Autonomous and electric vehicle uptake is rising across the Middle East, driven by national agendas and a growing push for sustainable mobility. With this rapid growth however comes an urgent need to address cybersecurity at every stage of the automotive value chain.
Artificial Intelligence (AI) is at the heart of this shift; transforming not only how vehicles operate, but also how cyber threats are identified, mitigated, and prevented. From predictive maintenance to driver behavior analytics, AI is streamlining processes and unlocking efficiencies. But it is also redefining the security perimeter for automotive organizations.

Forces Influencing AI Adoption in Automotive
As the industry evolves, three forces are shaping the current landscape: stricter regulations, rapid AI integration, and a fundamental change in communication infrastructure. Regulations such as the Cyber Resilience Act and NIS2 for example are introducing more granular compliance mandates, especially for sectors handling critical infrastructure.

Meanwhile, AI is accelerating business and individual learning processes. At the network level, the need for faster communication and bandwidth adaptability is giving rise to next-generation connectivity frameworks that can support AI-native systems. This evolution in infrastructure and intelligence also promotes a significant shift in cybersecurity from reactive to preventive.

AI is increasingly being used to analyze threat landscapes and internal vulnerabilities in real-time. This shift enables organizations to prepare for attacks before they happen, leveraging behavioral analytics and high-speed correlation to stay ahead of potential breaches. Hardware acceleration and software development, guided by AI, are now setting the pace for how cybersecurity evolves across the industry.

The Impact of Cybersecurity
Unsurprisingly, automotive enterprises are becoming high-value targets for cybercriminals. Three core factors contribute to this trend; the financial opportunity of holding connected services hostage, the complexity of digital supply chains, and the vast amount of sensitive data being generated. With every vehicle connected to cloud-based services, a single breach can have wide-ranging brand, operational, and financial repercussions. Moreover, the ecosystem of third-party vendors involved in producing autonomous and electric vehicles significantly expands the attack surface.

The use of digital twins and advanced manufacturing technologies further intensifies the volume of valuable data. This information ranging from user behavior patterns to proprietary designs is not only attractive to attackers but also becomes a tool for launching future attacks or selling on the dark web.

AI Transformations in the Automotive Supply Chain
AI is also transforming the automotive supply chain. Predictive maintenance for example – as opposed to scheduled or reactive vehicle maintenance, which until now has been the norm – enables companies to forecast part failures, optimize distribution, and reduce warehousing costs. AI can analyse and synthesise so many data streams that this guessing game becomes much more accurate. Not only does this mean more reliable vehicles for the consumer, but it also means that each element of demand can be optimised.

Driver behavior analysis and in-cabin monitoring systems powered by AI are also enhancing safety, particularly for long-haul truck drivers exposed to risks such as fatigue and theft. These AI-powered innovations are already helping companies reduce operational costs while improving customer satisfaction.

Strengthening security across the supply chain means embedding real-time monitoring, mapping data flows, and building a fast, coordinated response to incidents. The introduction of cyber resilience principles encouraged by regulatory bodies requires organizations to maintain robust and sustainable response mechanisms. AI can help with this.

AI’s Role in Automotive Cybersecurity
The future of AI in automotive cybersecurity lies in its ecosystem-wide integration. Multimodal AI models that can process text, images, and design data are already in use. But the next phase involves combining internal and external intelligence to strengthen risk postures. Synthetic data created specifically to train internal models without exposing real user data is becoming an important asset in speeding up AI development while preserving privacy.

The impact of AI can be summarized as transformative, dual-edged, and adaptable. It is enhancing cybersecurity readiness, being weaponized by attackers, and empowering businesses to evolve quickly in a changing environment. As the Middle East embraces connected mobility and smart transportation, the conversation must move beyond adopting AI to implementing it securely and intelligently. The road to the future may be autonomous, but its success will hinge on cybersecurity built for adaptability, speed, and scale.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

The crypto universe has just received another wake-up call. A recent high-profile breach has revealed deep cracks in the security protocols of the industry, reminding us that even the most sophisticated defenses can be compromised. This time, the hackers were able to breach a multisig cold wallet, stealing about $1.5 billion worth of Ethereum tokens.

