Reports
The Role of Generative AI in Cyber Security
GenAI and cyber security
AI is the hottest topic in the universe. Pairing AI with cybersecurity opens up vast possibilities and challenges. Many security professionals believe that integrating intelligence into cybersecurity can enhance defenses against sophisticated cyberattacks. However, cybercriminals are also leveraging AI to weaponize their assaults. Check Point partnered with market researchers at Vanson Bourne to examine how security professionals are incorporating Generative AI (GenAI) into their practices. Several key findings from their research are outlined below.
Skills gap
Despite over 70 percent of respondents feeling confident about their organization’s defenses, eighty-nine percent countered their optimism by acknowledging that employing qualified people was challenging. The cyber security skills gap puts a serious damper on how effective organizations can assemble the right defenses against AI-infused cybercrime.
“An overwhelming 89% of IT and security professionals report a significant skills gap, underscoring the urgent need for innovative solutions.”
Surveyed professionals said the skills gap significantly hampers an organization’s ability to conduct efficient security operations. A substantial 98 percent of those affected reported an “impact” on their security operations, with 40 percent citing a “strong impact.”
Enter GenAI
No organization, large or small. can ignore the potential impact of a major cyberattack. As a result, surveyed organizations said they have turned to AI-powered tools to boost cyber security, including incident response, malware protection, and data loss protection. Clearly, AI is etching its role in providing better protection of the digital landscape.
“97-99% of organizations utilize AI-powered tools, with a significant shift towards GenAI for a comprehensive security strategy.”
GenAI benefits
Organizations have embraced GenAI for strategic purposes, with many using it for over a year to bolster cybersecurity against sophisticated threats and improve incident response rates. Across all regions, GenAI tools are recognized for better understanding user behavior and anomalies. However, European respondents showed less agreement on AI’s potential for enhancing efficiency compared to APAC professionals, who indicated GenAI’s role in streamlining security operations and resource allocation.
The skills gap paradox and GenAI
Bridging the Gap: GenAI can be an ally in addressing the skills gap. It offers a way to augment existing capabilities and improve efficiency, especially in sectors with a high demand for cyber security proficiency.
“Gen-AI is instrumental in closing the cyber security skills gap, with 98% of affected organizations recognizing its impact on operational efficiency.”
Industry-specific insights
The impact of GenAI varies across sectors, with particular benefits observed in healthcare and finance. These sectors recognize Gen-AI’s potential to significantly reduce manual work and increase the efficiency of incident response.
To this survey question, “Thinking about GenAI / AI/ML Deep-Learning, to what extent do you agree or disagree with the following statements,” most respondents agreed that AI tools will improve their efficiency, increase their incident response rates, and help close skills gaps in their organizations.
Here are other results:
• GenAI has/can significantly reduce manual work for our security team: Healthcare (32% lower)
• AI/ML Deep Learning has/can greatly increase our efficiency with incident response: Energy, oil/gas, and utilities (36% higher)
• Gen AI has/can significantly increase our catch rate: Finance/banking/investments (35% higher)
• AL/ML Deep Learning has/can help to substantially bridge the cyber security skills gap in my organization (for those experiencing skills gap in cyber security operations): Finance/banking/investments (28% improvement)
Investment and Implementation
The commitment to integrating GenAI into cyber security is strong, with 90 percent of organizations planning to prioritize AI/ML and GenAI tools. This is accompanied by an anticipated increase in budget allocations for GenAI tools.
“90% of organizations prioritize investments in GenAI tools, reflecting a strategic shift towards innovative cyber security solutions.”
GenAI Transformation
While the outlook is optimistic, concerns and challenges do remain. Organizations highlight the importance of keeping AI models updated while being cognizant of the challenges, such as ensuring compliance with data regulations.
The journey towards a GenAI-integrated security landscape will offer security leaders both rewards and challenges. However, it’s clear, GenAI will help transform organizations as cyber security providers incorporate greater intelligence. Embracing GenAI with strategic foresight will pave the way for a more secure and resilient digital future.
