpoint’s comprehensive AI-driven cybersecurity solutions help organizations navigate today’s complex threat landscape with confidence, delivering robust protection. Available in Q1 2025, Proofpoint’s offerings will enable UAE-based customers to comply with local data residency policies and meet regulatory compliance.

The cyber threat landscape in the UAE continues to evolve. While Emirati CISOs continue to fear cyber-attacks, they are demonstrating increasing confidence in their ability to defend against them. Proofpoint’s 2024 Voice of the CISO Report reveals that two-thirds (66%) of CISOs in the UAE feel prepared to cope with a cyberattack, an increase from 43% last year. This growing confidence may be attributed to the 89% of Emirati CISOs surveyed looking to deploy AI-powered capabilities to help protect against human error and advanced human-centered cyber threats.

To address this, Proofpoint’s ongoing investments in the region will help organizations in the UAE address human-centric cybersecurity risks, providing the opportunity to benefit from Proofpoint’s market-leading email security solutions, running through an in-country data centre. Proofpoint Email Protection is the only AI/ML-powered, cloud-based threat protection platform that disarms today’s advanced attacks, including email fraud, ransomware, weaponized URLs, multifactor authentication (MFA) bypass for credential phishing, and more.

“Organizations in the United Arab Emirates face a rapidly evolving threat landscape and our main objective over the coming years is to continue protecting even more companies in the region, with innovative, AI-powered solutions,” said Sumit Dhawan, CEO at Proofpoint. “Our solutions being delivered through local a data center underscores our unrelented investment in a key region for us and highlights our commitment to keep pace with the region’s accelerating digital transformation. This will enable organizations in the UAE to roll out multi-layered, cloud-native cybersecurity protection that safeguards people and data from today’s biggest threats, while keeping their data in-country.”

Proofpoint Middle East by the Numbers:

• Proofpoint is trusted by 50% of the UAE and KSA-based companies listed in the Forbes Global 2000 and protects more than 1,200,000 employees across the Middle East.
• Proofpoint’s Middle East customer base saw a growth of more than 20% in 2024, with continued growth at-pace expected in the coming years
• Since 2019, Proofpoint has increased its employee base by more than 40% across the region
• Proofpoint works with over 550 partners across the Middle East, Turkey & Africa

“Organisations in the Middle East are leading the charge in implementing cybersecurity measures to protect their customers from today’s threat landscape,” said Emile Abou Saleh, Vice President, Northern Europe, Middle East, Turkey and Africa at Proofpoint. “At Proofpoint, we remain committed to empowering organizations with the tools and knowledge needed to safeguard their most valuable assets—their people. With our solutions being delivered through a local data center, we will bring our industry-leading human-centric cybersecurity to more organizations in the region, while better meeting local customer and regulatory needs.”

In response to these cloud challenges, more than one in ten (16%) respondents have already repatriated workloads back to on-premises. Meanwhile, a further 12% acknowledge that poorly planned cloud transitions have already resulted in long-term financial impacts on their organisations. This goes to show that rushed cloud migrations can lead to costly fixes or reversals.

The data also indicates a lack of trust in cloud security, with nearly half (46%) of IT pros still storing their most sensitive data on-premises due to persistent security worries. However, the findings do highlight a continued focus on cloud strategies to reduce costs. Nearly a third (29%) of respondents say they are prioritising cloud migration to cut operational costs.

Commenting on the findings, Sascha Giese, Global Tech Evangelist at SolarWinds, said, “The truth is, managing complex hybrid-cloud ecosystems isn’t easy. While the cloud promises scalability and cost savings, the gap between expectation and execution is becoming increasingly evident. In this landscape, many businesses find themselves grappling with overly complex infrastructures that struggle to meet evolving needs.”

In a hybrid cloud world with increasingly complex networks, systems, devices, and applications, managing microservices and containers adds to the challenge. Without proper planning and comprehensive visibility, organisations risk finding themselves in a dire situation. Tool sprawl, information silos, and alert fatigue can all lead to an unpleasant cloud experience, making it harder to identify the root causes of complex issues.

“To overcome these challenges, IT leaders must adopt a more strategic and informed approach to cloud migration, focusing on tools that are reliable, secure, and accelerate modernisation. One key advantage businesses can leverage to successfully manage their hybrid cloud infrastructures is comprehensive observability. That means gaining real-time visibility into every layer of the IT estate and acting proactively with the assistance of machine learning algorithms and AI-driven analytics. Cloud infrastructure can be a powerful growth enabler, but with a mess of mismatched tools and poor visibility, it will be a bumpy ride,” added Giese.