This attack is especially troubling because it wasn’t a conventional vulnerability that looked for a flaw in the blockchain system or a smart contract. Rather, Security researchers have determined that hackers injected malicious JavaScript directly into Safe’s online infrastructure hosted on AWS. The code was specifically designed to activate only when interacting with Bybit’s contract address, allowing it to remain undetected by regular users.

The JavaScript manipulation modified transaction data behind the scenes:

1. When Bybit signers accessed the interface, the code identified target addresses
2. It silently modified critical transaction parameters including recipient address and operation type
3. It preserved the appearance of legitimacy by displaying the original transaction details to signers

This finding confirms our assessment that this attack sets a new precedent in crypto security by bypassing a multisig cold wallet through sophisticated UI manipulation, further proving that multisigs and cold wallets are not automatically secure when the interface layer can be compromised. Attackers used social engineering and user interface (UI) deception to carefully manipulate human behavior. The presence of human error compromises even the most robust systems.

This event highlights the pressing need for more robust security models, specifically in how transactions are authenticated and how signers verify transactions. The increasing complexity of UI-based attacks necessitates a change of strategy—moving beyond traditional cryptographic security toward comprehensive risk mitigation.

Why This Attack Changes Everything
For years, multisig wallets and cold storage have been considered the gold standard for securing crypto assets. But this breach shattered that assumption, revealing three major weaknesses:

• Multisig is not infallible—if signers can be deceived, multiple approvals do not guarantee safety.
• Cold wallets are not immune—an attacker does not need to breach the storage itself if they can manipulate what a signer sees.
• Supply chain and UI-based attacks are evolving rapidly, making them difficult to detect with traditional security measures.

With this shift in attack strategies, crypto institutions, exchanges and custodians must rethink how they authenticate and verify transactions.

How Crypto Security Must Evolve
Given the increasing complexity of attacks, securing digital assets requires a multi-layered approach that goes beyond cryptographic security. Here’s what needs to change:

• Real-Time Preventive Threat Monitoring
  • A prevention-first approach, securing every step of a transaction
  • Developing advanced anomaly detection systems that can flag unusual transaction patterns.
  • Leveraging AI and behavioral analysis to detect and prevent social engineering attempts.
• Strengthening Human-Centric Security Measures
  • Educating users and institutional signers on UI-based manipulation techniques.
  • Implementing multi-factor verification processes that include independent transaction confirmation.
• Enhancing Transaction Verification Protocols
  • Introducing secondary verification mechanisms to confirm transaction details before execution.
  • Using independent, air-gapped devices for transaction approvals to reduce UI-based risks.
• Adopting a Zero-Trust Security Model
  • Treating every device and signer as potentially compromised.
  • Implementing strict access controls and segregating signing authority across multiple verification channels.

Looking Ahead: The Future of Crypto Security
This attack proves that a prevention-first approach, securing every step of a transaction, is the only way to stop cybercriminals from carrying out similar high-impact attacks in the future. We cannot afford to rely solely on conventional cryptographic models as attacks become increasingly complex. Rather, we need a comprehensive strategy that addresses social engineering tactics, UI manipulation risks and human vulnerabilities. Crypto institutions can better safeguard their assets in an increasingly complex threat landscape by enforcing real-time threat monitoring, educating users and bolstering transaction verification.

Although no security system is entirely foolproof, staying ahead of cybercriminals will require a proactive and flexible approach. The sector needs to move toward multi-layered defense tactics that combine stringent verification procedures, education and technology. As digital assets become more mainstream, security practices must evolve just as rapidly. Trust, transparency and protection should be at the forefront of the crypto ecosystem—because, at the end of the day, security isn’t just about code. It’s about people.

Keeping pace with evolving cyber threats demands relentless adaptability and proactive defense strategies. Advanced persistent threats, ransomware, and wipers are just a few risks organizations must guard against. However, quantum computing is one of the most complex and far-reaching challenges on the horizon. While not an immediate threat, “collect now, decrypt later” underscores the urgency of preparing for a future where current cryptographic standards may be rendered obsolete.

Thanks to their ability to perform complex calculations exponentially faster than classical computers, quantum computers promise to revolutionize many scientific fields, such as chemistry, physics, and materials science. However, they also pose a significant risk in the wrong hands—potentially breaking today’s encryption methods and exposing sensitive data to malicious actors.