Financial Reports
ESET Threat Report: Infostealers using AI & banking malware creating deepfake videos to steal money
ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from December 2023 through May 2024. These past six months painted a dynamic landscape of Android financial threats, malware going after victims’ mobile banking funds – be they in the form of “traditional” banking malware or, more recently, cryptostealers. Infostealing malware can now be found impersonating generative AI tools, and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions. Video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as the RedLine Stealer, which saw several detection spikes in H1 2024 in ESET telemetry.
“GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localized malicious apps. As ESET researchers investigated this malware family, they discovered that an older Android sibling of GoldPickaxe, called GoldDiggerPlus, has also tunneled its way to Latin America and South Africa by actively targeting victims in these regions,” explains Jiří Kropáč, Director of ESET Threat Detection.
In recent months Infostealing malware also began to utilize the impersonation of generative AI tools. In H1 2024, Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims. In another malicious campaign, the Vidar infostealer was lurking behind a supposed Windows desktop app for AI image generator Midjourney – even though Midjourney’s AI model is only accessible via Discord. Since 2023, ESET Research has increasingly seen cybercriminals abusing the AI theme – a trend that is expected to continue.
Gaming enthusiasts who ventured out of the official gaming ecosystem were attacked by infostealers, as some cracked video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as Lumma Stealer and RedLine Stealer. RedLine Stealer saw several detection spikes in H1 2024 in ESET telemetry, caused by campaigns in Spain, Japan, and Germany. Its recent waves were so significant that RedLine Stealer detections in H1 2024 surpassed those from H2 2023 by a third.
Balada Injector, a gang notorious for exploiting WordPress plug-in vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang’s recent campaign. On the ransomware scene, former leading player LockBit was knocked off its pedestal by Operation Chronos, a global disruption conducted by law enforcement in February 2024. Although ESET telemetry recorded two notable LockBit campaigns in H1 2024, these were found to be the result of non-LockBit gangs using the leaked LockBit builder.
The ESET Threat Report features news about recently released deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing – Ebury group, with their malware and botnet. Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.
Financial
Are UAE’s SMEs Confident To Navigate These Challenges And Embrace Opportunities?
Among the headline findings of the report is that the Small & Medium Enterprise (SME) sector in the United Arab Emirates has successfully moved from a stage of resilience to prosperity after the Covid-19 pandemic, with two in three SMEs expressing a positive view of the future business environment in the country. The report found an overall confidence index score of 61 among UAE SMEs – a number based on RFI Global’s analysis of macroeconomic indicators in the UAE, as well as survey responses from over 1,000 SMEs in the country collected between November-December 2023, all of which contributed to the final Index.
IMPORTANT FINDINGS
The report refers to a strong economic forecast for the UAE, with non-oil GDP expected to grow by over 4% in 2024, and overall GDP projected to grow by 5.70% this year. The RAKBANK SME Confidence Index also highlight steady recovery in factors such as hotel occupancy rates close to pre-pandemic levels, which signals a rebound in the tourism sector that is contributing to the general positive outlook among SMEs about their future revenue prospects and the business landscape in the next 12 months. However, the report also talks about the challenges faced by SMEs, including rising labour, operational and other business costs; the impending introduction of corporate tax; and the cost of capital/credit. To navigate these challenges, SMEs need continued support and attention from financial institutions, in addition to the initiatives we are already seeing from government entities, particularly the UAE.
“Small and Medium Enterprises are the backbone of every healthy economy, and this is especially true in the UAE, where SMEs make up 94% of companies and contribute over 50% to the country’s GDP.” – Raheel Ahmed, Chief Executive Officer, RAKBANK
Drawing from a wealth of macroeconomic data and business sentiment analysis, the report suggests that the issuance of new business licenses in Dubai also reflects a strong business environment. Despite challenges posed by fluctuations in Brent oil futures, the overall macroeconomic indicators suggest fertile ground for SME growth and development. While SMEs are proactively embracing innovation and expansion, showing a strong trend towards launching new products/services and bullishness towards customer demand and pricing of products/services, they also displayed one common thread – the critical role of banking support. The need for tailored financial solutions and advisory services is evident in the SME sector. In fact, one of the report’s standout findings is the high level of satisfaction with banking support among almost all the SME sectors.
