Hesham Fayed, Managing Director for Middle East & Africa at DXC Technology explores the role of AI, the critical need for cybersecurity talent, and strategies for protecting both critical infrastructure and our increasingly interconnected personal devices.
As Cybersecurity Awareness Month comes to a close, it has been an opportunity for public and private organizations in the region to take stock of their cybersecurity goals, measure their progress, and be prepared for what lies ahead. Spending on security products and services in the Middle East and Africa (MEA) is already expected to grow by over 10% year on year in 2024 reaching $6.2 billion, according to IDC projections.
Fayed also highlights five significant ways that organizations in the region are transforming their security programs to defend against cyber threats.
AI rising as a key player in the fight against cybercrime
In the battle against cyber threats, AI offers significant benefits due to its ability to process vast amounts of data, identify patterns and detect signs of an attempted attack. It’s also a useful tool for detecting malicious activity in a system or network, and spotting anomalies or suspicious behaviors.
But while the cybersecurity industry is focused on how to use AI to stop bad actors, cybercriminals often use AI itself to increase the speed, scale, and intensity of their attacks. For example, phishing emails have evolved from simple deceptive emails to ones that have become more advanced, harder to spot, and significantly more dangerous. Attackers are also successful at using deepfakes to perpetrate fraud or manipulate an audience into action.
One recent Cisco study highlights a significant surge in the use of AI technologies in cybersecurity strategies, with 91% of companies surveyed in the UAE integrating AI in their security defenses. As AI adoption continues to swell in the region, it is imperative that organizations create automated AI-based security controls and response mechanisms to react faster and more accurately to cyberattacks, reducing possible downtime and protecting personal and business-critical data.
Cyber, cyber everywhere
In the region, people are more connected to their phones, apps, and social channels than ever before. This has increased the opportunities for attackers to gain attention and potentially target people for online fraud or abuse. This can have devastating consequences for organizations if proper cyber awareness isn’t applied. The uptick in cybersecurity incidents has coincided with the shift to remote working as criminals seek to take advantage of the increased attack surface available to target. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.
For years, the industry has looked to control Shadow IT devices and systems in the workplace that are connected to networks without permission. Now, it is faced with Shadow AI (the use of AI systems and tools within an organization without formal approval or oversight), which is a growing problem and has real consequences around the confidentiality of our data.
Attacks targeting critical infrastructure–and our homes
When the lights go out or the gas is cut, most people are unlikely to think it’s the result of an industrial cybersecurity breach. But this operational technology (OT) is an emerging battleground for cyberattacks, with the systems that control and automate factories and critical civil infrastructure becoming a target.
With threat actors bent on doing damage to society, organizations must be ready to respond to these kinds of incidents and recover from them while minimizing loss. This year, OT cyber threats will likely continue to grow, putting pressure on industries to ensure they stay one step ahead by baking in cybersecurity protection across their operations.
Broadening the talent pool
As organizations confront the complexities of escalating cyber threats, they need people with the right skills to protect their data and systems. The cybersecurity skills gap is widening both locally and around the world, leaving many organizations vulnerable to increasing cyber threats.
The lack of qualified professionals is largely due to how quickly the cybersecurity industry and cyber threats have evolved. One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training. This can include candidates who might not have the specialized skills required but come with analytical potential, problem-solving skills, and technical promise. By also providing proper training to existing employees, organizations can empower them with career mobility and to become the first line of defense against potential threats.
In addition, AI and machine learning can work as a force multiplier for smaller security teams, which gives organizations a better chance against the newest strains of malware. This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts and enabling security teams to focus their attention on higher-value tasks.