Source: Engdao Wichitpunya via Alamy Stock Photo
For the United Arab Emirates (UAE), an aggressive push for a more digitized economy attracted plenty of interest and subsequent investment — but also made it a prime candidate for relentless cyberattacks.
With nearly 50,000 cyberattacks reportedly thwarted daily, the UAE has spent the last year strengthening its digital borders and tapping into key partnerships to remain one step ahead of attackers.
Hitting the Banks
The financial sector is a prime candidate for cyberattacks all over the world, and in 2023 the UAE reached out to other countries to help bolster its defenses in this sector. In particular, its partnership with the US Treasury Department allows the two countries to share the latest cybersecurity threats affecting the financial services sector and develop a contingency plan accordingly.
Similar security partnerships with Morocco and Chad have also been established, further strengthening digital ties between the countries. Dubai, in particular, has ambitious plans to become the global leader in artificial intelligence (AI) by 2031 — a feat that brings with it plenty of opportunities and digital risks.
But security is something that the UAE has prioritized, with a strong push to have effective policies and systems in place to minimize cyberattacks. Dr. Mohamed Al Kuwaiti, head of cybersecurity for the UAE Government, was a leading voice in advocating for more skilled cybersecurity talent in the country, especially in the field of AI. In a white paper published with CPX Holding, Al Kuwaiti highlighted the dramatic growth that AI experienced in 2023, and how AI is poised to be a pivotal tool for — both defense and attacks — in the country's security landscape.
Transformative Technologies
In fact, AI has been a hot topic this year for various countries in the Middle East, with generative AI (GenAI) in particular holding the most promise. The GenAI industry is expected to be around $23.5 billion annually by 2030 in the Arab Gulf region, according to Strategy&, while research by Gartner found 45% of executives are testing GenAI.
With that kind of financial outlook on the line, countries are aggressively moving forward with AI projects across a variety of uses, from data analysis and threat detection to customer service. Sujoy Banerjee, associate director of ManageEngine, echoes the importance of AI in the region, and how the UAE was one of the first to realize its true potential.
"2023 has been a transformative year in the UAE, with emerging technologies such as AI and ML finding feet and taking charge especially from the cybersecurity front," Banerjee says. "Businesses in the Middle East have recognized its value and need to adopt such emergent technologies in order to unlock their business potential, which also help enhance their productivity, security, efficiency, competitive edge, as well as meet the evolving needs of the customer."
The takeaway from 2023 for the UAE is that with the adoption of AI, there are equal amounts of risk and return. Cybercriminals are increasingly using AI tools for spoofing methods, generating phishing emails that mimic relatives, friends, or colleagues in order to steal information.
Chester Wisniewski, director global field CTO at Sophos, says that 2024's threat landscape will look a lot like 2023 but with hackers gaining more efficient ways to breach into networks, either by exploiting zero-day vulnerabilities or using stolen credentials to gain access to victims' networks.
Experts say while AI adoption is a good talking point for the UAE in 2024, the country still needs to address a persistent technology gap that exists in many organizations. Whether stemming from outdated legacy systems that are still in operation or a lack of skilled professionals who are well-versed in newer technologies, most organizations could have avoided a critical cyberattack if these were addressed.
Trellix's "Mind of the CISO: Behind the Breach" report shows the harm this technology gap can cause — nearly 64% of respondents in the UAE said that an attack was missed either due to a lack of resources or the lack of skills to deal with a complex incident in a timely manner.