“RAKBANK has a rich legacy of supporting SMEs, and the launch of our Index in partnership with RFI Global builds upon this legacy, as the UAE’s first SME-specific confidence survey.” – Dhiraj Kunwar, Managing Director, Business Banking, RAKBANK
The RAKBANK SME Confidence Index also offers an in-depth analysis of business sentiment across various industries, with a special focus on Construction & Manufacturing, Transport, Trading, Public Services, Professional Services, and Consumer & Retail Services, with all the sectors again demonstrating strong confidence
The report refers a strong economic forecast for the UAE, with non-oil GDP expected to grow by over 4% in 2024, and overall GDP projected to grow by 5.70% this year.
Reports
2024 State of Security Report from HID: Mobile IDs, MFA and Sustainability Emerge as Top Trends
HID announces its 2024 State of the Security Industry Report, which gathered responses from 2,600 partners, end users, and security and IT personnel worldwide, across a range of job titles and organization sizes representing over 11 industries.
The 2024 State of Security Report delves into the underlying concerns driving upcoming innovations and the technologies that underpin them, helping security leaders to be proactive in adapting to evolving challenges. Conducted in the fall of 2023, this year’s survey reveals six themes, as follows:
- Mobile identity is expected to be ubiquitous in the next five years
Given the widespread use of mobile devices, momentum continues to build around their use in support of identity. Within the next five years, surveyed end users state that nearly 80% of organizations will deploy mobile IDs. Industry partners are even more optimistic in their outlook, stating that 94% of their customers will have deployed mobile IDs.
- Multi-Factor Authentication is widespread, despite slow but growing implementation of Zero Trust
More than 83% of end users respondents said their organization currently uses Multi-Factor Authentication (MFA), mainly due to the vulnerabilities of passwords. For many, this represents the first step on the longer journey toward Zero Trust, an approach to security that calls for organizations to maintain strict access controls and to never trust, always verify anyone – internal or external – by default. Zero Trust has been implemented in 16% of organizations with over 100,000 employees and 14% in those with up to 10,000 employees, according to the survey.
With MFA being widespread, the eventual end of passwords is imminent. The creation of new standards such as FIDO (Fast Identity Online), which uses “standard public key cryptography techniques to provide phishing-resistant authentication,” will pave the path to new and more secure authentication options that will be part of a more robust Zero Trust architecture.
- Sustainability becomes a growing driver in business decisions
Among HID’s survey respondents, sustainability continues to rank high as a business priority, with both end users and partners rating its importance at a “4” on a 1-to-5 scale. Additionally, 74% of end users indicate the importance of sustainability has grown over the past year, and 80% of partners reported the trend growing in importance among their customers.
As such, there will likely be a continued emphasis on solutions that minimize energy use, reduce waste, and optimize resource usage. A shift to cloud-based solutions and increased use of mobile devices are two clear strategies to reach these sustainability goals.
- Biometrics continues its impressive momentum
In this year’s survey, 39% of installers and integrators said their customers are using fingerprint or palm print, and 30% said they’re using facial recognition. The momentum continues to build as 8% plan to test or implement some form of biometrics in the next year and 12% plan to do so in the next three to five years.
- Identity management points up to the cloud
Nearly half of end users are moving to cloud-based identity management, with 24% already using it and another 24% in the process of implementing such systems. Industry partners say their customers face several hurdles here, including existing reliance on legacy/on-prem equipment (28%), lack of budget (24%), and cloud-based identities simply not being a business priority (21%).
- The rise of artificial intelligence for analytics use cases
Conversations about AI have come to dominate the business landscape, and many security professionals see AI’s analytic capabilities as the low-hanging fruit to enhance identity management. Rather than looking to AI to inform the entirety of the security system, it’s possible to leverage data analytics as a way to operationalize AI in support of immediate outcomes. In this scenario, 35% of end users reported they will be testing or implementing some AI capability in the next three to five years, with 15% already using AI-enabled biometrics.
-
Tech Interviews4 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Features1 month ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech Features5 months ago
How Telecommunications Providers Can Best Tackle DDoS Attacks
-
Automotive4 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News6 months ago
Google Appoints Ziad Jammal as Google Cloud Country Manager in the United Arab Emirates
-
Tech Features2 weeks ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Tech News7 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech News4 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign