The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Built on the Qualys Enterprise TruRisk Management Platform, the ROC framework consolidates risk signals across an organization’s digital footprint into a single pane of glass. It enables Continuous Threat Exposure Management (CTEM), cyber risk quantification, and risk remediation, empowering CISOs to translate cyber risk into business terms, ensure audit readiness, and build long-term resilience.

The mROC Partner Alliance equips partners to drive growth by delivering enhanced Qualys-powered ROC services that transform how enterprises measure, manage, and reduce cyber risk. The expanded roster of partners brings world-class expertise to help organizations overcome common cybersecurity challenges such as fragmented tools, disjointed risk response, and limited visibility—enabling a proactive approach to managing cyber risk at scale.

“When we introduced the concept of the Risk Operations Center, we knew it had the potential to redefine how organizations manage cyber risk,” said Sumedh Thakar, president and CEO of Qualys. “Today, with the launch of our inaugural global mROC partners, we’re delivering on that vision. This is a major milestone in building a thriving ROC ecosystem—one that helps businesses around the world take control of cyber risk with clarity, speed, and measurable impact.”

mROC Partners, through a comprehensive suite of risk service offerings, play a critical role in Qualys’ mission to make cyber risk management easier to adopt, more practical to implement, and more impactful for organizations globally. This innovative group of mROC partners has been thoroughly trained and enabled to operate a ROC powered by Qualys Enterprise TruRisk Management (ETM), delivering comprehensive managed risk services. By aggregating and analyzing risk signals from both Qualys and third-party tools, they offer their clients a holistic, business-aligned view of their risk exposure.

“The Teksalah and Qualys partnership is built on a shared vision — to embed a holistic risk-based, proactive approach at the core of enterprise cybersecurity. Through our powerful platforms, intelligent tools, and proven services—covering real-time risk monitoring to effective remediation—we are enabling organizations to manage risk with precision and drive secure innovation. Together, we are transforming our client’s cybersecurity from a control function into a catalyst for business growth and resilience,” commented Murali Konasani, CEO, Teksalah.

“Wade Gomes’ appointment marks an important milestone for CyberKnight in Southern Africa. His deep industry knowledge, decades of experience and leadership will be instrumental as we expand our presence and work closely with our partners and customers,” said Yaadhna Singh Gounden, Regional Director for Sub-Saharan Africa. “Our goal is to enable organisations to navigate the complexities of today’s cybersecurity landscape with confidence, leveraging best-in-class solutions and proven frameworks.”

South Africa’s ongoing digital transformation, coupled with the rising sophistication of cyber threats, has driven a greater emphasis on implementing strong security solutions and adhering to regulatory compliance. The region’s cybersecurity market is characterised by a significant demand for advanced technologies, particularly in areas like cloud security, AI-powered threat detection, and managed security services. As businesses embrace digitalisation, they encounter new vulnerabilities, necessitating scalable and innovative solutions to safeguard sensitive data and ensure uninterrupted operations. The collaborative efforts between government, businesses, and technology providers to bridge skills gaps and strengthen defenses highlight the significant growth potential in the region.

“I’m excited to be part of CyberKnight’s journey in Southern Africa. The region is at a critical point in its cybersecurity evolution, and there’s a real opportunity to make a lasting impact, by combining local expertise with global experience. I’m honored and excited to lead this mission locally, with a goal to transform South Africa into one of CyberKnight’s hubs and a center of excellence, by helping customers stay ahead of threats while maximising the value of their cybersecurity investments,” added Wade Gomes, Country Manager at CyberKnight.

CyberKnight’s establishment in South Africa signifies its complete coverage across the African continent. The company brings its Zero Trust Security philosophy and a portfolio of leading global cybersecurity vendors to assist enterprise and government organisations throughout Africa in managing risk and enhancing resilience as they navigate evolving regulations and threats.

The company also highlighted the limitations of traditional PAM models relying on static policies and manual processes, often lacking crucial context and leading to excessive permissions and security vulnerabilities. Their 2024 Identity Security Insights report indicated that 68% of respondents are seeking AI-driven improvements in risk-based access control.