The Threat to Traditional Encryption
Current encryption protocols such as RSA and ECC (used in HTTPS, SSH, and IPsec VPNs) rely on the difficulty of factoring large numbers or solving discrete logarithm problems for security. However, quantum computers using advanced methods like Shor’s algorithm could efficiently solve these problems, leaving traditional encryption methods vulnerable to attack.

A sufficiently powerful quantum computer capable of breaking modern encryption is unlikely to be available within the next 8–10 years, although even that time is decreasing with each innovation. The issue is that adversaries are already collecting and storing sensitive data for future decryption. This highlights the need for proactive measures to safeguard information against post-quantum threats.

Preparing for the Quantum Future
As organizations recognize the risks posed by quantum computing, the need to adopt quantum-safe encryption strategies has never been more urgent. Concerns over eavesdropping on undersea fiber optic cables and other data interception techniques, for example, reinforce the necessity of securing communication channels now against future quantum threats.

Quantum-safe encryption, or post-quantum cryptography, refers to cryptographic protocols designed to resist these quantum attacks. Unlike traditional encryption, which depends on computational complexity, quantum-safe encryption is rooted in mathematical problems believed to be insurmountable even for quantum computers. Examples include lattice-based cryptography, hash-based cryptography, and multivariate polynomial cryptography.

Quantum-Safe Encryption Strategies
Organizations must adopt quantum-safe encryption techniques that can withstand quantum computing advancements to counteract these threats. Three major approaches are being explored today:

• Quantum Key Distribution (QKD): Leverages quantum mechanics to securely distribute symmetric encryption keys in an untrusted environment.
• Quantum-Safe Encryption: Uses proprietary techniques to ensure a secure key exchange resistant to quantum attacks.
• Post-Quantum Cryptography (PQC): Implements new cryptographic algorithms believed to be difficult for quantum computers to solve, such as lattice-based encryption.

The Race for Quantum-Safe Solutions
In response to the looming threat of quantum computing, the global cybersecurity community has been actively developing quantum-safe encryption standards. The National Institute of Standards and Technology (NIST) has spearheaded the Post-Quantum Cryptography Standardization project to evaluate and standardize quantum-resistant algorithms. Through rigorous selection and cryptographic analysis, NIST is paving the way for the widespread adoption of quantum-safe encryption.

However, transitioning from traditional encryption to quantum-safe solutions presents challenges, including interoperability, performance impact, and backward compatibility. Organizations must carefully assess their cryptographic infrastructure and create a roadmap for migration to quantum-resistant encryption.

Protecting Today’s Data Against Tomorrow’s Threats
As cyber threats evolve, ensuring the long-term security of sensitive information is paramount. Quantum-safe encryption offers a proactive approach to mitigating quantum risks and securing critical data against future decryption attacks. By investing in quantum-safe solutions today, organizations can future-proof their cryptographic infrastructure, ensuring resilience in the face of rapid technological advancements. While the transition to quantum-safe encryption is complex, the benefits of securing sensitive data far outweigh the costs.

It Takes a Village
By harnessing the power of quantum-resistant cryptographic algorithms and advancing QKD technologies, we can secure our data against the threats of the quantum era. But no single entity can tackle this challenge alone. The shift toward quantum-safe encryption is a collaborative effort requiring input from researchers, policymakers, and industry leaders

But the challenge is clear. As quantum computing continues to develop, the time to act is now. Ensuring data security for the future demands a collective commitment to innovation, standardization, and the adoption of quantum-safe encryption practices. Together, we are paving the way for a future where data security transcends the bounds of classical computing, ushering in a new era of quantum-safe communications and cryptography.

As we witness an unprecedented acceleration in the digital landscape, securing artificial intelligence (AI) systems and supply chains has become a critical concern for global technology companies. Huawei, a global ICT leader, is tackling these challenges head-on and leveraging its expertise to establish industry standards in AI security and supply chain resilience.

AI Security: Addressing Complex Challenges
AI’s transformative potential is accompanied by inherent risks such as data breaches, adversarial attacks, and algorithmic biases. Acknowledging these vulnerabilities, Huawei has crafted a multi-layered strategy to safeguard AI systems. Central to Huawei’s AI strategy is a steadfast commitment to ethical practices. The company designs AI frameworks that prioritize transparency, privacy, and accountability.

