A new study by cybersecurity firm Positive Technologies has shed light on the evolving cyber threat landscape in the Middle East, revealing that a staggering 80% of successful cyberattacks in the region lead to the breach of confidential information. The research, examining the impact of digital transformation, organized cybercrime, and the underground market, highlights the increasing exposure of Middle Eastern nations to sophisticated cyber threats.

The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

Qualys has announced the expansion of its invite-only managed Risk Operations Center (mROC) Partner Alliance with seven new global partners, including Teksalah from the Middle East. This marks a significant step forward in Qualys’ mission to build a robust Risk Operations Center (ROC) ecosystem—making business-aligned cyber risk management more accessible, actionable, and measurable for organizations worldwide.

Built on the Qualys Enterprise TruRisk™ Management Platform, the ROC framework consolidates risk signals across an organization’s digital footprint into a single pane of glass. It enables Continuous Threat Exposure Management (CTEM), cyber risk quantification, and risk remediation, empowering CISOs to translate cyber risk into business terms, ensure audit readiness, and build long-term resilience.

The mROC Partner Alliance equips partners to drive growth by delivering enhanced Qualys-powered ROC services that transform how enterprises measure, manage, and reduce cyber risk. The expanded roster of partners brings world-class expertise to help organizations overcome common cybersecurity challenges such as fragmented tools, disjointed risk response, and limited visibility—enabling a proactive approach to managing cyber risk at scale.

“When we introduced the concept of the Risk Operations Center, we knew it had the potential to redefine how organizations manage cyber risk,” said Sumedh Thakar, president and CEO of Qualys. “Today, with the launch of our inaugural global mROC partners, we’re delivering on that vision. This is a major milestone in building a thriving ROC ecosystem—one that helps businesses around the world take control of cyber risk with clarity, speed, and measurable impact.”

mROC Partners, through a comprehensive suite of risk service offerings, play a critical role in Qualys’ mission to make cyber risk management easier to adopt, more practical to implement, and more impactful for organizations globally. This innovative group of mROC partners has been thoroughly trained and enabled to operate a ROC powered by Qualys Enterprise TruRisk Management (ETM), delivering comprehensive managed risk services. By aggregating and analyzing risk signals from both Qualys and third-party tools, they offer their clients a holistic, business-aligned view of their risk exposure.

“The Teksalah and Qualys partnership is built on a shared vision — to embed a holistic risk-based, proactive approach at the core of enterprise cybersecurity. Through our powerful platforms, intelligent tools, and proven services—covering real-time risk monitoring to effective remediation—we are enabling organizations to manage risk with precision and drive secure innovation. Together, we are transforming our client’s cybersecurity from a control function into a catalyst for business growth and resilience,” commented Murali Konasani, CEO, Teksalah.

CyberKnight, a prominent regional cybersecurity advisory and value-added distributor, today announced the establishment of its local entity in Johannesburg, South Africa. The company has also appointed Wade Gomes as Country Manager for the SAADC (Southern African Development Community) region. This move underscores CyberKnight’s dedication to supporting the burgeoning Southern African market, where cybersecurity is increasingly becoming a top priority for organisations across various sectors.

“Wade Gomes’ appointment marks an important milestone for CyberKnight in Southern Africa. His deep industry knowledge, decades of experience and leadership will be instrumental as we expand our presence and work closely with our partners and customers,” said Yaadhna Singh Gounden, Regional Director for Sub-Saharan Africa. “Our goal is to enable organisations to navigate the complexities of today’s cybersecurity landscape with confidence, leveraging best-in-class solutions and proven frameworks.”

South Africa’s ongoing digital transformation, coupled with the rising sophistication of cyber threats, has driven a greater emphasis on implementing strong security solutions and adhering to regulatory compliance. The region’s cybersecurity market is characterised by a significant demand for advanced technologies, particularly in areas like cloud security, AI-powered threat detection, and managed security services. As businesses embrace digitalisation, they encounter new vulnerabilities, necessitating scalable and innovative solutions to safeguard sensitive data and ensure uninterrupted operations. The collaborative efforts between government, businesses, and technology providers to bridge skills gaps and strengthen defenses highlight the significant growth potential in the region.

“I’m excited to be part of CyberKnight’s journey in Southern Africa. The region is at a critical point in its cybersecurity evolution, and there’s a real opportunity to make a lasting impact, by combining local expertise with global experience. I’m honored and excited to lead this mission locally, with a goal to transform South Africa into one of CyberKnight’s hubs and a center of excellence, by helping customers stay ahead of threats while maximising the value of their cybersecurity investments,” added Wade Gomes, Country Manager at CyberKnight.

CyberKnight’s establishment in South Africa signifies its complete coverage across the African continent. The company brings its Zero Trust Security philosophy and a portfolio of leading global cybersecurity vendors to assist enterprise and government organisations throughout Africa in managing risk and enhancing resilience as they navigate evolving regulations and threats.