It was around three and a half decades ago that the world experienced its first major security attack. The Morris Worm shut down 10 percent of the internet in just 24 hours, sending unsuspecting businesses into a flat tailspin. And so it was that the very first Computer Emergency Response Team was born, marking an important milestone in modern cybersecurity. Looking back, it’s fascinating to see how far incident response has come – especially as we stand on the cusp of another tidal shift in the tech landscape. With the revolutionary capabilities of AI under the spotlight, the future of cybersecurity is a key topic of conversation – especially for businesses in the Middle East which are often early adopters of new technology.
As a new era in cybersecurity unfolds, these four key trends will help shape the security discourse in the region.
Ransomware is becoming more sophisticated
While the Middle East and Africa have always been prime targets for malware and ransomware attacks, these occurrences are increasing in number and sophistication. In fact, recent Microsoft-IDC research into the region’s security landscape shows that the growing number of ransomware attacks is the top security challenge faced by organizations in the UAE and Qatar. It’s hardly surprising given 40 percent of UAE-based organizations impacted by ransomware were forced to shut down last year, losing a total of $1.4 million.
Moving forward hackers will continue to use these tried and tested techniques but will also make use of AI to enhance the speed and accuracy of attacks.
Smarter workplaces provide hackers with new entry ways to networks
Over the past few years organizations across the region have made significant changes to their cybersecurity strategy to accommodate the growing number of remote users needing access to mission critical data and applications. The Microsoft-IDC research reveals they’re placing the bulk of their focus on endpoint security and access management solutions.
But while IT teams have been preoccupied by remote work, largely perceiving ransomware as an IT-focused threat, these attacks have become more prevalent in operational technology (OT) environments – including everything from industrial equipment to HVAC controllers and elevators.
During 2022, Microsoft’s threat intelligence revealed an increase in threats exploiting OT controllers and IoT devices like routers and cameras, driven largely by the growing interconnectivity among organizations in the region. In fact, the year the world shifted to remote work, 91 percent of Middle East IT organizations saw a rise in connected devices on their company’s network.
And as it becomes easier for attackers to make use of malicious software targeting OT systems, so they can come up with more varied ways of mounting large-scale attacks.
The IT world is increasingly being brought together with the OT world, introducing new and severe risks as attackers are now able to jump between formerly physically isolated systems. Suddenly everything from cameras to smart conference rooms are providing hackers with new entryways into workspaces and other IT systems.
AI is becoming more mainstream
The good news, however, is that AI and machine learning are arriving in technology’s mainstream. The Microsoft-IDC research shows that around 51 percent of companies in Qatar, 48 percent in the UAE and 39 percent in South Africa, plan to address security concerns by improving the automation of processes and integration of technologies.
And while there’s long been a perception that attackers – even those using age-old techniques – have the advantage of surprise, AI can swing the agility pendulum back in favour of defenders.
Al empowers defenders to see, classify and contextualize much more information, much faster than even large teams of security professionals can collectively analyse. Its radical capabilities and speed give defenders the ability to deny attackers their agility advantage.
The growing skills gap will become less challenging
AI also enables human defenders to operate more quickly and efficiently than before. This is key for IT teams across the region, given the growing skills gap among security professionals. Around 74 percent of businesses in the UAE, 75 percent in Qatar and 53 percent in South Africa identified upskilling as a vital step to increase the level of security in their organization, according to the Microsoft-IDC research.
The more teams can tap AI to provide clear views of cyberthreats, the more they can open the door for entry-level talent while also freeing highly skilled defenders to focus on bigger challenges.
Finally, AI is a new area for defenders – most businesses in the region are still in early stage pilots. And as organizations increasingly develop new AI systems, there’s a need for them to understand how these systems can be attacked, and how attackers can leverage AI systems to carry out attacks. This is where innovative new tools like Microsoft Counterfit will play a pivotal role in helping security teams conduct AI security risk assessments and think through such attacks.
Though Al won’t be the silver bullet that solves security in 2023, it is the turning point for rapid acceleration in protecting against bad actors. Businesses simply cannot afford to underestimate the way AI innovation over the next few years will impact the security industry in the Middle East and Africa.