It integrates Explainable AI (XAI) techniques to ensure decision-making processes are understandable and unbiased, thereby fostering trust among users and stakeholders. Huawei has also harnessed the power of AI to bolster its cybersecurity defences. By deploying advanced threat detection systems, its technology analyzes vast amounts of data to identify and neutralize potential threats in real-time, providing robust protection for its AI solutions.

Huawei’s efforts extend beyond its internal operations. Through initiatives like the Huawei Cyber Security Transparency Center, the company collaborates with academia, industry experts, and policymakers to advance AI security research and address emerging challenges. These measures underline Huawei’s commitment to creating secure, scalable, and trustworthy AI systems that can withstand the complexities of the modern digital ecosystem.

Securing the Global Supply Chain
In the interconnected world of global supply chains, vulnerabilities such as counterfeit components, tampering, and cyberattacks pose significant risks. To mitigate these challenges and protect the integrity of its supply chain, Huawei has implemented a comprehensive security framework. Huawei employs blockchain technology to enhance supply chain traceability, ensuring every component and process in its network is authenticated, thus reducing the risk of counterfeit products and unauthorized modifications.

Huawei also enforces stringent supplier verification protocols, requiring partners to adhere to its cybersecurity standards. Regular audits and compliance checks are conducted to maintain the integrity of the supply chain. Huawei incorporates secure-by-design principles into its hardware and software, ensuring resilience against potential cyberattacks. AI technologies are also deployed to predict and mitigate supply chain disruptions, enhancing overall reliability.

By aligning with international frameworks like ISO 28000 and contributing to global cybersecurity policy development, Huawei demonstrates its commitment to fostering a secure and standardized supply chain ecosystem.

Setting Industry Benchmarks
Huawei’s proactive approach to AI and supply chain security establishes it as a leader in the global technology landscape. By combining cutting-edge innovation with robust security measures, the company not only protects its operations but also contributes to the broader effort to secure the digital future. As cyber threats become increasingly sophisticated, Huawei’s initiatives serve as a model for how technology companies can balance innovation with security.

Its commitment to transparency, collaboration, and ethical practices underscores the importance of building trust in an increasingly digital world. For industries and organizations navigating the complexities of AI and global supply chains, Huawei’s efforts underscore the critical need for vigilance, resilience, and collaboration in ensuring a secure and sustainable technology-enabled future.

Increasingly, new laws and regulations are designed to help guide companies in structuring their cybersecurity strategies. For example, the U.S. Securities and Exchange Commission (SEC) has become very strict on what organizations have to report. The European Union General Data Protection Regulation (GDPR) and other regulations like the NIS 2 Directive—an EU legislative act that aims to compel a higher and common level of cybersecurity across all the organizations within the union—are driving structural changes in cybersecurity. Ultimately, it all boils down to adhering to the rules to protect organizations and, by extension, citizens from cybercriminals.

From an executive vantage point, the central questions to be addressed are: “Is my company safe? Is my IT organization doing a good job of protecting us? And, as a leader, am I making sure we’re doing what is required by the SEC, or the EU government, or whoever else is creating the regulations?” In this post, we discuss how top-level managers of organizations can best navigate the intersection between their business needs and cybersecurity requirements.

Indicators of Compromise
Executives rely on their cybersecurity teams to give them an accurate and unvarnished view of the organization’s security posture. When leadership asks, “Are we safe?” the team needs to respond in a way that can be easily understood and is honest. Cybersecurity managers should frequently check the pulse of their networks. When they come upon a concern, they need to provide executives and board members with timely reports about attacks, threats, and indicators of compromise (IOCs).

Typically, an IOC is something new or abnormal that is occurring. This is often a sign that your organization has been compromised. An example of an IOC might be that some devices in the network are connecting to somewhere never witnessed before. Or, it might be an unusual rate of connection or an unusual amount of data being transferred to or from certain locations that are geo-based. Anytime you experience something you would not expect, proceed carefully and be suspicious.

Are You Ready?
Organizations need cybersecurity technology, but they also need to consider their readiness, which requires a strategy. Organizations can acquire pretty much any product or service that they want to protect against this or that particular threat, but the job doesn’t stop there. Each of these new tools will generate information logs and reports. When the tools generate data, a dedicated individual or group must be ready to process all the new information.

If your organization is not processing this new security data, some intrusion that could have been prevented invariably happens. Often, the IT team discovers the initial attack occurred months before, despite all the relevant devices doing their job of generating data logs. However, with no one analyzing all the information, a preventable hack can easily occur. If your organization wants to maintain its security posture, you must be able to do the triage.

