Latest news with #FadyYounes
Tahawul Tech
a day ago
- Business
- Tahawul Tech
Skills shortage remains a huge problem as Cisco reveals results of its Cybersecurity Readiness Index 2025
Cisco has published the findings of their Cybersecurity Readiness Index, and the pressing need for more skilled cybersecurity professionals has increased as AI adoption continues to skyrocket. However, there was good news for the UAE, as it was revealed that 30% of organisations across the country had reached mature or progressive levels in terms of their readiness to withstand cybersecurity attacks. This represents an improvement from last year's Index, however further efforts are required to address cybersecurity preparedness as hyperconnectivity and AI introduce new complexities for security practitioners. AI is revolutionizing security and escalating threat levels, with 93% of organizations in the country having faced AI-related incidents last year. However, only 62% of respondents are confident their employees fully understand AI-related cybersecurity threats, and only 57% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organizations critically exposed. AI is compounding an already challenging threat landscape. In the last year, over half of organisations (55%) suffered cyberattacks, hindered by complex security frameworks with siloed point solutions. The top three types of cybersecurity incidents include malware (76%), phishing attacks (59%), and data breaches by malicious actors (47%). Ransomware attacks were mentioned by 39% of respondents. Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, said: 'As AI reshapes our world, it brings an entirely new class of risks at an unprecedented scale, putting even more pressure on infrastructure and those who defend it.' He added: 'Our region's leadership in AI adoption is remarkable, paving the way for a dynamic future where innovative, AI-driven cybersecurity measures are critical for enhancing and protecting our digital landscape. Cisco is committed to support organizations in the region in enhancing their digital resilience by prioritizing AI solutions, streamlining security architecture, and addressing talent shortages. Today, preparedness is key to ensuring that businesses remain relevant and can thrive in the AI era.' The Index evaluates companies' readiness across five pillars – Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification – and encompasses 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, including 202 in the UAE, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature. Findings Cybersecurity preparedness in the UAE remains alarmingly low, especially as 75% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. Further: AI's Expanding Role in Cybersecurity: An impressive 96% of organizations use AI to understand threats better, 93% for threat detection, and 77% for recovery, underscoring AI's vital role in strengthening cybersecurity strategies. An impressive 96% of organizations use AI to understand threats better, 93% for threat detection, and 77% for recovery, underscoring AI's vital role in strengthening cybersecurity strategies. Generative AI (GenAI) Deployment Risks: GenAI tools are widely adopted, with 45% of employees using approved third-party tools. However, 20% have unrestricted access to public GenAI, and 54% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges. GenAI tools are widely adopted, with 45% of employees using approved third-party tools. However, 20% have unrestricted access to public GenAI, and 54% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges. Shadow AI Concerns: 33% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks. 33% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks. Unmanaged Device Vulnerability: Within hybrid work models, 88% of organizations face increased security risks as employees access networks from unmanaged devices. This is exacerbated by using unapproved Gen AI tools. Within hybrid work models, 88% of organizations face increased security risks as employees access networks from unmanaged devices. This is exacerbated by using unapproved Gen AI tools. Investment Priorities Shift: While almost all (98%) organizations plan to upgrade their IT infrastructure in the next 12-24 months, only 9% allocate more than 20% of their IT budget to cybersecurity. This finding suggests an opportunity for enhanced investment in comprehensive defense strategies, as the pace of threats continues to rise. While almost all (98%) organizations plan to upgrade their IT infrastructure in the next 12-24 months, only 9% allocate more than 20% of their IT budget to cybersecurity. This finding suggests an opportunity for enhanced investment in comprehensive defense strategies, as the pace of threats continues to rise. Complex Security Postures: Over four in five (81%) organizations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are hampering their ability to respond to threats swiftly and effectively. Over four in five (81%) organizations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are hampering their ability to respond to threats swiftly and effectively. Talent Shortage Impedes Progress: A staggering 87% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with 57% reporting more than 10 positions to fill. To tackle today's cybersecurity challenges, organizations in the UAE must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritising AI for threat detection, response, and recovery is essential, as is addressing talent shortages and mitigating risks from unmanaged devices and shadow AI.