“Today’s hybrid, multi-cloud environments have led to an explosion of human and non-human identities, creating complex access workflows and rampant privilege sprawl. To tackle this, organizations require dynamic policies that can intelligently enforce the principle of least privilege across their identity stack. With the AI-driven CIEM module in PAM360, IT security teams can now generate intelligent least privilege policies, proactively flag risky entitlements and automate remediation, helping enterprises close critical identity security gaps before they’re exploited,” said Ramanathan Kannabiran, director of product management at ManageEngine.

Addressing this need, PAM360’s Cloud Infrastructure Entitlement Management (CIEM) module now incorporates AI-generated least privilege policies, automated remediation of shadow admin risks, and real-time access and session summaries. These AI-powered capabilities enable organizations to proactively combat access sprawl and misconfigurations in hybrid environments with minimal manual intervention.

ManageEngine also addressed the inefficiencies and potential security gaps associated with business workflows using RPA and script-based automation that often rely on manual access provisioning. Modern IT teams require dynamic controls to streamline on-demand access within these automated workflows and bolster overall security.

According to Kannabiran, “Privileged task automation in PAM360 eliminates the need for administrators to manually grant and revoke necessary access privileges for every automated routine. Access is provisioned just in time, based on the task context, and revoked automatically once the task ends. This not only preserves admin bandwidth, but also reduces the risk of privilege misuse caused by excessive or standing access.”

Leveraging Zoho’s Qntrl, PAM360 now offers native automation capabilities, eliminating the need for third-party tools. This deep integration within the Zoho ecosystem allows for seamless orchestration of privileged access workflows, enhancing efficiency without compromising security. PAM360 streamlines vendor access with automated onboarding and offboarding, provisions temporary, just-in-time access with granular, time-bound controls, and ensures secure, hands-free transfer of privileged data – delivering speed, consistency, and reduced risk across the organization.

Nicholas Matta brings extensive experience in Environment, Health and Safety (EHS) and Environmental, Social and Governance (ESG) across the Middle East. His background encompasses both project delivery and commercial leadership, providing a comprehensive understanding of how organizations approach risk, compliance, and transformation. Previously holding a leadership position at Enablon, Matta is recognized for his ability to cultivate strong, culturally aligned relationships throughout the region. In his new role at EcoOnline, he will lead partner engagement, customer adoption, and go-to-market strategies in the Middle East, while also overseeing business development in the Benelux region.

Nicholas commented, “I am proud to be part of EcoOnline’s journey in the fast-growing Middle East region. There is a clear opportunity to close market gaps in areas like lone worker protection and chemical safety — challenges that are too often overlooked despite their risk. EcoOnline is uniquely positioned to address these needs with intuitive, people-centered solutions that deliver lasting impact at every level of an organisation.”

The Middle East is currently undergoing rapid industrial and economic transformation, driven by national initiatives such as Saudi Arabia’s Vision 2030, the upcoming World Expo 2035, and ambitious mega-projects like The Line within the $500 billion NEOM development. Since the launch of Vision 2030 in 2016, Saudi Arabia has witnessed a 60% increase in industrial facilities, with the IMF projecting a cumulative economic growth of 6.7% over the next two years. As infrastructure and energy projects accelerate and local workforces expand under nationalization programs like Saudization, the demand for safe, sustainable, and compliant operations is escalating. Key sectors including construction, manufacturing, and energy are facing increasing pressure to meet international standards in both sustainability reporting and frontline risk management.

“The Middle East is at a critical inflection point, with ambitious national agendas driving industrial growth and employment,” said Gareth Palmer, SVP Channel & Alliances. “We see a clear opportunity — and responsibility — to help companies build a safer, more sustainable world of work. By combining local expertise with a global partner ecosystem, we can support organisations navigating this transformation — not just with technology, but with long-term, trust-based collaboration.”