When the triage has pinpointed an attack, your organization needs to have a plan in place. And that means, you have to proactively know what tools you have, who the players are, and who needs to be doing what. This is not the time to say, “Let’s call a meeting and figure it out!” Most hackers are using tools that are automated and execute at computer speed. If your organization tries to respond at human, Zoom-meeting speed, you’re in big trouble. So, you must have your processes documented and prepared in advance. Also, you should proactively employ some software technology, like an SIEM or SOAR solution, that enables you to respond to threats immediately.

The Platform Approach
At Fortinet, we believe good collaboration requires moving from a best-of-class approach to a platform approach. With a platform, you can use multiple technologies that can exchange information between themselves and in an open way with other systems. The platform approach is more efficient. It allows multiple technologies to “talk to each other” and extract information that can be used proactively, effectively, and automatically.

For example, when you analyze every confirmed threat and build a model for responding to it, you may end up building hundreds of models. These models are often referred to as playbooks. Eventually, you realize that the playbooks can be condensed and automated. That process is a lot easier to do with a platform of products that have already been designed to work together.

Conclusion
Board members and C-suite executives should have more than a basic understanding of cyber threats and cybersecurity. If one of their primary goals is to keep the business well-protected, they need to be aware that a platform approach to cybersecurity is the best way to keep their organizations secure. Having a cybersecurity platform allows for the automation of defensive tasks and the ability to respond to attacks in milliseconds. Automation is the key because it allows for essentially synthesizing and automating tasks in a timely way. Responding to cyber threats with a Zoom meeting or a manual process is never going to be adequate.

Cybersecurity in the UAE: A Human-Centric Approach
In today’s digital era, businesses worldwide, including in the UAE, are investing heavily in advanced cybersecurity technologies—AI-powered systems, robust firewalls, and sophisticated encryption. Despite these advancements, one critical aspect often remains overlooked: the human factor.

Studies reveal that 95% of cybersecurity breaches result from human error or manipulation. From falling victim to phishing scams to weak password practices, human behaviour continues to be the weakest link in the cybersecurity chain.
In the UAE, where digital transformation is accelerating, the role of people in cybersecurity is particularly significant. As organisations here adopt cutting-edge technologies to build smart cities and blockchain-powered systems, the complexity and frequency of cyber threats are also rising.

The UAE’s Unique Cybersecurity Landscape
The UAE serves as both a technological leader and a high-profile target for cyberattacks. Initiatives like the National Cybersecurity Strategy and Smart Dubai demonstrate the government’s commitment to a secure digital future. However, as the nation pioneers new digital innovations, the risks also grow.

While automation and AI are critical to cybersecurity, they cannot replace the need for skilled and informed individuals. The interplay between technology and human awareness is key to building a resilient cybersecurity framework.

Why Cybersecurity Failures Are Often Human
Blaming employees for cybersecurity breaches—whether they clicked on a phishing link or shared sensitive information—is common, but it misses the bigger picture. Cybercriminals exploit human psychology to manipulate behaviours. They use tactics like urgency, curiosity, and trust to bypass even the most advanced technological defences.

In the UAE’s culturally diverse workplace, these tactics often leverage social norms, hierarchical structures, or even religious beliefs. This underscores the need for a tailored approach to cybersecurity awareness that resonates with local cultures and behaviours.

Building a Culture of Security
To truly secure organisations in the UAE, we need a culture of security that places people at the centre of the strategy. This involves:

Continuous Education
Security awareness training should evolve with the threat landscape. Employees must learn to recognize phishing emails, create strong passwords, and critically evaluate security risks.

Cultural Sensitivity
Training programs must be engaging and aligned with the UAE’s cultural diversity to ensure they are impactful.

Empowering Employees
Create an environment where employees feel responsible for safeguarding data and confident enough to report suspicious activities. Mistakes should be treated as learning opportunities rather than failures.

Leadership Involvement
Leaders must model cybersecurity best practices and foster an atmosphere of shared responsibility.

The Balance Between Technology and People
As the UAE continues to invest in cutting-edge cybersecurity technologies, organisations must remember that technology alone cannot guarantee security. The true strength lies in the people operating these systems.

