Middle East's Cybersecurity state in the age of AI
Cyber threats are becoming a serious concern as the world rapidly adopts new technologies and generative AI in the workplaces. In the Middle East, 93 per cent of security leaders have confirmed using public gen-AI in their organisations. While, 91 per cent of them used it for cybersecurity operations only, an alarming 65 per cent admitted to not having a clear understanding of the implications of gen AI. Additionally, 34 per cent revealed that they do not have a gen-AI policy in place, according to a report by Splunk.
The organisations revealed that they have significant budgets, resources, authority, and are well-positioned to embrace cutting-edge gen AI tools. However, for some organisations, 'effective cybersecurity programmes' are still a work in progress as their teams are 'heavily' adopting these technologies for work.
In addition to these findings, the report 'State of Security 2024: The Race to Harness AI,' which covered 1,650 cybersecurity leaders globally (including those in the Middle East), revealed concerning insights on cybersecurity defenders racing against adversaries attempting to harness generative AI. The report says 44 per cent security leaders, generative AI is among top priority this year, even before cloud security. But, when it comes to taking advantage of gen AI, 45 per cent of the security leaders are concerned that cyberthreat actors or malicious actors will have the upper hand with Gen AI, while 43% believe that it will give an advantage to cybersecurity defenders.
Patrick Coughlin, SVP, Global Technical Sales, Splunk said, “We are in an AI gold rush, with bad actors and security professionals both trying to seize the advantage. The introduction of Gen AI creates new opportunities for organisations to streamline processes, increase productivity, and limit staff burnout. Unfortunately, Gen AI also presents unprecedented advantages for threat actors. To combat this new threat landscape, defenders must outpace threat actors in the race to harness and securely deploy the power of Gen AI.”
Another Cisco report revealed that 91 percent of organisations in the UAE are integrating AI into their security systems, including threat detection, attack response, and recovery. Titled 'The 2024 Cisco Cybersecurity Readiness Index,' the report covered over 8,000 private sector security and business leaders across 30 global markets, including the UAE.
The report underlined that in today’s rapidly evolving cyberthreat environment, from phishing and ransomware to supply chain and social engineering attacks, companies are actively fortifying their cyber threat defence systems. However, the complexity of their security postures becomes a challenge in effectively defending against these threats.
In addition to this, workplaces today where people work in different arrangements, and use various technologies, keeping data safe becomes much tougher. In essence, Data isn't just in one place anymore; it's spread across many services, devices, apps, and people, making it harder to protect. Despite these complexities, 87 per cent of UAE organisations still feel reasonably confident in their ability to defend against cyberattacks using their existing infrastructure, highlighting their proactive approach in dealing with evolving cyberthreats and tackling new challenges directly.
To tackle the challenges posed by today's threat landscape, organisations need to expedite substantial investments in security. This includes embracing innovative security measures and adopting a security platform approach. Additionally, they should prioritise strengthening network resilience, leveraging generative AI effectively, and increasing recruitment efforts to address the cybersecurity skills gap. These proactive steps are essential for enhancing cybersecurity posture and mitigating emerging threats.
#1 Improving preparedness for cyberthreats
Integrating AI into frontline defences has become crucial for cybersecurity readiness. When it comes to securing networks, 52 per cent organisations have not yet fully incorporated AI into their security solutions. However, those that have often use AI in firewalls or segmentation to enhance network protection.
In the UAE, 85 per cent of security leaders foresee a cybersecurity incident disrupting their business within the next two years. Highlighting the repercussions of being unprepared, 65 per cent of them said to have already faced a cybersecurity incident in the past year. Among those affected, 52 per cent reported costs of at least US$300,000 due to these threats.
Furthermore, 82 per cent of respondents noted that employing multiple cybersecurity point solutions was ineffective, hampering their team's efficiency in detecting, responding to, and recovering from incidents. This poses a significant challenge, especially considering that 78 per cent of UAE organisations admitted to implementing ten or more point solutions in their security setups, with 26 per cent even acknowledging having 30 or more. Given the visible impacts of cyberattacks, preparedness must be a top priority for all organisations, and the pace of solution deployment needs to be intensified even more.
