Hesham Fayed, Managing Director for Middle East and Africa at DXC Technology, discusses how public and private organisations in the Middle East can take stock of their cybersecurity goals, measure their progress and be prepared for what lies ahead.
Cybersecurity Awareness Month was an opportunity for public and private organisations in the region to take stock of their cybersecurity goals, measure their progress and be prepared for what lies ahead.
Spending on security products and services in the Middle East and Africa (MEA) is already expected to grow by over 10% year on year in 2024 reaching US$6.2 billion, according to IDC projections.
Hesham Fayed, Managing Director for Middle East & Africa at DXC Technology, highlights five significant ways that organisations in the region are transforming their security programmes to defend against cyberthreats.
1. AI rising as a key player in the fight against cybercrime
In the battle against cyberthreats, AI offers significant benefits due to its ability to process vast amounts of data, identify patterns and detect signs of an attempted attack. It’s also a useful tool for detecting malicious activity in a system or network, and spotting anomalies or suspicious behaviours.
But while the cybersecurity industry is focused on how to use AI to stop bad actors, cybercriminals often use AI itself to increase the speed, scale and intensity of their attacks. For example, phishing emails have evolved from simple deceptive emails to ones that have become more advanced, harder to spot and significantly more dangerous. Attackers are also successful at using deepfakes to perpetrate fraud or manipulate an audience into action.
One recent Cisco study highlights a significant surge in the use of AI technologies in cybersecurity strategies, with 91% of companies surveyed in the UAE integrating AI in their security defences. As AI adoption continues to swell in the region, it is imperative that organisations create automated AI-based security controls and response mechanisms to react faster and more accurately to cyberattacks, reducing possible downtime and protecting personal and business-critical data.
2. Cyber, cyber everywhere
In the region, people are more connected to their phones, apps, and social channels than ever before. This has increased the opportunities for attackers to gain attention and potentially target people for online fraud or abuse. This can have devastating consequences for organisations if proper cyberawareness isn’t applied.
The uptick in cybersecurity incidents has coincided with the shift to remote working as criminals seek to take advantage of the increased attack surface available to target. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.
For years, the industry has looked to control Shadow IT devices and systems in the workplace that are connected to networks without permission. Now, it is faced with Shadow AI (the use of AI systems and tools within an organisation without formal approval or oversight), which is a growing problem and has real consequences around the confidentiality of our data.
3. Attacks targeting critical infrastructure – and our homes
When the lights go out or the gas is cut, most people are unlikely to think it’s the result of an industrial cybersecurity breach. But this operational technology (OT) is an emerging battleground for cyberattacks, with the systems that control and automate factories and critical civil infrastructure becoming a target.
With threat actors bent on doing damage to society, organisations must be ready to respond to these kinds of incidents and recover from them while minimising loss. This year, OT cyber threats will likely continue to grow, putting pressure on industries to ensure they stay one step ahead by baking in cybersecurity protection across their operations.
4. Broadening the talent pool
As organisations confront the complexities of escalating cyberthreats, they need people with the right skills to protect their data and systems. The cybersecurity skills gap is widening both locally and around the world, leaving many organisations vulnerable to increasing cyberthreats.
The lack of qualified professionals is largely due to how quickly the cybersecurity industry and cyberthreats have evolved. One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training.
This can include candidates who might not have the specialised skills required but come with analytical potential, problem-solving skills and technical promise. By also providing proper training to existing employees, organisations can empower them with career mobility and to become the first line of defence against potential threats.
In addition, AI and Machine Learning can work as a force multiplier for smaller security teams, which gives organisations a better chance against the newest strains of malware. This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts and enabling security teams to focus their attention on higher-value tasks.