• Technology: Provides tools to detect and prevent threats.
• People: Make decisions, respond to incidents, and adapt to evolving risks.

By integrating human awareness with technological advancements, organisations can create a robust defence against cyber threats.

Conclusion
Cybersecurity in the UAE must be a shared responsibility. As the country drives its digital economy forward, investing in human-centric strategies is as critical as deploying advanced technologies.

A secure future is one where technology empowers people, and people actively contribute to safeguarding their organisations. By fostering a culture of awareness, accountability, and collaboration, we can ensure a resilient and secure digital UAE.

Let’s not just protect our networks—let’s empower our people to become the first line of defence.

Nearly 90% of organizations experienced at least one breach in the past 12 months. A myriad of ongoing challenges impact an organization’s susceptibility to cyberattacks, ranging from the constant and rapid adoption of new technologies to the ongoing cybersecurity talent shortage.
While there is no one-size-fits-all approach to enhancing organizational security measures and guarding against breaches, one thing is clear: A single entity cannot disrupt cybercrime alone, yet we must fight against our adversaries and hold them accountable for their actions. Establishing choke points on the chess board requires ongoing collaboration between the public and private sectors.

Fortinet is proud to be part of numerous collaborative efforts to address cybercrime. The company is a founding member of the World Economic Forum Centre for Cybersecurity, a contributor to its Partnership Against Cybercrime (PAC), and a founding member of the Cybercrime Atlas. The PAC launched in 2020 as a first step toward establishing a global architecture for promoting public-private cooperation to combat cybercrime. It offers a platform for sharing insights and exploring new approaches to drive successful collaboration against digital adversaries, bringing together businesses, national and international law enforcement agencies, and nonprofit organizations.

In 2023, the PAC created the Cybercrime Atlas, a first-of-its-kind initiative, leveraging the efforts of dozens of organizations to drive real impact by mapping threat actor activities and creating a chain of disruption in the cybercriminal ecosystem. Fortinet is a long-standing and active PAC community contributor and a founding member of the Cybercrime Atlas initiative.

The Cybercrime Atlas became operational earlier this year, two years after the initiative was introduced. Last month, the International Criminal Police Organization (INTERPOL) announced that it identified and arrested more than 1,000 suspects connected to major cybercrime operations with support from the Cybercrime Atlas initiative. This effort dismantled 134,089 malicious infrastructures and networks across 19 African countries, which had impacted more than 35,000 victims to date and resulted in $193 million in financial losses worldwide.

The Cybercrime Atlas initiative’s investigations group, composed of more than 20 members, meets weekly to profile threat actors, review open-source intelligence regarding cyber criminal activities, correlate data, and identify potential disruption points. This information is then organized into intelligence packages to aid cybercrime takedown efforts.

In its first year of operation, Cybercrime Atlas contributors shared over 10,000 community-vetted and actionable data points and supported two cross-border cybercrime disruption efforts. The group created seven comprehensive intelligence packages on emerging threats that they shared with law enforcement to operationalize this actionable data. These intelligence packages from the Cybercrime Atlas initiative contributed directly to the success of this INTERPOL-led effort, which ultimately disrupted attacker operations and held adversaries accountable for their actions.

This recent takedown exemplifies how public-private collaborations like the Cybercrime Atlas initiative drive real impact in disrupting global cybercrime. Working across sectors and prioritizing threat intelligence sharing benefits the cybersecurity community, making us more resilient and effective collectively. At Fortinet, we believe our corporate responsibility is to make the world safer and more sustainable, creating a digital world you can always trust. To deliver on this vision, we’re committed to addressing cybersecurity risks for our customers and society.

No single individual or organization has complete insight into all the threats. Effectively disrupting cybercrime requires public and private organizations to work together, taking a coordinated and unified approach. In addition to Fortinet’s involvement with the World Economic Forum PAC and Cybercrime Atlas initiative, we are committed to partnership and cooperation with global law enforcement agencies, government organizations, and industry organizations. Fortinet has been a trusted partner to INTERPOL and an active Global Cybercrime Expert Group member for nearly 10 years.

