As cyberthreats and identity-driven attacks across the GCC evolve, organisations must rethink how they defend their digital ecosystems. Drawing on more than two decades of experience in the region, Mahmoud Ahmed, Sales Director – Middle East at Okta, explores how AI-powered identity security, Zero Trust frameworks and adaptive authentication are reshaping defence strategies, helping CISOs stay ahead in an era where attackers are no longer breaking in, but logging in.

What identity-driven threats are you seeing most frequently across the GCC, and how should CISOs in the region be adjusting their defence strategies accordingly?

Across the GCC, the threat landscape has fundamentally shifted because of AI. Attackers are not hacking in anymore – they’ re logging in.

Regional CISOs must pivot to an identity first AI driven platform. By centralising defence strategies through Okta, organisations can leverage Okta’ s AI capabilities. Okta machine learning, for example, analyses billions of authentications globally in real time, instantly recognising behavioural patterns and blocking malicious authentication attempts before the user even knows about the login attempt.

Zero Trust adoption is accelerating across government and critical infrastructure sectors in the region. What are the biggest implementation challenges regional CISOs are facing?

The biggest roadblocks that we see, especially in oil and gas and government, are legacy systems. The problem is that many systems don’ t support modern protocols, making them blind spots for security teams. To overcome this, CISOs must bridge the gap intelligently rather than rip and replace.

Using Okta, organisations can connect legacy applications directly into Okta’ s modern identity control plane. What makes this incredibly powerful is the layering of AI on top of it. By re-routing legacy access through Okta, AI engines can baseline normal usage for these older applications and automatically recommend zero trust access policies, wrapping outdated tech in modern adaptive security.

Attackers are not hacking in anymore – they’ re logging in.

WWW. INTELLIGENTCISO. COM 15