The introduction of Lacework FortiCNAPP offers additional benefits that extend beyond Lacework’s leading offering. These include automated remediation and blocking of active runtime threats and enhanced visibility into FortiGuard Outbreak Alerts, which provide key information about new and emerging threats and the risk they pose within an organization’s environment.

As customers continue to adopt cloud infrastructure and services, they are quickly realizing that traditional security tools simply lack the native capabilities required to address the scale, velocity, and dynamic nature of the cloud. Security teams are fundamentally challenged by the lack of time to address cloud security at scale due to limited cloud security knowledge, a proliferation of cloud security products that do little to help customers resolve issues, and an overwhelming number of security and compliance alerts.

With Lacework FortiCNAPP, Fortinet simplifies and strengthens cloud security with a unified platform from a single vendor that brings together multiple tools to significantly cut down the time to detect, prioritize, investigate, and respond to cloud-native threats. Lacework FortiCNAPP introduces a unique AI approach that never stops learning, maximizing cloud security with minimal time and effort for development, operations, and security teams by automatically connecting risk insights with runtime threat data, and ensuring that the most critical issues are prioritized and addressed.

Fortinet enables customers to address all their cloud security needs by delivering key features such as:

1. A unified platform: Fragmented tools create complex, expensive, and limited protection. As a platform, Lacework FortiCNAPP provides full visibility from code to cloud and correlates build and runtime risk and threat data to prioritize what matters most.
2. AI-based anomaly detection: Given that cloud threats evolve as quickly as the cloud itself, creating rules for every potential attack scenario is nearly impossible. Lacework FortiCNAPP’s AI-based anomaly detection allows security analysts to detect previously undefined attack patterns that traditional rules-based systems cannot accomplish.
3. Integrated code security: Code security integrated with cloud security empowers teams to address issues at the earliest and most cost-effective stage in the application life cycle. By offering code security as an integral capability within the platform, customers can save time and money by fixing security issues, and reducing the risk of vulnerable applications and infrastructure while maintaining developer productivity and innovation velocity.
4. Composite alerts: Lacework FortiCNAPP is unique in detecting early signs of active attacks by automatically correlating various signals into a single, high-confidence composite alert. The platform uses behavioural analytics, anomaly detection, in-house threat intelligence, and insights from cloud service provider activity logs and threat services to identify active attacks, including compromised credentials, ransomware, and crypto-jacking.
5. Integrations with the Fortinet Security Fabric: Integrations with Fortinet solutions such as FortiSOAR enable customers to streamline their response to active runtime threats, such as compromised hosts and compromised access keys, through automated remediation playbooks. Additionally, its integration with FortiGuard Outbreak Alerts helps teams understand how Lacework FortiCNAPP delivers enhanced visibility and deeper insights into the latest threats and where the solution can disrupt potential attacks.
6. Cloud Infrastructure Entitlement Management (CIEM): Lacework FortiCNAPP provides CIEM with complete visibility into cloud identities and their permissions. It automatically discovers identities, assesses net-effective permissions, and highlights excessive ones by comparing granted versus used permissions. Each identity is assigned a risk score based on more than 30 factors, helping prioritise high-risk identities. Lacework FortiCNAPP also offers automated remediation guidance for right-sizing permissions, ensuring least-privileged access.

“Today’s announcement reaffirms Cisco’s commitment to rapidly extend its global reach for customers and provide advanced cloud security protection and services to the UAE and the surrounding region,” said Abdelilah Nejjari, Managing Director for Cisco in the Gulf and Levant region. “Our goal is to help companies in the UAE accelerate the deployment of cybersecurity capabilities by adopting a platform approach. This will enable the seamless integration of various solutions within their stack, allowing them to maximize their potential.”

The new PoP will play an important role in delivering agile, highly resilient, high-capacity secure access closer to users in the UAE. It will support Cisco’s cloud services including its Secure Service Edge (SSE) solution, Cisco Secure Access. This cloud-delivered platform helps organizations solve a variety of security challenges.

Users can now safely and seamlessly access the resources and apps they need, regardless of protocol, port or level of customization. As a result, customers can move away from the complex web of point products that weren’t designed to support today’s highly distributed environment. With Cisco Secure Access, decisions about how users connect to the Internet, Software-as-a-Service (SaaS) and private applications are automated, removing complexity and helping to increase productivity.