The company also joined INTERPOL’s Gateway initiative in 2018, which offers a framework for sharing threat intelligence across organizations. This ongoing collaboration has resulted in the adoption of more substantial threat intelligence standards and protocols across the industry and impactful global cybercriminal takedowns. For example, in 2022, the FortiGuard Labs team provided evidentiary support to INTERPOL and African Member countries as part of the Africa Cyber Surge Operation to help detect, investigate, and disrupt cybercrime through coordinated law enforcement activities, using INTERPOL platforms, tools, and channels in close cooperation with AFRIPOL.

In addition to working with INTERPOL, Fortinet is actively involved with numerous public-private collaborations. The company is a long-standing member of the NATO Industry Cyber Partnership, a partner of NIST’s National Cybersecurity Excellence Partnership program, a founding member of the Cyber Threat Alliance, an official research partner with MITRE Engenuity’s Center for Threat-Informed Defense, and more. As the global cybercrime landscape evolves, these collaborations will only become more critical to halting threat actors. The recent efforts of INTERPOL and the Cybercrime Atlas initiative are a strong example of how, when we work together, we can move faster and more effectively toward our collective goal of disrupting cybercrime.

For cybersecurity professionals working within the sector, the pressure doesn’t end there. New data protection laws, such as the three new policies being developed by the UAE Cybersecurity Council on “cloud computing and data security”, “Internet of Things security”, and “cybersecurity operations centres” demand that financial institutions rigorously protect customer data. However, the increasing sophistication of attacks, driven by AI, often outpaces the requirements of such regulations, let alone the time taken for them to come into force.

All this creates significant pressure on financial institutions to establish a best practice that enables them to secure their operations, reduce vulnerabilities and maintain consumer trust.

The Role of Regulations in Cybersecurity
Regulations heavily influence the financial sector’s cybersecurity strategies, often focusing on risk management. However, while threats evolve quickly, regulations tend to lag and take time to develop.

Traditional corporate security teams can no longer prevent breaches as swiftly as attackers compromise systems, and monitoring tools have limited ability to stop a threat. That’s because the time it takes for attackers to compromise and exfiltrate data is now quicker than the time it takes for an organisation to remediate, which is typically 4-6 days.

With the average data breach now costing around $4.45 million, financial institutions need a proactive cybersecurity strategy, not one that is reactive to regulation alone, including investment in advanced technologies to quickly detect and neutralise threats.

Financial institutions should only view regulatory requirements as a foundational baseline, rather than a comprehensive basis for defence. Within the financial sector, more than any other, proactive, threat-based strategies are essential.

AI: Both a Threat and a Solution
AI is reshaping business functions in financial services, enhancing the customer experience and operational efficiency, but it also introduces new security risks. Today, attackers are using AI for reconnaissance, social engineering, malicious code development and more. These tactics accelerate attacks, making them harder to combat with traditional cybersecurity measures.

Even within the security department, it has become a double-edged sword, aiding both cyber criminals and defenders. While many organisations adopt AI to improve operations, the technology also expands attack surfaces, allowing cybercriminals to automate and scale attacks.

By consolidating security products and shifting to a platform approach, AI-driven cybersecurity solutions can be best utilised to help institutions detect and respond to threats in real-time, protect data and be more agile in response to incoming regulation.

Communicating Cybersecurity Needs
To put the right solutions in place, security teams first need trust and investment and that means taking the cyber challenge to the board. C-level leaders in the financial sector often underestimate their cyber-resilience so effective communication from CISOs and CTOs about cybersecurity risks and investment needs is essential.

Maintaining trust is critical for any business that holds sensitive, personal or critical data. Where financial services institutions rely on reputation, any investment in cyber is a good investment. It means a reduction in risk from cyber attacks, which do carry financial implications, in addition to the fact that an effective security posture carries the potential for funds to be released from a business’s cyber insurance policy.

In the digital financial landscape, robust cybersecurity measures safeguard reputation, customer trust, and operational continuity. As digital transformation continues at pace, banks and other financial entities must embed security into every aspect of their operations – turning investments in AI and cybersecurity innovations into competitive advantages.

Harikrishna Kundariya, Co-Founder and Director, eSparkBiz Technologies

The status of cybersecurity has evolved towards preventing not only external attacks but also safeguarding private information from any potential risks. To put it bluntly, in my opinion, the most underappreciated yet the most dangerous cybersecurity threat comes from within the organization: insider threats. Cybersecurity threats can be broadly classified into two categories: Insider and Outsider.

