AI embedded attacks on data will increase in 2024 says Veritas

AI embedded attacks on data will increase in 2024 says Veritas

Johnny Karam, Managing Director and Vice President of International Emerging Region, Veritas Technologies

In 2024, cybercriminals will embrace AI initiating the era of autonomous ransomware attacks and will commence with robocall-like automation, AI-driven target identification, breach execution, victim extortion, ransom collection, with minimal human interaction says Johnny Karam at Veritas.

With a heightened emphasis on investment in talent and technology, UAE businesses are expressing confidence in their ability to maintain security. However, over half, 57% still perceive themselves as at risk amid growing data security threats. In a world filled with escalating external threats and risks, vigilance and strategic investments are crucial for ensuring a resilient future.

With that, here are some of the key regional trends we foresee in the year ahead.

Autonomous ransomware attacks

In the past two years, 73% of UAE organisations surveyed fell victim to successful ransomware attacks where hackers breached their systems. Cyberattacks will only continue to rise in frequency and sophistication as threat actors continue to exploit advances in AI. Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are more convincing than those we’ve previously become wise to.

In 2024, cybercriminals will fully embrace AI, initiating the era of autonomous ransomware attacks. These attacks will commence with robocall-like automation and progress to AI-driven target identification, breach execution, victim extortion, and ransom collection, all achieved with remarkable efficiency and minimal human interaction.

Data corruption attacks

Data protection budgets in the UAE have increased by a third over the last 12 months, and the average UAE company also added around 15 staff members to its data protection and security teams. As organisations become better prepared to recover from ransomware attacks without paying ransoms, cybercriminals will be forced to continue evolving.

In 2024, we expect hackers to turn to targeted cell-level data corruption attacks, code secretly implanted deep within a victim’s database that lies in wait to covertly alter or corrupt specific but undisclosed data if the target refuses to pay a ransom.

The real danger is that victims will not know what data, if any, has been altered or corrupted until after the repercussions set in, effectively rendering all their data untrustworthy. The only solution is maintaining secure, verified copies of data that organisations are 100% certain are uncorrupted and can be rapidly restored.

Autonomous data protection

According to research, more than three-quarters, 77% of UAE organisations are turning to AI to boost their cyber resiliency. Given AI’s dual nature as a force for both good and bad, the question going forward will be whether organisations’ AI-powered protection can evolve faster than hackers’ AI-powered attacks.

In 2024, a significant aspect of this evolution will be the emergence of AI-driven autonomous adaptive data protection. AI tools will be able to continuously monitor for changes in behavioural patterns to see if users might have been compromised.

If AI detects suspicious activity, it can alert the Security Operation Centre and it can initiate automated recovery processes to take immediate action to isolate backups with malware, ultimately minimising the impact of a successful attack.

Generative AI-focused data compliance regulations will be formed.

For all its potential use cases, AI can pose huge risks to businesses due to its security vulnerabilities. Organisations who fail to put proper guardrails in place to stop employees from potentially breaching existing privacy regulations through the inappropriate use of generative AI tools are likely to face significant consequences.

Over the past 12 months, research revealed that 43% of organisations in the UAE have been penalised for compliance breaches, with an average fine of $178,000. Many regulatory bodies are currently focused on how existing data privacy laws apply to generative AI. However, as the technology continues to evolve, legislation created specifically for generative AI will be created in 2024, that will apply rules directly to these tools and the data used to train them.

The year ahead will be pivotal time for organisations. Advances in AI technologies will open doors that were previously considered unimaginable; at the same time, they will enable the cyber threat landscape to evolve into new realms. Those who embrace emerging technologies to drive innovation and strengthen their security posture whilst building policies and guardrails for compliant usage, are the ones who will flourish in 2024.

Browse our latest issue

Intelligent Tech Channels

View Magazine Archive