For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 9, 2026. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner to more than 900 clients. This ISG report evaluates 19 providers of sovereign cloud infrastructure services in the multi-public-cloud environment and examines how they address the key challenges that enterprise clients face in the European Union (EU). ISG defines Leaders as providers who represent innovative strength and competitive stability.

ISG rated AWS ahead of other leading cloud providers on both the competitive strength and portfolio attractiveness axes, with the highest score on portfolio attractiveness. Competitive strength was assessed on multiple factors, including degree of awareness, core competencies, and go-to-market strategy. Portfolio attractiveness was assessed on multiple factors, including scope of portfolio, portfolio quality, strategy and vision, and local characteristics.

According to ISG, “AWS’s infrastructure provides robust resilience and availability, supported by a sovereign-by-design architecture that ensures data residency and regional independence.”

Read the report to:

• Discover why AWS was named as a Leader with the highest score on portfolio attractiveness by ISG.
• Gain further understanding on how the AWS Cloud is sovereign-by-design and how it continues to offer more control and more choice without compromising on the full power of AWS.
• Learn how AWS is delivering on its Digital Sovereignty Pledge and is investing in an ambitious roadmap of capabilities for data residency, granular access restriction, encryption, and resilience.

AWS’s recognition as a Leader in this report for the third consecutive year underscores our commitment to helping European customers and partners meet their digital sovereignty and resilience requirements. We are building on the strong foundation of security and resilience that has underpinned AWS services, including our long-standing commitment to customer control over data residency, our design principal of strong regional isolation, our deep European engineering roots, and our more than a decade of experience operating multiple independent clouds for the most critical and restricted workloads.

Download the full 2025 ISG Provider Lens Quadrant report for Sovereign Cloud Infrastructure Services (EU).

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
 

Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment.

Our research, drawing on insights from more than 2,800 security leaders, surfaces the critical cost of misalignment across teams, tools and workflows. This report provides key benchmarks to help inform the decisions that shape your cloud strategy as we track where teams gain ground, where they struggle, and how the threat landscape, now accelerated by AI, is evolving.

The Cloud Attack Surface Is Expanding with AI

The biggest shift in the cloud landscape is the acceleration of risk driven by AI adoption. As cloud infrastructure expands to host the growing number of AI workloads, it has become a critical target. The introduction of GenAI into development pipelines is also compounding the problem by increasing the volume of insecure code going into production.

Of those surveyed in the 2025 report, 75% of organizations stated that they are running AI in their production environments today. That level is significant, as it points to the growing adoption and use of AI as businesses are locked in what looks like a modern arms race to bring the latest capabilities and benefits to their organizations and customers. In addition, as stated earlier, our findings confirm that 99% of organizations reported at least one attack on their AI systems within the past year. This number proves that AI needs human guardrails, as well as to be secured to contain the risk of critical data exposure by adversaries.

The AppSec Pipeline Is Not Secure Enough Yet

As AI expands the cloud attack surface and has been proven to be a significant target, we can see that code development pipelines are also being stressed by the same forces. An important trend from the 2025 report is the rise of GenAI-assisted coding (vibe coding), used by 99% of respondents. The use of vibe coding is generating insecure code faster than security teams can review it. The acceleration creates a massive risk gap: 52% of teams are shipping code weekly, but only 18% are able to fix vulnerabilities at that same pace. This confirms that traditional, human-led approaches to application security are inadequate, leaving security teams to fight threats with fragmented tools and slow, manual fix cycles.

As the pace of development increases, the disconnect between security assessment and remediation is becoming more apparent too. While teams are making progress by shifting away from outdated vulnerability prioritization methods, they still struggle to integrate security effectively into the development workflow. This introduces a large number of vulnerabilities into production, where 20% of organizations report that an average of 37% of their high or critical issues reach their production environments. Once in production those vulnerabilities linger, as 82% of organizations report it taking longer than a week to deploy code fixes. What is slowing teams down?

The traditional refrain toward implementing prevention that blocks risks from reaching production during rapid code development is still true today. The barriers are clear: 31% cite poor CI/CD integration and another 31% worry about slowing down development. On the positive note, only 17% rely on CVSS scores to prioritize their fixes as teams are now moving more toward context-rich decisions based on exploitability-based triage (32%) and business impact (33%).

The New Frontiers of Cloud Risk

Attackers are rapidly pivoting to exploit the foundational layers of the cloud, with a clear focus on ungoverned interfaces and overprivileged access. The volume and autonomy introduced by AI agents further accelerates this exploitation, turning minor gaps into major incidents.