EcoOnline has already established a presence in the Middle East through collaborations with global partners such as DSS+, VPWhite, and WSP. This formal expansion builds upon EcoOnline’s robust foundation in Europe, North America, ANZ (Australia and New Zealand), and South Africa. It reflects the company’s ongoing dedication to providing high-impact industries with user-friendly tools that simplify complexity and enhance safety culture, regulatory compliance, and environmental performance.

A leading insight featured in the report is the unanimous view among interviewees that interest in the technology has surged over the past few years, with more and more business customers becoming curious and increasingly knowledgeable about its potential applications.

Mats Thulin, Director AI & Analytics Solutions at Axis Communications

“AI is a technology that has the potential to touch every corner and every function of the modern enterprise. That said, any implementations or integrations that aim to drive value come with serious financial and ethical considerations. These considerations should prompt organisations to scrutinise any initiative or investment. Axis’s new report not only shows how AI is transforming the video surveillance landscape, but also how that transformation should ideally be approached,” said Mats Thulin, Director AI & Analytics Solutions at Axis Communications.

According to the Axis report, the move by businesses from on-premise security server systems to hybrid cloud architectures continues at pace, driven by the need for faster processing, improved bandwidth usage and greater scalability. At the same time, cloud-based technology is being combined with edge AI solutions, which play a crucial role by enabling faster, local analytics with minimal latency, a prerequisite for real-time responsiveness in security-related situations.

By moving AI processing closer to the source using edge devices such as cameras, businesses can reduce bandwidth consumption and better support real-time applications like security monitoring. As a result, the hybrid approach is expected to continue to shape the role of AI in security and unlock new business intelligence and operational efficiencies.

A trend that is emerging among businesses is the integration of diverse data for a more comprehensive analysis, transforming safety and security. Experts predict that by integrating additional sensory data, such as audio and contextual environmental factors caught on camera, can lead to enhanced situational awareness and greater actionable insights, offering a more comprehensive understanding of events.

Combining multiple data streams can ultimately lead to improved detection and prediction of potential threats or incidents. For example, in emergency scenarios, pairing visual data with audio analysis can enable security teams to respond more quickly and precisely. This context-aware approach can potentially elevate safety, security and operational efficiency, and reflects how system operators can leverage and process multiple data inputs to make better-informed decisions.

According to the Axis report, interviewees emphasised that responsible AI and ethical considerations are critical priorities in the development and deployment of new systems, raising concerns about decisions potentially based on biased or unreliable AI. Other risks highlighted include those related to privacy violations and how facial and behavioural recognition could have ethical and legal repercussions.

As a result, a recurring theme among interviewees was the importance of embedding responsible AI practices early in the development process. Interviewees also pointed to regulatory frameworks, such as the EU AI Act, as pivotal in shaping responsible use of technology, particularly in high-risk areas. While regulation was broadly acknowledged as necessary to build trust and accountability, several interviewees also stressed the need for balance to safeguard innovation and address privacy and data security concerns.

“The findings of this report reflect how enterprises are viewing the trend of AI holistically, working to have a firm grasp of both how to use the technology effectively and understand the macro implications of its usage. Conversations surrounding privacy and responsibility will continue but so will the pace of innovation and the adoption of technologies that advance the video surveillance industry and lead to new and exciting possibilities,” Thulin added.

What do you see as the most critical emerging cybersecurity threats in 2025, and how should organizations prepare for them?
Emerging technologies like AI and ML are disruptors leading to the rise of cyberattacks. AI-powered attacks are increasingly affecting businesses via phishing scams, ransomware attacks, malware attacks, and endpoint vulnerability exploitation. Organisations need to move beyond traditional defences to mitigate this risk. By investing in proactive measures, like penetration testing to uncover vulnerabilities, and using purple team exercises to simulate real-world attacks, organisations can improve their threat detection and response.

With threats targeting both on-premises systems and cloud environments, it’s crucial to secure all digital fronts. Companies must also run tailored incident response drills to stay ready for fast-moving threats. Ultimately, building a strong, adaptive cybersecurity strategy that accounts for AI-driven attacks is essential to protect digital assets and stay resilient in the face of evolving cyber risks.