The primary category is insider threats, wherein, employees, business partners, and contractors with authorized access to company sensitive data harm or neglect to act. Saboteurs become the most active offenders or unintentional threats arise from lack of training or user mistakes. The critical systems and sensitive information are often accessible to the insiders. Therefore their actions have huge ramifications such as loss of money, bad reputation, and legal issues to say the least.

According to research and studies, insider threats alone take up to 22% of the percentage of total breaches emphasizing the need for strategic actions against this worrisome trend.

Establish a Robust Access Control Policy
Insider threats can be fixed effectively by implementing a strict access control policy. This ensures that only specific individuals can access sensitive data and critical systems. Access to sensitive data and systems should always be provided based on the least privilege model. In simplest terms, an employee should only be provided with the necessary required access to perform their job. In most cases, this will involve limiting access to sensitive information such as customer data, financial records or Intellectual property to only those who need it for their role.

Implement User Activity Monitoring
An Organization should always be on the defence side and monitor user activity on its network and systems for any signs of a suspicious activity or abnormal behaviour. This could include looking for abnormal times to log in, as well as when files are transferred and sensitive data is accessed. Most of the time, insider threat subtly shows as changes in ordinary user behaviour, like employees accessing files they don’t typically need or massive amounts of data downloaded or requests to sensitive parts of the network. Many companies provide user activity monitoring tools which help track behaviour within an organization and give alerts of abnormal activity in real time.

Enforce Strong Authentication and Password Policies
Weak authentication can expose the systems to inside threats. There are policies that organizations should impose regarding systems such as multi-factor authentication (MFA) before gaining access to critical systems and sensitive data. MFA is a procedure whereby users logging in are asked for their fingerprint scan or a time-specific single-use passcode sent to their mobile devices. Besides MFA, it is also important to emphasize a consistent password policy throughout the organization. Passwords should be hard to guess, different from one another and timely rotated.

Employee Training and Awareness Programs
Not all insider threats are malevolent acts, in most cases, carelessness and lack of knowledge play a crucial role. Employees are a major vulnerability to the organization especially if they haven’t been trained on how to operate safely online, meaning, they could inadvertently expose the organization to risk by opening phishing emails, picking weak passwords, and mishandling sensitive information.

Organizations should tackle the aforementioned issues by rolling out consistent cybersecurity training every month or quarterly. Training should include; how to recognize phishing, how to secure sensitive information and how to properly deal with company property.

Data Encryption and Secure Communication
Regardless if it is sensitive data being stored or it’s in the process of transfer, utilizing encryption allows the data to remain unreadable without the requisite key. Even in case there is unauthorized access made by an employee the information will not be usable. Emails, files and databases that carry sensitive data need to be encrypted as well, such as intellectual property, and personal and financial records. All forms of communications, external and internal, should be encrypted for the dissolution of any chances of intellectual property theft.

Develop an Insider Threat Response Plan
The creation of an insider threat strategy is crucial to an organization as no security measure is enough to eliminate all insider threat risks. The organisation must have predefined protocols on how to handle a case when an insider breaches the company as replacement of technology and mitigation of losses can be a part of the process. An efficient response mechanism should have well-defined communication and reporting procedures for an incident as well as working protocols with law enforcement.

Regular Audits and Security Assessments
It is also prudent to emphasize the necessity of regular audits and security assessments as measures for enhancing the security of the organization’s assets. Audits of this kind should also look at user access control reviews and other insider threats triangulation such as systems logs and employee behavior patterns. Routine audits also assist these firms in determining opportunities for further improvement of their operational readiness investigative processes.

Foster a Culture of Trust and Transparency
While it’s important to put technical safeguards in place, creating a culture of trust and transparency within the organization can also help mitigate insider threats. This is because employees who feel valued and respected will have less incentive to engage in malicious acts that threaten the organization. Establishing trust comes down to being accessible to employees, supporting their aspirations, and dealing with problems as they arise.

Conclusion
Insider threats are perhaps the most dreaded and critical challenge for any organization, however, they can be countered using a mix of robust access mechanisms, training of employees, monitoring of users’ activities and an effective incident response plan. With the right risk mitigations in place, organizations will protect their greatest assets, including data, systems, and reputation from deliberate and unintentional insider threats. Taking into consideration the shifting nature of cybersecurity affairs, protecting systems and information against insider threats and penetration is still a top priority for organizations.