Channel Post MEA
4 days ago
- Business
- Channel Post MEA
Cisco Reveals UAE Insights From Its 2025 Cybersecurity Readiness Index
According to Cisco's 2025 Cybersecurity Readiness Index, a total of 30% of organizations in UAE have achieved the 'Mature' or 'Progressive' levels of readiness required to effectively withstand today's cybersecurity threats. This represents an improvement from last year's Index, however further efforts are required to address cybersecurity preparedness as hyperconnectivity and AI introduce new complexities for security practitioners. AI is revolutionizing security and escalating threat levels, with 93% of organizations in the country having faced AI-related incidents last year. However, only 62% of respondents are confident their employees fully understand AI-related cybersecurity threats, and only 57% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organizations critically exposed. AI is compounding an already challenging threat landscape. In the last year, over half of organizations (55%) suffered cyberattacks, hindered by complex security frameworks with siloed point solutions. The top three types of cybersecurity incidents include malware (76%), phishing attacks (59%), and data breaches by malicious actors (47%). Ransomware attacks were mentioned by 39% of respondents. Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, said: 'As AI reshapes our world, it brings an entirely new class of risks at an unprecedented scale, putting even more pressure on infrastructure and those who defend it.' He added: 'Our region's leadership in AI adoption is remarkable, paving the way for a dynamic future where innovative, AI-driven cybersecurity measures are critical for enhancing and protecting our digital landscape. Cisco is committed to support organizations in the region in enhancing their digital resilience by prioritizing AI solutions, streamlining security architecture, and addressing talent shortages. Today, preparedness is key to ensuring that businesses remain relevant and can thrive in the AI era.' The Index evaluates companies' readiness across five pillars – Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification – and encompasses 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, including 202 in the UAE, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature. Findings Cybersecurity preparedness in the UAE remains alarmingly low, especially as 75% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. Further: AI's Expanding Role in Cybersecurity: An impressive 96% of organizations use AI to understand threats better, 93% for threat detection, and 77% for recovery, underscoring AI's vital role in strengthening cybersecurity strategies. An impressive 96% of organizations use AI to understand threats better, 93% for threat detection, and 77% for recovery, underscoring AI's vital role in strengthening cybersecurity strategies. Generative AI (GenAI) Deployment Risks: GenAI tools are widely adopted, with 45% of employees using approved third-party tools. However, 20% have unrestricted access to public GenAI, and 54% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges. GenAI tools are widely adopted, with 45% of employees using approved third-party tools. However, 20% have unrestricted access to public GenAI, and 54% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges. Shadow AI Concerns: 33% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks. 33% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks. Unmanaged Device Vulnerability: Within hybrid work models, 88% of organizations face increased security risks as employees access networks from unmanaged devices. This is exacerbated by using unapproved Gen AI tools. Within hybrid work models, 88% of organizations face increased security risks as employees access networks from unmanaged devices. This is exacerbated by using unapproved Gen AI tools. Investment Priorities Shift: While almost all (98%) organizations plan to upgrade their IT infrastructure in the next 12-24 months, only 9% allocate more than 20% of their IT budget to cybersecurity. This finding suggests an opportunity for enhanced investment in comprehensive defense strategies, as the pace of threats continues to rise. While almost all (98%) organizations plan to upgrade their IT infrastructure in the next 12-24 months, only 9% allocate more than 20% of their IT budget to cybersecurity. This finding suggests an opportunity for enhanced investment in comprehensive defense strategies, as the pace of threats continues to rise. Complex Security Postures: Over four in five (81%) organizations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are hampering their ability to respond to threats swiftly and effectively. Over four in five (81%) organizations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are hampering their ability to respond to threats swiftly and effectively. Talent Shortage Impedes Progress: A staggering 87% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with 57% reporting more than 10 positions to fill. To tackle today's cybersecurity challenges, organizations in the UAE must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and mitigating risks from unmanaged devices and shadow AI. 0 0
Channel Post MEA
30-04-2025
- Business
- Channel Post MEA
Cisco Unveils 2025 State Of AI Security Report
Ahead of GISEC GLOBAL in Dubai from 6-8th May 2025, Cisco has unveiled the findings of its inaugural global State of AI Security report. The report aims to provide a comprehensive overview of important developments in AI security across several key areas: threat intelligence, policy, and research. Artificial Intelligence AI has emerged as one of the defining technologies of the 21st century, yet the AI threat landscape is novel, complex, and not effectively addressed by traditional cybersecurity solutions. The State of AI Security report aims to empower the community to better understand the AI security landscape, so that companies are better equipped to manage the risks and reap the benefits that AI brings. Cisco is participating at GISEC GLOBAL 2025 as a Platinum Sponsor, under the theme 'Innovating where security meets the network'. Across its portfolio, Cisco is harnessing AI to reframe how organizations think about cybersecurity outcomes and tip the scales in favor of defenders. Visitors at GISEC will learn how Cisco combines AI within its breadth of telemetry across the network, private and public cloud infrastructure, applications and endpoints to deliver more accurate and reliable outcomes. 