Alarm Over GenAI Risk Fuels Security Spending in Middle East & Africa

10 months ago 44
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Android head looking at computer screen with security shield

Source: Summit Art via Shutterstock

Fast-track adoption of generative artificial intelligence (GenAI) is driving organizations in the Middle East and Africa to ramp up data privacy and cloud security protections in an attempt to head off the most worrying aspects of the AI technology.

The good news for security teams: Concerns about GenAI are driving growth in budgets, with expected increases of 24% and 17% on spending for data privacy and cloud security, respectively, compared with 2023, Gartner stated in a recent analysis.

The bad news: The landscape of potential threats posed by AI is largely unexplored, and companies are still establishing strategies for tackling its disruptive effects on businesses. Recent dangers include employees leaking intellectual property through chatbots, attackers refining their social engineering, and AI "hallucinations" causing unexpected business impacts. 

Overall, unauthorized usage by workers poses operational risks, while attackers' adoption of the technology means a likely increase to their base technical capabilities and improved social engineering attacks, says Nader Henein, vice president analyst at Gartner, which covered the Middle East and North Africa (MENA) in its study.

"With an LLM scraping LinkedIn, every phishing attack becomes a targeted and unique spear-phishing undertaking [and] what was previously reserved for high-value targets now becomes the norm," he says. "AI is four decades old, but LLMs and generative capabilities are new and within reach. To say that we have a handle around all the potential risks is hubris."

Microsoft Exposes GenAI Abuse

Concerns over the business impact of generative AI is certainly not limited to the Middle East and Africa. Microsoft and OpenAI warned last week that the two companies had detected nation-state attackers from China, Iran, North Korea, and Russia using the companies' GenAI services to improve attacks by automating reconnaissance, answering queries about targeted systems, and improving the messages and lures used in social engineering attacks, among other tactics. And in the workplace, three-quarters of cybersecurity and IT professionals believe that GenAI is being used by workers, with or without authorization.

The obvious security risks are not dampening enthusiasm for GenAI and LLMs. Nearly a third of organizations worldwide already have a pilot program in place to explore the use of GenAI in their business, with 22% already using the tools and 17% implementing them. 

"[W]ith a bit of upfront technical effort, this risk can be minimized by thinking through specific use cases for enabling access to generative AI applications while looking at the risk based on where data flows," Teresa Tung, cloud-first chief technologist at Accenture, stated in a 2023 analysis of the top generative AI threats. "'Trust by design' is a critical step in building and operating successful systems," she added.

Data Privacy Roots

For organizations in the Middle East and Africa, worries over the adoption of generative AI — as well as updated data protection laws — are the biggest drivers of increases in data-protection budgets, while cloud adoption is driving the need to protect businesses' cloud services, according to Gartner's forecast.

Overall, companies and government agencies in the MENA region are expected to spend $3.3 billion on security and risk management this year — a jump of 12% from 2023, says Shailendra Upadhyay, senior principal analyst at Gartner.

"Due to the implementation of data protection laws for handling 'personal data' that involves identifiable [or] identified individuals, companies in the MENA region will be required to maintain a higher level of data privacy and cybersecurity hygiene in 2024," he says.

Next in line is cloud security spending, with a rise in IaaS, PaaS, and SaaS adoption and the need to buy cloud security tools, Upadhyay adds.

GenAI worries extend across the two segments, with data security the top concern among businesses implementing it, and with cloud infrastructure typically delivering GenAI services.

GenAI for Cybersecurity

Overall adoption of AI technologies in the Gulf Cooperative Council (GCC) region exceeds other places in the world, including the US and Europe. The application of the technology, however, is mostly uneven.

Some 62% of organizations use AI in at least one business function — compared with 58% in North America and 47% in Europe — but most are only using it for marketing and sales or service operations, according to consulting firm McKinsey.

"[C]ompanies that are now deploying AI have barely scratched the surface of what it can deliver," McKinsey stated in its 2023 report on the state of AI in GCC countries.

Similarly, organizations in the Middle East and North Africa are still in the early days of their cloud journey.

Relatively expensive Internet service, a lack of connectivity in many regions, and regulatory uncertainty around cloud have led to lagging demand, according to a second McKinsey analysis. Yet the situation is evolving quickly: Governments there are funding emerging, knowledge-based economies and creating new data-security regulations to match those rules in other parts of the world.

Meanwhile, GenAI can be part of the security solution as well: Cybersecurity firms are adding intelligence and machine learning (AI/ML) to their products as a way to reduce the workloads on already overworked teams. 

McKinsey recommends three criteria for AI adoption: a clearly defined AI strategy, a team of AI-skilled workers, and a process in place for rapid AI adoption and scale. Currently, however, less than 30% of GCC companies have accomplished each of those three criteria, the firm stated in its report.

Read Entire Article