Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas Technologies discusses key predictions for the year 2024, notably the anticipated rise of end-to-end AI-powered autonomous ransomware attacks and a shift towards targeted cell-level data corruption.
UAE businesses are at the forefront of adopting emerging technologies such as Artificial Intelligence (AI), to bolster cyber resiliency, according to our research. This is testament to the UAE government’s commitment to making Dubai the digital economy capital of the world and the global leader in AI by 2031, backed by the UAE Digital Economy Strategy and the UAE Strategy for Artificial Intelligence. At the same time, AI is advancing at a rate faster than many organisations can keep up with. It is also being rapidly exploited by cybercriminals to increase the frequency and sophistication of new forms of attack.
With a heightened emphasis on investment in talent and technology, UAE businesses are expressing confidence in their ability to maintain security. However, over half (57%) still perceive themselves as ‘at risk’ amid growing data security threats. In a world filled with escalating external threats and risks, vigilance and strategic investments are crucial for ensuring a resilient future. With that, here are some of the key trends we foresee in the year ahead.
- The rise of end-to-end AI-powered autonomous ransomware attacks will create new cybersecurity challenges for businesses: In the past two years, 73% of UAE organisations that we surveyed fell victim to successful ransomware attacks where hackers breached their systems. Cyberattacks will only continue to rise in frequency and sophistication as threat actors continue to exploit advances in AI. Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are more convincing than those we’ve previously become wise to. In 2024, cybercriminals will fully embrace AI, initiating the era of autonomous ransomware attacks. These attacks will commence with robocall-like automation and progress to AI-driven target identification, breach execution, victim extortion, and ransom collection, all achieved with remarkable efficiency and minimal human interaction.
- Ransomware will evolve with targeted cell-level data corruption attacks: Data protection budgets in the UAE have increased by a third over the last 12 months, and the average UAE company also added around 15 staff members to its data protection and security teams. As organisations become better prepared to recover from ransomware attacks without paying ransoms, cybercriminals will be forced to continue evolving. In 2024, we expect hackers to turn to targeted cell-level data corruption attacks—code secretly implanted deep within a victim’s database that lies in wait to covertly alter or corrupt specific but undisclosed data if the target refuses to pay a ransom. The real danger is that victims will not know what data, if any, has been altered or corrupted until after the repercussions set in, effectively rendering all their data untrustworthy. The only solution is maintaining secure, verified copies of data that organisations are 100% certain are uncorrupted and can be rapidly restored.
- Autonomous data protection will combat hackers with no intervention required from organisations: According to our research, more than three-quarters (77%) of UAE organisations are turning to AI to boost their cyber resiliency. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether organisations’ AI-powered protection can evolve faster than hackers’ AI-powered attacks. In 2024, a significant aspect of this evolution will be the emergence of AI-driven autonomous adaptive data protection. AI tools will be able to continuously monitor for changes in behavioural patterns to see if users might have been compromised. If the AI detects suspicious activity, it can alert the Security Operation Center (SOC), and it can initiate automated recovery processes to take immediate action to isolate backups with malware, ultimately minimising the impact of a successful attack.
- Generative AI-focused data compliance regulations will be formed: For all its potential use cases, AI can pose huge risks to businesses due to its security vulnerabilities. Organisations who fail to put proper guardrails in place to stop employees from potentially breaching existing privacy regulations through the inappropriate use of generative AI tools are likely to face significant consequences. Over the past 12 months, our research revealed that 43% of organisations in the UAE have been penalised for compliance breaches, with an average fine of $178,000. Many regulatory bodies are currently focused on how existing data privacy laws apply to generative AI. However, as the technology continues to evolve, legislation created specifically for generative AI will be created in 2024, that will apply rules directly to these tools and the data used to train them.
The year ahead will be pivotal time for organisations. Advances in AI technologies will open doors that were previously considered unimaginable; at the same time, they will enable the cyber threat landscape to evolve into new realms. Those who embrace emerging technologies to drive innovation and strengthen their security posture whilst building policies and guardrails for compliant usage, are the ones who will flourish in 2024.