“This initiative marks a new milestone in Cisco’s commitment to helping strengthen the region’s cybersecurity efforts,” Fady Younes, Managing Director of Cybersecurity, Middle East, Africa and Romania, commented. “In February, we announced a local data centre for our Duo multifactor authentication (MFA) offering and I am pleased to say that this is already up and running, in line with our original schedule. As a next step, with the new PoP for the converged cloud security SSE solution, grounded in zero trust, to provide our customers with seamless, transparent, and secure access from anything to anywhere.”

In the UAE, organizations will experience the benefits of Cisco’s SSE PoP with the scalability of the public cloud. The PoP will be carrier-neutral and available on any Internet Service Provider (ISP) in UAE. The findings of the Cisco Cybersecurity Readiness Index underscore the importance of security resilience. The study revealed that in the UAE, only 2% of organizations are at the Mature stage of readiness, 33% are at the Progressive stage, 54% are Formative and 11% are Beginners. It also found that 73% of companies expect a cybersecurity incident to disrupt their business in the next 12-24 months.

Cloud Functions in GCP are event-triggered, serverless functions. They automatically scale and execute code responding to specific events like HTTP requests or data changes. A multi-step backend process is triggered when a GCP user creates or updates a Cloud Function. This process, among other things, attaches a default Cloud Build service account to the Cloud Build instance that is created as part of the function’s deployment. This default Cloud Build service account gives the user excessive permissions. This process happens in the background and isn’t something ordinary users would be aware of.

An attacker who gains access to create or update a Cloud Function can take advantage of the function’s deployment process to escalate privileges to the default Cloud Build service account and other GCP services including Cloud Storage, and Artifact Registry or Container Registry. By exploiting the deployment flow and the flawed trust between services an attacker could run code as the default Cloud Build service account.

“The ConfusedFunction vulnerability highlights the problematic scenarios that may arise due to software complexity and inter-service communication in a cloud provider’s services,” explains Liv Matan, senior research engineer, Tenable. “To support backward compatibility, GCP has not changed the privileges from Cloud Build service accounts created before the fix was implemented. This means that the vulnerability is still affecting existing instances and we highly recommend customers take immediate action.”

GCP confirmed it had remediated ConfusedFunction, to some extent, for Cloud Build accounts created after February 14, 2024. While the fix has reduced the severity of the problem for future deployments, it hasn’t eliminated it. For every cloud function using the legacy Cloud Build service account, the advice is to replace it with a least-privilege service account.

As a launch partner for Microsoft 365 Backup Storage, Veeam is leveraging the latest Microsoft technology with Veeam Data Cloud for Microsoft 365 to deliver lightning-fast backup and recovery capabilities for large Microsoft 365 environments, ensuring organizations protect critical data against cyber-attacks and data loss scenarios, further enabling complete data resiliency. This solution further strengthens Veeam’s position in protecting Microsoft 365 users, with over 21 million users already under Veeam’s protection.

“One of the benefits of our multi-year strategic partnership with Microsoft is rapidly bringing new advances to our joint customers and partners. This new release combines the benefits of Veeam’s industry-leading technology – in both data protection and ransomware recovery – with the latest Microsoft 365 data resilience capabilities introduced by Microsoft, and extends them to even more customers using Microsoft 365. In addition, we’re making great progress in our joint innovation bringing the power and insights of Microsoft Copilot to the Veeam product family,” said John Jester, Chief Revenue Officer (CRO) at Veeam.

Microsoft’s new backup technology is seamlessly embedded inside Veeam’s backup service for Microsoft 365, combining the new high-speed backup and recovery capabilities with Veeam’s established and unmatched restore and eDiscovery options tailored to meet any potential data loss and compliance scenario. This powerful fusion, where speed and scale meet control and flexibility, empowers organizations with the best of both worlds. “The collaboration with Veeam is an advancement in assisting our shared clients with quick recovery after cyber incidents. We look forward to deepening our collaboration to improve data protection for users,” said Zach Rosenfield, Director of PM for Collaborative Apps and Platforms at Microsoft.

Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage delivers:

1. Speed and Scale: This latest offering from Veeam and Microsoft is designed to manage large volumes of data seamlessly, with the ability to protect and restore 100+ TBs of data or 10,000+ objects. With this advanced solution, what used to take weeks or months is now accomplished within hours.
2. Disaster Recovery: This new solution offers bulk restores at scale, ensuring increased resilience to ransomware or malware attacks and minimizing downtime. Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage empowers organizations to bounce back quickly from any data loss scenario. Organizations no longer have to choose between paying a ransom or enduring weeks or months of data restoration.
3. Future Readiness: As part of a new 5-year strategic partnership, Veeam is developing future solutions with Microsoft integrating Microsoft Copilot and Azure AI services to enhance data protection for Microsoft 365 and Azure. These solutions will simplify operations, automate administrative tasks, and allow organizations to allocate resources to business-critical initiatives, ensuring they stay ahead in a rapidly changing digital landscape.

“As adoption of Microsoft 365 increases, the volume and criticality of their associated data sets is also growing,” said Krista Macomber, Research Director at The Futurum Group. “Without the proper data protection solution, this can lead to highly time-consuming, cumbersome backup processes – ultimately resulting in delayed, missed, or incomplete backups. Equally an issue, it can also lead to slow and incomplete recovery processes. This cannot be afforded, especially given the need for resiliency against the onslaught of cyber-attacks. Veeam is directly addressing these challenges with the most recent update to its Microsoft 365 backup capabilities.”

As the deployment of 5G technology and its next generation, 5G-Advanced (5G-A), which was already announced this year by global vendors like Huawei, mobile networks are increasingly becoming the backbone of our digital life, and robust cybersecurity standards and good practices are paramount for telecom authorities and operators.
Pioneering 5G deployment, Saudi Arabia and the GCC are now upgrading to 5G-Advanced for even greater value.

The telecom industry, constantly adapting, integrates cloud and AI with these networks, driving new digital business models. Telecom’s role in national security necessitates robust cybersecurity. Regulators, operators, and industry stakeholders in the region must collaborate to identify best practices and implement measures to safeguard networks, systems, and data from cyber threats. This cross-sector effort requires close cooperation with service providers, equipment manufacturers, and government agencies to mitigate risks, develop best practices, and raise cybersecurity awareness.

At the recently concluded MWC Shanghai 2024 organized by GSMA, the ‘Middle East and Central Asia ICT Policy and Governance Forum’ round table, themed “Driving Policy and Innovation to Shape Our Digital Future”, mobile network security took centre stage. The forum brought together a wide range of stakeholders, including senior officials from GSMA, regulatory authorities, operators, Huawei, and the China Academy of Information and Communications Technology, to discuss industry policies, successful practices, and valuable insights on network security and key industry trends.

The round table discussed the importance of spectrum, optical, and datacom policy planning and explored how carriers, enterprises, oversight agencies, and regulators can enhance mobile security capabilities and guide risk management strategies. The discussions also sought to promote the adoption of GSMA’s Network Equipment Security Assurance Scheme (NESAS) and Mobile Cybersecurity Knowledge Base (MCKB). Attendees also reviewed industry policies and best practices, with examples from China’s successful use cases.

Mr. Jawad Abassi, Head of MENA at GSMA, who moderated the roundtable discussion, said, “The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and security activities. Good security practices and policies by industry suppliers are essential. The mobile ecosystem should empower advancing positive policy and spectrum outcomes, driving digital innovation to reduce inequalities in our world and tackling today’s biggest societal challenges.”

GSMA NESAS is a rigorous security framework covering some of the most vital aspects of national critical infrastructure. Providing a universal industry standard, it highlights the ability of network equipment vendors to meet and maintain security levels—from product development to lifecycle management processes. Specifically, it covers equipment that supports functions defined by 3GPP and is deployed by mobile network operators on their networks.

NESAS is a trusted and proven standard for tracking records across the world. Vendors’ equipment is tested and audited against a security baseline defined by industry experts through GSMA and 3GPP. It reflects the security needs of the entire ecosystem – including regulators, mobile network operators, hyperscalers, and equipment vendors. The standard continually evolves to meet the needs of the whole industry, based on 3GPP + GSMA standards – avoiding security requirements fragmenting regionally. The GSMA works with internationally recognized partners to audit and test equipment, with selection criteria agreed upon by the GSMA NESAS Oversight Board.

Audits and evaluations allow experts to give in-depth feedback and analysis – helping vendors improve their processes and products while enhancing security across the wider industry. The list of accredited vendors provides near real-time visibility of security status, allowing procurement teams to make informed decisions and comparisons. Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG, UDM, UNC, UPCF) and LTE eNodeB were the first to pass the GSMA’s Network Equipment Security Assurance Scheme (NESAS). With one transparent and independent global scheme reflecting the security needs of the entire ecosystem, regulators in the region can take advantage of clear guidance and support for national security mitigations.