AI has also supported organisations in strengthening identity intelligence solutions, but many have not fully deployed AI in verifying and securing identity. In this area, significant AI deployment is mostly observed in posture assessments, monitoring passwordless authentication, and creating real-time, risk-based access policies.
You may also like:
- AI evolution in the Middle East workplaces: How prepared are talent and HR? Insights from Lars Gehrmann
- Why must you think about these uncomfortable realities before leading HR transformation?
- AI-powered HR: Transforming HR practices for the future workplace
Managing and protecting machines is another crucial area where organisations could use more AI support. Commonly the organisations use AI in the machine authentication and integrity (BIOS). Additionally, built-in protections like firewalls and endpoint protection tools are popular areas for major AI deployments. With cloud security a top concern for many cybersecurity leaders, there's room to enhance cybersecurity defences with AI.
Organisations need to Immediately evaluate and address vulnerabilities stemming from unmanaged devices and insecure Wi-Fi networks. They need to stay updated on the latest advancements in Generative AI technology and utilise them to strengthen security programs and operational resilience. Furthermore, create a baseline for ‘security readiness’, and consistently monitor and take action where necessary to maintain or improve readiness.
#2 Filling the talent gap in cybersecurity roles
Hiring talent for cybersecurity roles has been a significant challenge for organisations, particularly hiring young talent. A striking 90 per cent of organisations in the UAE identify talent shortage as a significant challenge, with 51 per cent of them reporting having over ten unfilled cybersecurity roles in the past year. Notably, 95 per cent of them plan to incorporate AI technologies into their cybersecurity frameworks to address more than 10 per cent of these vacant cybersecurity roles. This proactive stance demonstrates a commitment to mitigating talent shortages and embracing innovative solutions.
- In terms of hiring challenges, 86 per cent of cybersecurity leaders believe that Gen AI can assist in hiring more skilled talent and bridging the skills gap. Additionally, 58 per cent of them feel it will expedite the onboarding process.
- Moreover, 90 per cent of these leaders are confident that Gen AI will be effective in developing skills, while 65 per cent believe it will enhance productivity for experienced cybersecurity professionals.
However, retaining talent in these roles is challenging, as stricter compliance requirements are raising the stakes, especially for security leaders who might be held personally responsible for any violations. This emphasises the need for increased vigilance and accountability in the security sector. Many professionals feel the weight of personal liability, with 76 per cent saying it's made cybersecurity a less appealing career choice, and 70 per cent have considered leaving due to job-related stress. Additionally, 62 per cent have already felt the impact of stricter compliance mandates, which often require disclosing significant breaches. Furthermore, 86% of security pros say they'll prioritise meeting compliance regulations over security best practices when allocating budgets. Looking ahead, a majority 63 per cent expects organisations to become more risk-averse, likely leading to overreporting of breaches to avoid penalties.
Organisations need to Increase efforts to recruit and train existing staff to address cybersecurity skill shortages. Whenever feasible, utilise advancements in AI to enhance and automate tasks, while also seeking external cybersecurity expertise to address critical gaps in building and managing cybersecurity infrastructure.
#3 Increasing investments in cybersecurity
The increasing complexity, size, and frequency of cybersecurity threats are surpassing the protective measures adopted by many companies. Deployment of solutions isn't happening as rapidly as required, leaving some organisations susceptible to attacks. UAE organisations are cognizant of the challenges and are intensifying their defences, with 68 per cent of them intend to make significant upgrades to their IT infrastructure within the next two years. Notably, 66 per cent of them plan to enhance existing solutions, 54 per cent of them will introduce new solutions, and 54 per cent of them will integrate AI-driven technologies. Moreover, 91 per cent of them plan to augment their cybersecurity budget by a significant increase of 10% or more.
Organisations need to keep investing in protective cybersecurity measures across all aspects. This includes embracing a platform approach to ensure that all solutions in the security stack can be utilised to their fullest potential.
Fady Younes, Managing Director for Cybersecurity at Cisco in the Middle East and Africa said, "As our digital landscape continues to evolve rapidly, the importance of proactive cybersecurity measures cannot be overstated. It is essential that organisations prioritise cybersecurity investments and embrace innovative solutions to effectively mitigate risks. By fostering a culture of cyber resilience, UAE organisations can navigate the digital landscape with confidence, while safeguarding their operations against emerging threats.