Attacks on APIs Jump for 41%

APIs are the new primary entry point. Attacks on APIs increased for 41% of organizations in the last year, marking the sharpest rise of any threat category measured. As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface. Furthermore, nearly every AI-related threat, including model supply chain tampering, token theft and prompt injection, involves an API boundary. This reinforces the role of ungoverned interfaces in scalable AI compromise, with 47% of AI system breaches involving data exfiltration through assistants or plugins.

Identity Still Remains the Weakest Link

Insufficient access controls remain a leading vector for credential theft and data exfiltration. 53% of organizations cite lenient identity and access management (IAM) practices as a top data security challenge. This problem is compounded by complexity. The number climbs to 57% among organizations running more than six AppSec tools, proving that the discipline required to maintain least privilege is failing to scale with tool sprawl. Data leaves through both legitimate business systems and breach events, making it fundamentally an identity problem.

The top three exfiltration vectors confirm this focus:

• SaaS sync or export misuse: 63%
• Overpermissive external sharing: 59%
• Compromised credentials or tokens: 58%

Lateral Movement Risks Persist

Once an attacker gains a foothold, they can move freely. Twenty-eight percent point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot across environments and turn minor compromises into major incidents.

The Growing Imperative of Cloud & SOC Must Merge

The gap between detection and resolution is where breaches succeed. Today the cloud and SOC divide is proving too slow in the face of machine-speed threats. Structural fragmentation is clearly visible in response times, while 74% of organizations detect threats within 24 hours, 30% take more than a full day to resolve them. A delay like this is caused by disjointed workflows and isolated data sources between cloud and SOC teams, which stall incident response (IR) for 50% of organizations.

The demand for consolidation shows up across the board:

• 89% of organizations believe cloud security and security operations must fully merge, not just integrate.
• Organizations currently manage an average of 17 tools from five vendors, creating fragmented data and context gaps.
• Consequently, 97% of respondents prioritized consolidating their security footprint to address the chaos of tool sprawl.

The model that worked for lift-and-shift can't contain threats that move at machine speed. Organizations are ready to collapse the distance between teams and tools.

About the Report

The State of Cloud Security Report 2025 draws from over 2,800 security leaders and practitioners across 10 countries and includes breakouts by region, industry and cloud maturity, along with the full incident data and strategic insights we’ve touched on here.

Learn More and Transform to an Agentic-First Platform

To stay ahead of adversaries who use AI to launch attacks at machine speed, human-led defense is no longer sufficient. The report emphasizes that organizations must counter with an equivalent evolution: Agentic security, leveraging autonomous agents to deliver cloud security from code to cloud to SOC.

Download the full State of Cloud Security report to see how today’s leaders are closing the gap and what we recommend.

The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog.

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.

Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity risk detections, and screens 5 billion emails for malware and phishing. Advances in automation and readily available off-the-shelf tools have enabled cybercriminals—even those with limited technical expertise—to expand their operations significantly. The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks. As a result, opportunistic malicious actors now target everyone—big or small—making cybercrime a universal, ever-present threat that spills into our daily lives.

In this environment, organizational leaders must treat cybersecurity as a core strategic priority—not just an IT issue—and build resilience into their technology and operations from the ground up. In our sixth annual Microsoft Digital Defense Report, which covers trends from July 2024 through June 2025, we highlight that legacy security measures are no longer enough; we need modern defenses leveraging AI and strong collaboration across industries and governments to keep pace with the threat. For individuals, simple steps like using strong security tools—especially phishing-resistant multifactor authentication (MFA)—makes a big difference, as MFA can block over 99% of identity-based attacks. Below are some of the key findings.

Critical services are prime targets with a real-world impact

Malicious actors remain focused on attacking critical public services—targets that, when compromised, can have a direct and immediate impact on people’s lives. Hospitals and local governments, for example, are all targets because they store sensitive data or have tight cybersecurity budgets with limited incident response capabilities, often resulting in outdated software. In the past year, cyberattacks on these sectors had real-world consequences, including delayed emergency medical care, disrupted emergency services, canceled school classes, and halted transportation systems.

Ransomware actors in particular focus on these critical sectors because of the targets’ limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fueling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors—particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.

Nation-state actors are expanding operations

While cybercriminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions, expanding their focus on espionage and, in some cases, on financial gain. Geopolitical objectives continue to drive a surge in state-sponsored cyber activity, with a notable expansion in targeting communications, research, and academia.