How is the rise of AI and quantum computing reshaping the cybersecurity landscape, and what risks do they introduce?
As much as it is being hailed for making our lives easy, AI has also become a powerful ally for digital miscreants. In particular, threat actors are using generative AI (GenAI) to create highly convincing phishing emails, fake websites, and deepfakes for deceiving users and stealing their information. Threat actors are also using GenAI to develop sophisticated malware that bypasses traditional security defences.

Similarly, quantum computing is a double-edged sword. These powerful machines are capable of rendering traditional encryption methods obsolete, especially public key cryptography, as what once took a traditional computer years to decode RSA-2048 (a widely used encryption algorithm) takes a quantum computer a matter of seconds or minutes to decode.

How do you predict ransomware tactics will evolve in the near future, and what proactive measures should businesses take?
Threat actors are using AI to develop sophisticated, highly accurate ransomware that not only widens the reach of the attack but increases the impact on its victims. And this issue will only get worse as threat actors evolve their use of AI to carry out these attacks, drastically altering the threat landscape.

Businesses can adopt several key strategies to defend against ransomware attacks effectively. These include improving employee awareness and periodic training, restricting user access by implementing a Zero Trust approach and multi-factor authentication, taking regular data backups, keeping systems updated, and configuring the firewall to filter out suspicious activities and network segmentation to limit the spread of malware.

How does regulatory compliance (like UAE’s Data Protection Law or Saudi’s NCA requirements) impact cybersecurity strategies for regional businesses?
Governments across the region, led by the UAE and Saudi Arabia, have taken it upon themselves to enforce a safe and resilient cyberspace. This is in line with the region’s ongoing efforts to promote digital innovation, thereby delivering better services for people and driving faster economic growth. Compliance mandates, like Saudi Arabia’s and the UAE’s PDPL, play a major role in setting various polices, standards, and guidelines to safeguard the IT infrastructure in the respective countries. By incorporating these controls in their cybersecurity strategies, regional businesses can improve their security posture and protect their sensitive data. Failure to do so not only makes them vulnerable to cyberattacks, but invites substantial fines, legal action, and loss of operating license.

Can you explain ManageEngine’s “unified security” approach and how it simplifies cybersecurity for enterprises?
With over 20 years of experience in observing the changing IT landscape and building highly scalable and integrable solutions, ManageEngine recognises there is no single path to cyber resilience for enterprises. To stay ahead of both established and emerging threats, there is a need to take a holistic approach wherein identities, endpoints, and network infrastructure are all properly secured and governed. ManageEngine’s AI-powered cybersecurity solutions, all of which have been built from ground-up, effectively ensure this. They also help enterprises comply with the most important cybersecurity frameworks and data privacy regulations like the GDPR and the PDPL.

How does ManageEngine leverage AI to enhance phishing simulations and employee training?
For over a decade, we have been researching emerging technologies, resulting in the development of our own in-house AI based on contextual intelligence. We understand AI’s importance in detecting and mitigating cyberattacks. Our AI capabilities can be leveraged for a variety of security use cases, such as ransomware protection, anomaly detection, data exfiltration, and preventing insider access abuse.

Most phishing attacks are carried out via email, which lures an individual to download malware that enables the attacker to breach the user’s system and network. By relying on AI, our solutions can flag potential phishing attempts by continuously analysing emails and websites. This will enable security administrators to prioritise such threats and mitigate their impact.

Could you tell us about Positive Technologies’ presence at this year’s GISEC event and the solutions you’re showcasing?
This year at GISEC, we’re presenting our latest cybersecurity solutions with a strong focus on hands-on, practical expertise. At our stand, we’re demonstrating sophisticated attack techniques like direct memory access attacks and full injection attacks – these show just how easily devices like laptops can be compromised. We’ve also significantly expanded our Hackosphere area compared to last year, featuring interactive engagements including soldering, device hacking, fixed attacks, and stenography challenges. We’ve doubled the size of this interactive space and hope to see twice the engagement as well.

