Public Private Partnerships are key to mitigating rising data breaches, experts say

As the international cybersecurity community gears up for GISEC – the Middle East and Africa’s largest and most impactful cybersecurity super-connector that will take place from 23 to 25 April at Dubai World Trade Centre – experts are weighing in on the dramatic evolution of data breaches, and the ways in which companies and governments can join forces to strengthen global cyber-resilience.

In the Middle East specifically, oil and gas operations, government entities, and financial institutions have been most affected and continue to emerge as key targets for data breaches. Globally, over 30 billion known records have been breached so far in 2024 – accounting for more than 5,000 publicly disclosed incidents – according to the UK-based market consultancy, IT Governance.

With each breach, comes a cost, and these continue to rise year-on-year as new attack methods, new vulnerabilities, and new risks appear. IBM’s ‘Cost of a Data Breach Report 2023’ reflects an upward trend in data breach costs, with the average breach in 2023 accounting for US$4.45 million – a 2.3 per cent increase from 2022.

Businesses are largely ill-equipped and underprepared

The increase in record breaches around the world, and the associated costs, reflect a gap between rapidly evolving malicious malware and companies’ readiness to avert emerging incidents. GISEC Global experts will address the impact of this gap at GISEC’s main stage, bringing their unique insights and expertise to the table.

With a storied career spanning over 15 years in IT and Information Security in financial sectors, Saiful Islam, Chief Information Security Officer at Dhaka Bank in Bangladesh, identifies a glaring inadequacy on the private sector’s part.

“Despite heightened awareness and investment in cybersecurity measures, this surge [in breaches] indicates systemic and persistent vulnerabilities,” said Islam, who will be speaking on GISEC Global’s main stage on 25^th of April as one of the 350-plus international speakers joining the 13^th edition of the show.

“It underscores the urgent need for organisations to reassess their cybersecurity strategies, fortify defences, and prioritise proactive measures such as robust assessments, employee training, continuous improvement, and clear incident response plans.

“Failure to address these deficiencies could result in severe consequences, including financial loss, reputational damage, and regulatory repercussions,” he warned.

Charles Brooks, President of Brooks Consulting International and Adjunct Professor at Georgetown University in Washington, D.C., will be speaking on the main stage of GISEC Global on the 23^rd of April, echoed similar concerns: “Every year, cyberattacks cost businesses more money and occur in greater numbers. Despite the increasing frequency, sophistication, lethality, and liabilities linked to intrusions, industrial management has mostly lacked the necessary preparation and has moved slowly to strengthen cybersecurity.”

“The underlying line is that corporate cybersecurity and the C-Suite need to shift from a passive to a prepared posture,” he added.

According to both experts, government and enterprise efforts in cybersecurity have largely focused on responding to the most recent breach or threat, meaning that defenders were usually always one step behind attackers.

“We’ve seen organisations increasingly choose to pay off ransomware attacks as they struggle to keep up with new threats and advances in AI-assisted intrusions,” said Oren Maguid, Regional VP for MEA, APAC, and ANZ at Votiro, a Zero Trust Content Security Company and one of the 750 exhibiting brands from around 130 countries who are participating at GISEC Global 2024 talking place at Dubai World Trade Centre.

“Without proper threat prevention in place, these attacks will only become more common and demand more time and money from already-strained enterprises. Organisations waiting for their endpoint to be breached and mitigating the damage after are using a reactive approach that leaves IT teams scrambling to keep up as attacks become faster and more sophisticated,” Maguid concluded.

Intense coordination between governments and enterprises is essential

The recent news around the existence of a ‘Mother of All Breaches’ (MOAB) file – which allegedly contains 1.2 terabytes and over 3,800 files of data, including personal information and credentials from over 26 billion records – was especially alarming to the international cybersecurity community.

While industry experts have long said that a centralised data leak was inevitable, it doesn’t have to be unavoidable. Governments play a crucial role in establishing and enforcing regulations and standards to safeguard citizens’ data privacy and have a responsibility to address the escalating landscape of data breaches.

“The fact is, just as businesses are the custodians of consumer data, governments must act as responsible stewards by enforcing regulations that ensure the proper steps to privacy security are not overlooked. This commitment to data security is not just a legal obligation but also a crucial aspect of maintaining consumer trust and business integrity,” Maguid said.

Brooks agreed: “The private sector, which manages much of the vital infrastructure, needs to receive more threat intelligence and cybersecurity tools from the government. Most businesses just lack the security knowledge and resources necessary to counter the kinds of threats coming from state actors.”

To combat evolving threats and malicious malware, public and private partnerships will require intense coordination. A careful allocation of resources and thorough design of resiliency strategies, paired with investment into developing technologies and information exchange, can bring businesses access to national security-tested procedures and tried-and-true methods of risk management.

A double-edged sword: Artificial Intelligence and Quantum Computing

Of particular interest to governments and enterprises seeking to strengthen their cybersecurity posture is the rise of Artificial Intelligence (AI) and Machine Learning (ML), both of which are poised to revolutionise defence strategies for organisations and individuals alike.

“AI-powered tools can analyse vast amounts of data in real-time, enabling swift detection and response to cyber threats,” said Islam. “These systems can identify anomalous patterns indicative of potential attacks, enhancing proactive threat prevention measures. AI can also augment human capabilities by automating routine tasks such as patch management and malware detection, freeing up cybersecurity professionals to focus more on strategic initiatives.”

Because of its adaptive nature, which enables it to learn and evolve, AI is increasingly able to stay ahead of sophisticated cyber threats – setting it apart as an especially promising solution to bolstering cybersecurity defences.

Quantum computing is equally as impressive, powering problem-solving with previously unheard-of processing speeds and predictive analytics. According to Brooks, the adoption of both AI and quantum computing should be handled with caution, as both carry the potential to cause harm when used improperly.

“The downside of AI is that it can be used for evil. Malicious AI can be used by criminal business actors to conceal malware in commonly downloaded programmes and can launch covert attacks that adapt to an organisation’s security environment through complex system maintenance,” he said.

He continued: “Quantum computing, like AI, carries serious hazards. There are significant concerns associated with both the rapid development of the technology and the primary risks that these systems will enable.”

GISEC sets the stage for a cybersecure future

Despite the challenges facing the future of cybersecurity, like-minded professionals are eager to come together and strengthen the global industry’s approach to data protection and threat repulsion.

Votiro, the company that Maguid helps spearhead, provides companies with Zero Trust services, which assume that all incoming files or content contain malware. By preventing both known and unknown threats from entering the organisation, the solution proactively stops malware in its tracks before it reaches an endpoint – entirely removing the need for breach mitigation and, by better preparing response teams, greatly reducing the time it takes to get back on track following an organisational breach.

At GISEC Global, the international cybersecurity community will converge to share knowledge, showcase emerging solutions, and address relevant trends impacting the industry’s daily operations. With increasingly complex cyber threats, the widespread accessibility of AI, and an under-prepared corporate landscape, there is room to improve traditional approaches to data security and breach prevention.

“Security breaches can and will occur,” said Brooks. “And continuity depends on remediation. Effective cyber threat repercussion strategies primarily focus on risk reduction and incident handling – it is imperative for businesses and governments to stay informed about how the danger landscape is changing if they are to prepare for any eventuality.”