The rapid adoption of genetic artificial intelligence (GenAI) is driving organizations in the Middle East and Africa to strengthen data privacy and cloud security in an effort to prevent the most worrisome aspects of AI technology.
The good news for security teams: Concerns about GenAI are driving budget growth, with expected increases of 24% and 17% in spending on data privacy and cloud security, respectively, compared to 2023. Gartner said in a recent analysis.
The bad news: The landscape of potential threats posed by AI is largely unexplored, and companies are still developing strategies to address its disruptive business impact. Recent risks include intellectual property leakage by employees via chatbots, attackers perfecting their social engineering, and AI “hallucinations” that cause unexpected business impacts.
Overall, unauthorized use by employees poses operational risks, while the adoption of technology by attackers means a potential increase in their basic technical capabilities and improved social engineering attacks, says Nader Henein, vice president analyst at Gartner, who covered the Middle East and North Africa. (ME) in her study.
“With an LLM scraping LinkedIn, every phishing attack becomes a targeted and unique spear-phishing operation [and] what was previously reserved for high-value targets is now becoming the norm,” he says. “Artificial intelligence is four decades old, but LLMs and manufacturing capabilities are new and achievable. To say we have a handle on all potential dangers is hubris.”
Microsoft Reveals GenAI Abuse
Concerns about the business impact of genetic AI are certainly not limited to the Middle East and Africa. Microsoft and OpenAI warned last week that the two companies had identified attacker nation-states from China, Iran, North Korea and Russia using the companies’ GenAI services to improve attacks by automating reconnaissance, answering queries about targeted systems, and improving the messages and lures used in social engineering attacks, among other tactics. And in the workplace, three-quarters of cybersecurity and IT professionals believe that GenAI is used by workerswith or without authorization.
Obvious security risks are not dampening enthusiasm for GenAIs and LLMs. Almost a third of organizations worldwide there is already a pilot program to explore the use of GenAI in their business, with 22% already using the tools and 17% implementing them.
“[W]With little upfront technical effort, this risk can be minimized by looking at specific use cases to allow access to production AI applications, while looking at risk based on where the data is flowing,” said Teresa Tung, cloud-first chief technologist at Accenture. in a 2023 analysis of the top genetic AI threats. “Trust by design is a critical step in building and operating successful systems,” he added.
Roots of data privacy
For organizations in the Middle East and Africa, concerns about the adoption of genetic artificial intelligence – as well as updated data protection laws – are the biggest drivers of increasing data protection budgets, while cloud adoption drives the need to protect enterprise cloud services, according to Gartner’s forecast.
Overall, companies and government agencies in MENA The region is expected to spend $3.3 billion on security and risk management this year — a 12 percent jump from 2023, says Shailendra Upadhyay, senior principal analyst at Gartner.
“Due to the application of data protection legislation to the handling of ‘personal data’ which includes identifiable [or] Recognized individuals, companies in the Middle East and Middle East region should maintain a higher level of data privacy hygiene and cyber security in 2024,” he says.
Next in line is cloud security spending, with increased adoption of IaaS, PaaS and SaaS and the need to purchase cloud security tools, adds Upadhyay.
GenAI’s concerns span both segments, with data security a top concern among businesses that implement it and the cloud infrastructure that typically provides GenAI services.
GenAI for Cybersecurity
The overall adoption of AI technologies in the Gulf Co-operative Council (GCC) region exceeds other parts of the world, including the US and Europe. Technology implementation, however, is mostly uneven.
Some 62% of organizations use AI in at least one business function – compared to 58% in North America and 47% in Europe – but most only use it for marketing and sales or services, according to consultancy McKinsey .
“[C]Companies developing AI now have only scratched the surface of what it can offer,” McKinsey said. 2023 Report on the state of artificial intelligence in the GCC countries.
Similarly, organizations in the Middle East and North Africa are still in the early days of their cloud journey.
Relatively expensive Internet service, a lack of connectivity in many areas, and regulatory uncertainty around the cloud have led to a lag in demand, according to a second McKinsey analysis. But the situation is evolving quickly: governments there are funding emerging knowledge-based economies and creating new data security regulations to match those in other parts of the world.
Meanwhile, GenAI can also be part of the security solution: cybersecurity companies are adding artificial intelligence and machine learning (AI/ML) to their products as a way to reduce the workload on already overworked teams.
McKinsey recommends three criteria for AI adoption: a clearly defined AI strategy, an AI workforce, and a process for rapid AI adoption and scale. Currently, however, less than 30% of GCC companies have met each of these three criteria, the company said in its report.