The accelerated advancement of artificial intelligence-driven (AI) innovations are feared to be clawing back some of the much-needed gains in the global war against cyberattacks as the chances of cyber criminals using the technology to create complex cyber threats loom.
According to the latest Acronis Cyberthreats Report, regionally, breaches reported in the Kingdom of Saudi Arabia, for example, could reach an average of US$7 million even as the country continues to report one out of five attacks to be Ransomware. This, according to security experts is driven by factors such as weak credentials, phishing emails, and unpatched vulnerabilities remain the top cyber-attacking vectors. In the UAE, targeted organisations lost over US$1.4 million in Ransomware, forcing over 40 percent of them to shut down.
Cyber protection experts from Acronis have warned that AI and machine learning (ML) technologies could pose a big risk to digital ecosystems that are not protected as cybercriminals are likely to take advantage of these new tools to increase the effectiveness of their assault through crafting harder-to-detect attacks. By February 2023 UAE was ranked fifth in Europe, the Middle East, and Africa regarding blocked malware attacks. With 14 percent of all computers protected by Acronis in UAE, at least one malware attack was blocked in the same period.
Speaking on the side-lines of this year’s Gulf Information Security Expo and Conference (GISEC), Ziad Nasr, General Manager for the Middle East at Acronis noted that while AI and ML are phenomenal technologies, there’s a greater need to identify potential loopholes that cybercriminals can exploit to attack businesses.
“AI and ML have emerged as two major digital ecosystem disruptors that can be utilised to enhance business competitiveness and boost productivity within an organisation. However, it’s emerging that these technologies can be used by cybercriminals to create malware or phishing emails, thereby, reducing the barriers to entering the cybercrime space and increasing the frequency of attacks. As part of our GISEC participation this year, our goal is to highlight the need to mainstream these issues and also showcase ready-to-deploy solutions to the current potential cyber threats”, said Nasr.
In line with its GISEC 2023 participation, Acronis will also launch the Acronis Advanced Security + EDR for Acronis Cyber Protect Cloud – a solution that delivers an innovative approach to effective threat detection, containment and remediation by reducing the complexity present in other EDR solutions.
Top 3 industry pain points
As the industry continues to make meaningful strides against cybercrimes, IT departments are likely to face sophisticated challenges in 2023. Some of these include the ever-shifting threat landscape that is making it difficult for security professionals to keep up, the demand for cybersecurity talents, and budget constraints as most organisations may continue to face financial constraints that may limit their ability to invest in the latest cybersecurity technologies and solutions.
Other challenges include third-party risk as many organisations continue to work with third-party vendors, which can introduce additional cybersecurity risks and challenges in meeting compliance requirements can be complex and time-consuming, especially as regulations continue to evolve.
“In light of the emerging challenges, Chief Information Security Officers (CISO) and other IT professionals will now need to prioritise risk management and invest in cybersecurity solutions that can provide effective threat detection and response capabilities”, noted Nasr.
Acronis, which stopped over 100 million cyber-attacks in 2022, also highlighted in its cyber threat report that the average cost of data breaches was expected to reach US$5 million in 2023. Ransomware attacks on the other hand, which continue to be the number-one threat to businesses of all sizes globally, are also projected to cause damages exceeding US $30 billion by 2023.
Expected regional trends
The Middle East trends around cyber threats and malware in 2023 are also largely expected to be driven by AI and ML capabilities as cybercriminals launch more sophisticated attacks. Ultimately, this could lead to a rise in supply chain attacks and also possibly exploit vulnerabilities in third-party vendors and suppliers.
The industry may also experience growing concern around the security of Internet of Things devices, which are becoming more ubiquitous in both homes and businesses. The continued use of ransomware as a primary attack vector, with attackers increasingly targeting high-value targets, is also expected to continue.
“In the wake of heightened AI-driven security threats on enterprises, CISOs are encouraged to work with tried-and-tested cyber protection vendors to help them identify potential loopholes in their IT infrastructure. This strategy will enable them to develop and deploy custom protection and ultimately avoid catastrophic data breaches that could cripple their operations”, noted Nasr.
In the Middle East particularly, there is also expected to be an increased focus on cybersecurity due to the ongoing government initiatives aimed at improving digital transformation and protecting national infrastructure. This is likely to result in increased investment in cybersecurity technologies and personnel and greater collaboration between government and private sector entities.