'As AI becomes deeply embedded into business and society, securing it must become a top priority,' said Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS. 'As our State of AI Security report indicates, traditional cybersecurity approaches are no longer sufficient to address the unique risks presented by AI. GISEC serves as the ideal platform to discuss the new age of AI-enhanced cybersecurity – bringing together security leaders, innovators, and policymakers who are shaping the region's cyber defense strategies. Through our thought leadership and innovations, we are showcasing at GISEC, Cisco aims to equip organizations with the insights, research, and recommendations they need to build secure and resilient AI systems.' Findings from Cisco's first State of AI Security report include: Evolution of the AI Threat Landscape The rapid proliferation of AI and AI-enabled technologies has introduced a massive new attack surface that security leaders are only beginning to contend with. Risk exists at virtually every step across the entire AI development lifecycle; AI assets can be directly compromised by an adversary or discreetly compromised though a vulnerability in the AI supply chain. The State of AI Security report examines several AI-specific attack vectors including prompt injection attacks, data poisoning, and data extraction attacks. It also reflects on the use of AI by adversaries to improve cyber operations like social engineering, supported by research from Cisco Talos. Looking at the year ahead, cutting-edge advancements in AI will undoubtedly introduce new risks for security leaders to be aware of. For example, the rise of agentic AI which can act autonomously without constant human supervision seems ripe for exploitation. On the other hand, the scale of social engineering threatens to grow tremendously, exacerbated by powerful multimodal AI tools in the wrong hands. Key Developments in AI Policy The past year has seen significant advancements in AI policy. International efforts have led to key developments in global AI governance. Early actions in 2025 suggest greater focus towards effectively balancing the need for AI security with accelerating the speed of innovation. Original AI Security Research The Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report. Research into algorithmic jailbreaking of large language models (LLMs) demonstrates how adversaries can bypass model protections with zero human supervision. This technique can be used to exfiltrate sensitive data and disrupt AI services. More recently, the team explored automated jailbreaking of advanced reasoning models like DeepSeek R1, to demonstrate that even reasoning models can still fall victim to traditional jailbreaking techniques. The team also explores the safety and security risks of fine-tuning models. While fine-tuning is a popular method for improving the contextual relevance of AI, many are unaware of the inadvertent consequences like model misalignment. The report also reviews two pieces of original research into poisoning public datasets and extracting training data from LLMs. These studies shed light on how easily—and cost-effectively—a bad actor can tamper with or exfiltrate data from enterprise AI applications. Recommendations for AI Security Securing AI systems requires a proactive and comprehensive approach. The report outlines several actionable recommendations: Manage risk at every point in the AI lifecycle: Ensure your security team is equipped to identify and mitigate at every phase: supply chain sourcing (e.g., third-party AI models, data sources, and software libraries), data acquisition, model development, training, and deployment. Ensure your security team is equipped to identify and mitigate at every phase: supply chain sourcing (e.g., third-party AI models, data sources, and software libraries), data acquisition, model development, training, and deployment. Maintain familiar cybersecurity best practices: Concepts like access control, permission management, and data loss prevention remain critical. Approach securing AI the same way you would secure core technological infrastructure and adapt existing security policies to address AI-specific threats. Concepts like access control, permission management, and data loss prevention remain critical. Approach securing AI the same way you would secure core technological infrastructure and adapt existing security policies to address AI-specific threats. Uphold AI security standards throughout the AI lifecycle: Consider how your business is using AI and implement risk- based AI frameworks to identify, assess, and manage risks associated with these applications. Prioritize security in areas where adversaries seek to exploit weaknesses. Consider how your business is using AI and implement risk- based AI frameworks to identify, assess, and manage risks associated with these applications. Prioritize security in areas where adversaries seek to exploit weaknesses. Educate your workforce in responsible and safe AI usage: Clearly communicate internal policies around acceptable AI use within legal, ethical, and security boundaries to mitigate risks like sensitive data exposure. 0 0
Zawya
29-04-2025
- Business
- Zawya
Ahead of GISEC 2025, Cisco unveils findings from its State of AI Security Report for 2025
News Summary The report highlights security risk to AI models, systems, applications, and infrastructure from both direct compromise of AI assets as well as vulnerabilities in the supply chain. AI is being harnessed by adversaries to improve effectiveness of cyber operations, such as social engineering and algorithmic jailbreaking of large language models (LLMs). The report provides actionable recommendations for securing AI systems. DUBAI, United Arab Emirates – Ahead of GISEC GLOBAL in Dubai from 6-8th May 2025, Cisco, the global leader in networking and security, has unveiled the findings of its inaugural global State of AI Security report. The report aims to provide a comprehensive overview of important developments in AI security across several key areas: threat intelligence, policy, and research. Artificial Intelligence AI has emerged as one of the defining technologies of the 21st century, yet the AI threat landscape is novel, complex, and not effectively addressed by traditional cybersecurity solutions. The State of AI Security report aims to empower the community to better understand the AI security landscape, so that companies are better equipped to manage the risks and reap the benefits that AI brings. Cisco is participating at GISEC GLOBAL 2025 as a Platinum Sponsor, under the theme 'Innovating where security meets the network'. Across its portfolio, Cisco is harnessing AI to reframe how organizations think about cybersecurity outcomes and tip the scales in favor of defenders. Visitors at GISEC will learn how Cisco combines AI within its breadth of telemetry across the network, private and public cloud infrastructure, applications and endpoints to deliver more accurate and reliable outcomes. 