Key insights:

• China is continuing its broad push across industries to conduct espionage and steal sensitive data. State-affiliated actors are increasingly attacking non-governmental organizations (NGOs) to expand their insights and are using covert networks and vulnerable internet-facing devices to gain entry and avoid detection. They have also become faster at operationalizing newly disclosed vulnerabilities.
• Iran is going after a wider range of targets than ever before, from the Middle East to North America, as part of broadening espionage operations. Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations.
• Russia, while still focused on the war in Ukraine, has expanded its targets. For example, Microsoft has observed Russian state-affiliated actors targeting small businesses in countries supporting Ukraine. In fact, outside of Ukraine, the top ten countries most affected by Russian cyber activity all belong to the North Atlantic Treaty Organization (NATO)—a 25% increase compared to last year. Russian actors may view these smaller companies as possibly less resource-intensive pivot points they can use to access larger organizations. These actors are also increasingly leveraging the cybercriminal ecosystem for their attacks.
• North Korea remains focused on revenue generation and espionage. In a trend that has gained significant attention, thousands of state-affiliated North Korean remote IT workers have applied for jobs with companies around the world, sending their salaries back to the government as remittances. When discovered, some of these workers have turned to extortion as another approach to bringing in money for the regime.

The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors.

2025 saw an escalation in the use of AI by both attackers and defenders

Over the past year, both attackers and defenders harnessed the power of generative AI. Threat actors are using AI to boost their attacks by automating phishing, scaling social engineering, creating synthetic media, finding vulnerabilities faster, and creating malware that can adapt itself. Nation-state actors, too, have continued to incorporate AI into their cyber influence operations. This activity has picked up in the past six months as actors use the technology to make their efforts more advanced, scalable, and targeted.

For defenders, AI is also proving to be a valuable tool. Microsoft, for example, uses AI to spot threats, close detection gaps, catch phishing attempts, and protect vulnerable users. As both the risks and opportunities of AI rapidly evolve, organizations must prioritize securing their AI tools and training their teams. Everyone—from industry to government—must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries.

Adversaries aren’t breaking in; they’re signing in

Amid the growing sophistication of cyber threats, one statistic stands out: more than 97% of identity attacks are password attacks. In the first half of 2025 alone, identity-based attacks surged by 32%. That means the vast majority of malicious sign-in attempts an organization might receive are via large-scale password guessing attempts. Attackers get usernames and passwords (“credentials”) for these bulk attacks largely from credential leaks.

However, credential leaks aren’t the only place where attackers can obtain credentials. This year, we saw a surge in the use of infostealer malware by cybercriminals. Infostealers can secretly gather credentials and information about your online accounts, like browser session tokens, at scale. Cybercriminals can then buy this stolen information on cybercrime forums, making it easy for anyone to access accounts for purposes such as the delivery of ransomware.

Luckily, the solution to identity compromise is simple. The implementation of phishing-resistant multifactor authentication (MFA) can stop over 99% of this type of attack even if the attacker has the correct username and password combination. To target the malicious supply chain, Microsoft’s Digital Crimes Unit (DCU) is fighting back against the cybercriminal use of infostealers. In May, the DCU disrupted the most popular infostealer—Lumma Stealer—alongside the US Department of Justice and Europol.

Moving forward: Cybersecurity is a shared defensive priority

As threat actors grow more sophisticated, persistent, and opportunistic, organizations must stay vigilant, continually updating their defenses and sharing intelligence. Microsoft remains committed to doing its part to strengthen our products and services via our Secure Future Initiative. We also continue to collaborate with others to track threats, alert targeted customers, and share insights with the broader public when appropriate.

However, security is not only a technical challenge but a governance imperative. Defensive measures alone are not enough to deter nation-state adversaries. Governments must build frameworks that signal credible and proportionate consequences for malicious activity that violates international rules. Encouragingly, governments are increasingly attributing cyberattacks to foreign actors and imposing consequences such as indictments and sanctions. This growing transparency and accountability are important steps toward building collective deterrence. As digital transformation accelerates—amplified by the rise of AI—cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action.

The post Extortion and ransomware drive over half of cyberattacks appeared first on Microsoft On the Issues.

Melisa Wachs// The first day of school has started for your school-age kiddos. What better time to run through some of our basic reporting guidelines with y’all? Here is a […]

The post DOs and DON’Ts of Pentest Report Writing appeared first on Black Hills Information Security, Inc..

Mick Douglas // Take look at this chart from last year’s Verizon Data Breach Report.  It shows who notified the breached party when they were attacked. This graph is a […]

The post A Need For A Change – or – Burning Your Money appeared first on Black Hills Information Security, Inc..