The World Economic Forum report underscores the imperative for business leaders to elevate cybersecurity as a top priority. In 2024, cyberattacks have surged to the fifth position among the concerns of both government and private-sector respondents, with 39% identifying it in their top three apprehensions – a recognition well-founded in the face of an ever-evolving cyber threat landscape fuelled by technologies like AI and the consistent threat that targeted phishing attacks pose to businesses and their people.
Proofpoint’s data reveals a growing awareness among global business leaders, with 73% of board members surveyed feeling at risk of a major cyberattack in the next 12 months — a marked increase from the previous year’s 65%. Interestingly, recent research from Proofpoint illustrates similar sentiments are shared by CISOs in the Middle East, with 55% of KSA CISOs and 75% of UAE CISOs admitting they feel at risk of experiencing a material cyber-attack in the next 12 months.
Phishing remains prevalent, with 86 % of UAE organizations falling victim to at least one successful phishing attack in 2022. But while conventional phishing is still effective, threat actors are adopting new tactics, such as telephone-oriented attacks and Adversary-in-the-middle (AitM) phishing proxies, bypassing multifactor authentication. These techniques, once confined to targeted attacks, are now being deployed at scale. Notably, there is a surge in sophisticated, multi-touch phishing campaigns, involving extended conversations across various personas, whether orchestrated by nation-state groups or business email compromise (BEC) actors playing the long game.
AI-generated misinformation is the second-highest concern on the global risk landscape for 2024. The combination of generative AI and cyber threats increases the speed, volume, and credibility of attacks. AI tools empower cybercriminals to create convincing phishing emails, fraudulent phone calls, and fake imagery, eroding trust in social engineering attacks. Instances of AI deceiving high-profile figures have surfaced. Protecting people and defending data will become ever more critical in maintaining the confidentiality, availability, and integrity of the data that governments and private organizations create and access.
As threats evolve, relying solely on human capabilities and legacy controls will prove insufficient to secure against sophisticated attacks. From a defensive standpoint, AI, technology, and people must merge as indispensable components of a robust cybersecurity strategy. AI-based controls will deliver crucial analysis and threat identification at scale, enabling security professionals to minimize attack risks. Notably, their speed and adaptability surpass manual analysis, swiftly responding to new and evolving threats.