GSMA has created the Mobile Cyber Security Knowledge Base (MCKB), which offers the combined knowledge of the 5G ecosystem to increase trust in 5G networks and make the interconnected world as secure as possible. The Knowledge Base is regularly enhanced and extended to respond to the evolving cybersecurity threat landscape.
The 5G Cybersecurity Knowledge Base is an industry effort that composes a comprehensive threat landscape designed to help key stakeholders such as MNOs, equipment vendors, regulators, application developers, and service providers understand the security threats posed by 5G networks in a systematic and objective fashion.

It provides essential insights for the stakeholders’ risk management strategy as well as guidance covering best practices and risk mitigation measures. The Knowledge Base will help enhance 5G security competencies and capabilities and strengthen the work of carriers, enterprises, oversight agencies, and regulators. At an operational level, the Knowledge Base offers clear instructions for taking step-by-step actions to build security assurance while considering the entire risk spectrum of 5G end-to-end networks.

Jeff Wang, President of the Public Affairs and Communications Department at Huawei, said, “To fully reap digital dividends, we need to pay more attention to enhancing connectivity, embracing digital application, and empowering digital talent.” The forum discussions provided recommendations for various countries in the region based on their specific needs and achievements in these areas and the need to specifically improve their optical fibre networks to ensure homes and offices have the speed and stability for these advancements.

The forum spotlighted the robust national network development strategies aligned with visions and key industries crucial for the growing demand for advanced services that necessitate network upgrades, vital for ambitious projects, as is the case of Saudi Arabia’s 10Gbs Society. Supportive policies from governments will incentivize carriers and enterprises to invest in infrastructure optimization.

Lin Yanqing, Principal Consultant, Industry Policy Public & Government Affairs, Huawei Technologies and Aloysious Cheang, Chief Security Officer, Huawei Middle East and Central Asia, joined the round table discussions and reiterated that Huawei has taken a proactive approach to telecom cybersecurity standardization. Cheang said, “Cybersecurity is a team sport, and together with GSMA, we can leverage their good work, such as NESAS and MCKB, that will lay the foundation to secure broadband, 5G, 5G-A, and beyond.”

The company works with the GSMA, the ITU, the 3GPP, and others, as well as through partnerships with security organizations and companies, to ensure the security of its customers and promote the healthy development of the mobile ecosystem, the executives explained. Huawei has passed NESAS/SCAS 2.0 evaluations for its 5G base station and NESAS audits for its RAN and core network, demonstrating the company’s commitment to cybersecurity. Saudi Arabia’s Vision 2030 fuels a digital revolution, prioritizing network investment. As the digital backbone, robust networks are essential for faster internet, advanced services, and a secure, sustainable digital economy.

To address this, Cloudflare has developed advanced bot detection models specifically trained to identify AI bots. These models analyze traffic patterns and behaviour, including attempts to mimic human web browsing activity. This allows them to catch even the most cunning scraper bots. Cloudflare has also implemented a reporting system for website owners to flag suspected AI bots and crawlers. They plan to continuously update their blacklist based on user reports and manual investigations.

The rise of powerful generative AI models has fueled a massive demand for training data. This has led to a surge in AI scraper bots, often operating without permission or compensation for the data they collect. Many websites are opting to block these bots entirely. Studies show a significant number of top websites blocking bots used by leading AI companies. However, some vendors seem to disregard these blockers, prioritizing data collection over user consent.

Blocking all bots can have unintended consequences. Some AI tools, like Google’s AI Overviews, exclude websites that block specific crawlers. This can limit valuable referral traffic for website owners. Cloudflare’s tool offers a potential solution, but its effectiveness hinges on the accurate detection of these clandestine AI bots. The ongoing battle between website owners and AI companies highlights the need for a clearer regulatory framework to govern data collection practices in the AI training landscape.

This new offering provides real-time, AI-powered protection to secure containerized workloads running on AWS Fargate for Amazon ECS and Amazon EKS. “As a long-time and strategic Amazon Partner Network member, we are committed to delivering market-leading innovations through simple integrations that enable customers to improve their security outcomes and change the game,” said Brian Lanigan, Senior Vice President, Global Ecosystem, SentinelOne.

Ephemeral containerised workloads running on AWS Fargate allow rapid scale and deployment to refresh environments, offering business and technical agility. However, their short-lived nature does not automatically mean they are secure. While these resources may only live for minutes, attackers can compromise within seconds and look for opportunities to move to higher-value, longer-living resources ahead of the ephemeral resource being deleted. Adversaries can also gain an initial foothold elsewhere in a cloud environment and pivot to serverless container resources to conduct attacks, such as crypto-mining.

Ely Kahn, Vice President, Product Management, Cloud Security, SentinelOne

“Enterprises of all sizes are increasingly moving toward serverless infrastructure services to accelerate innovation at scale, and these resources must be protected,” said Ely Kahn, Vice President, Product Management, Cloud Security, SentinelOne. “With AWS Fargate, developers can focus on building applications without managing servers and get ideas into production more quickly, and with SentinelOne, they can be sure they do so securely.”

Singularity Cloud Workload Security for Serverless Containers is AI-powered runtime protection that leverages five autonomous detection engines to detect runtime threats like ransomware, zero-days, and file-less exploits in real-time and streamline machine-speed response actions. AWS customers can now protect their containerized workloads however they are launched, from Amazon EC2 to AWS Fargate.

Cloud Workload Security is part of SentinelOne’s cloud security portfolio, which includes Singularity Cloud Native Security and Singularity Cloud Data Security. The solution sits on top of the Singularity Platform and Singularity Data Lake, delivering the most comprehensive CNAPP in the market. SentinelOne’s Singularity Platform protects the entire enterprise across every endpoint, identity, and workload on every cloud. The unified, intelligent platform ingests data from any source and applies advanced AI and machine learning to normalize, consolidate, and contextualize insights in a single, powerful data lake. Through simple integration, relevant AWS logs, including AWS CloudTrail and AWS Security Hub, can also be ingested.

The Singularity Platform is supercharged with the power of Purple AI, an advanced generative AI security analyst that provides autonomous SecOps tools designed to radically accelerate security teams’ threat hunting and investigations, reduce Mean Time to Response, and deliver complete end-to-end AI-powered enterprise security to stay ahead of attacks. “Detecting attacks is only one part of the security equation,” Kahn said. “By combining SentinelOne’s agent and agentless capabilities with the power of Purple AI, security teams can now more automatically hunt for, triage, and investigate these attacks using the power of Purple AI’s natural language translation, summarization, and guided hunting capabilities.”

Singularity Cloud Workload Security support for Fargate EKS is generally available now, and support for Fargate ECS is available to early adopters.

The survey underscores a daunting reality— although cloud attacks are on the rise, only 4% of organizations disclosed that they can mitigate risks easily and quickly. An overwhelming 96% have expressed concern about their ability to handle such risks. In addition, 91% of respondents are alarmed by the surge in more sophisticated cyber threats, including unknown risks and zero-day attacks, which cannot be detected using conventional security tools.

“The data speaks volumes about the urgent need for organizations to shift their focus towards implementing AI-powered threat prevention measures,” states Itai Greenberg, Chief Strategy Officer at Check Point Software Technologies. “By adopting a consolidated security architecture and enhancing collaborative security operations, businesses can preemptively tackle emerging threats, ensuring a more secure and resilient cloud environment.”

Other insights from the 2024 Cloud Security Report:

1. Escalation of Cloud Incidents: There has been a 154% increase in cloud security incidents compared to last year, with 61% of organizations reporting significant disruptions.
2. Deep Concerns Over Risk Management: An overwhelming 96% of respondents reported concerns about their ability to effectively manage cloud risks, reflecting a considerable escalation from previous years.
3. Rapid Adoption of AI Technologies: With 91% of organizations now prioritizing AI to enhance their security posture, the focus has shifted towards leveraging AI for proactive threat prevention.
4. CNAPP for Enhanced Prevention: Despite the growing threat landscape, only 25% of organizations have fully implemented Cloud Native Application Protection Platforms (CNAPP). This underscores the urgent need for comprehensive solutions that go beyond traditional tooling.
5. Complexity in Cloud Security Integration: Despite the potential for streamlined solutions, 54% of respondents face challenges in maintaining consistent regulatory standards across multi-cloud environments. Additionally, 49% struggle with integrating cloud services into legacy systems, often complicated by limited IT resources.

The report advises organizations to embrace a more comprehensive, collaborative, and AI-driven cybersecurity framework.