How does participating in this event help you engage with regional companies?
We’re seeing tremendous participation from across industries – government representatives, oil and gas companies, financial institutions, and many partners. GISEC has established itself as one of the most efficient and prominent cybersecurity events not just in the UAE, but across the entire Middle East region.

Could you share your observations about the current threat landscape in the region and how you’re helping companies address these challenges?
Through our Threat Research Center – the largest in Eastern Europe – we continuously monitor critical infrastructure and analyse activity across the deep and dark web globally. In the Middle East specifically, we’re observing significant activity from APT groups, including state-sponsored hackers and hacktivists targeting critical national infrastructure. Their methods typically involve compromising internal organisational systems or creating backdoors, which they often then sell access to on dark web markets.

What challenges are companies facing regarding AI-powered attacks?
AI is undoubtedly the hot topic in cybersecurity right now. While AI capabilities are becoming increasingly sophisticated and powerful, I firmly believe human expertise remains irreplaceable. That said, we’re seeing substantial AI integration from both sides – threat actors are leveraging it for attacks while cybersecurity professionals are using it for defense. This dual adoption is creating significant impacts, and we anticipate this trend will continue growing over the next 5-10 years.

Are you collaborating with any local entities or governments to address these AI-related security challenges?
Absolutely. We’re actively working with local partners, government agencies, and regional companies to help them understand the AI threat landscape and demonstrate how AI and machine learning can be effectively used to protect their infrastructure.

What key advice would you give regional organisations looking to improve their security posture?
My fundamental recommendation is to invest in human capital. Knowledge and expertise are assets you can’t simply purchase – they need to be developed. An organisation might have the best security tools and infrastructure, but without capable personnel, these resources become ineffective. This is why we emphasise sharing our expertise – not just in defense strategies, but in incident response, investigations, and most importantly, in building local capabilities to elevate overall cybersecurity maturity levels.

Could you give us a brief overview of Group-IB’s presence at GISEC and your solutions?
This is our fourth year we are participating in GISEC, and our involvement has grown significantly—both in terms of visibility and the solutions we offer. Group-IB is one of the few full-platform players in cybersecurity, specialising in active threat intelligence, digital risk protection, fraud prevention, and monitoring. Fraud, in particular, is a rapidly evolving threat—growing in complexity and impact.

Speaking of evolving threats, what key changes are you seeing in the cyber threat landscape, especially in this region?
We’ve observed several concerning trends. First, APT (Advanced Persistent Threat) attacks have become far more sophisticated, driven by global geopolitics. Data exfiltration and theft are rampant. Second, fraud attempts are now borderless, with threat actors sharing intelligence across borders. And third, AI is a double-edged sword—while we use it for threat detection, attackers are leveraging AI for phishing, social engineering, and automating malicious campaigns.

Your Cyber Crime Center has been a major focus. Can you elaborate on its role?
Absolutely. We take a localised, intelligence-driven approach, meaning we develop threat insights at both country and industry levels. This allows us to brief governments, law enforcement, banks, and critical infrastructure providers on targeted risks.

Additionally, our Cyber Crime Center integrates multiple data streams—threat intelligence, fraud analytics, phishing scams, and money laundering patterns—into a unified system. This gives clients a real-time, 360-degree view of their threat landscape, helping them build stronger cybersecurity strategies.

What’s your key message for companies and attendees at GISEC?
There are three main takeaways. Attendees should stay updated on emerging trends, as new vendors and tools are constantly entering the market. They should prioritise tailored intelligence over generic open-source data. And they should maximise ROI on existing security investments before adopting new solutions.

How does Group-IB support its channel partners?
We’re a partner-first organisation, and we’ve launched several initiatives, including a certification program that enables partners to build expertise around our technology. We also conduct partner engagement surveys to gather feedback and improve collaboration, and we emphasise deep interoperability with other security solutions.

Beyond that, we address three key areas: CISO-level security, CFO-focused fraud prevention, and brand protection—each with dedicated solutions tailored to different organisational needs.