'As AI becomes deeply embedded into business and society, securing it must become a top priority,' said Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS. 'As our State of AI Security report indicates, traditional cybersecurity approaches are no longer sufficient to address the unique risks presented by AI. GISEC serves as the ideal platform to discuss the new age of AI-enhanced cybersecurity – bringing together security leaders, innovators, and policymakers who are shaping the region's cyber defense strategies. Through our thought leadership and innovations, we are showcasing at GISEC, Cisco aims to equip organizations with the insights, research, and recommendations they need to build secure and resilient AI systems.' Findings from Cisco's first State of AI Security report include: Evolution of the AI Threat Landscape The rapid proliferation of AI and AI-enabled technologies has introduced a massive new attack surface that security leaders are only beginning to contend with. Risk exists at virtually every step across the entire AI development lifecycle; AI assets can be directly compromised by an adversary or discreetly compromised though a vulnerability in the AI supply chain. The State of AI Security report examines several AI-specific attack vectors including prompt injection attacks, data poisoning, and data extraction attacks. It also reflects on the use of AI by adversaries to improve cyber operations like social engineering, supported by research from Cisco Talos. Looking at the year ahead, cutting-edge advancements in AI will undoubtedly introduce new risks for security leaders to be aware of. For example, the rise of agentic AI which can act autonomously without constant human supervision seems ripe for exploitation. On the other hand, the scale of social engineering threatens to grow tremendously, exacerbated by powerful multimodal AI tools in the wrong hands. Key Developments in AI Policy The past year has seen significant advancements in AI policy. International efforts have led to key developments in global AI governance. Early actions in 2025 suggest greater focus towards effectively balancing the need for AI security with accelerating the speed of innovation. Original AI Security Research The Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report. Research into algorithmic jailbreaking of large language models (LLMs) demonstrates how adversaries can bypass model protections with zero human supervision. This technique can be used to exfiltrate sensitive data and disrupt AI services. More recently, the team explored automated jailbreaking of advanced reasoning models like DeepSeek R1, to demonstrate that even reasoning models can still fall victim to traditional jailbreaking techniques. The team also explores the safety and security risks of fine-tuning models. While fine-tuning is a popular method for improving the contextual relevance of AI, many are unaware of the inadvertent consequences like model misalignment. The report also reviews two pieces of original research into poisoning public datasets and extracting training data from LLMs. These studies shed light on how easily—and cost-effectively—a bad actor can tamper with or exfiltrate data from enterprise AI applications. Recommendations for AI Security Securing AI systems requires a proactive and comprehensive approach. The report outlines several actionable recommendations: Manage risk at every point in the AI lifecycle: Ensure your security team is equipped to identify and mitigate at every phase: supply chain sourcing (e.g., third-party AI models, data sources, and software libraries), data acquisition, model development, training, and deployment. Maintain familiar cybersecurity best practices: Concepts like access control, permission management, and data loss prevention remain critical. Approach securing AI the same way you would secure core technological infrastructure and adapt existing security policies to address AI-specific threats. Uphold AI security standards throughout the AI lifecycle: Consider how your business is using AI and implement risk- based AI frameworks to identify, assess, and manage risks associated with these applications. Prioritize security in areas where adversaries seek to exploit weaknesses. Educate your workforce in responsible and safe AI usage: Clearly communicate internal policies around acceptable AI use within legal, ethical, and security boundaries to mitigate risks like sensitive data exposure.
Tahawul Tech
08-04-2025
- Business
- Tahawul Tech
Cisco Talos Report: The education sector the most targeted industry for cyberattacks in 2024
The annual report from Cisco Talos has shown that the education sector was the most targeted industry for cyberattacks in the last 12 months. Unsurprisingly, identity-based attacks emerged as the most dominant threat, accounting for 60% of Cisco Talos incident response cases in 2024. The report, based on telemetry from over 46 million global devices across 193 countries and regions, including the Middle East, analyses the most significant trends in threat actor behavior, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats. The findings reveal that in 2024, threat actors prioritized stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access. Commenting on the report's findings, Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, stated: 'The findings from Cisco Talos' 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defense strategy. And with the emergence of remote and hybrid working models, implementing a Zero-Trust Network Access (ZTNA) strategy is key to ensure that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organizations can reinforce their security measures and more effectively shield themselves from new and emerging threats.' To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches, enforce strong authentication methods, implement best practices such as strict access controls, network segmentation, and employee training, encrypt all traffic for secure monitoring and configuration, and apply all security measures across the network infrastructure. By adopting these practices, organizations can build a more resilient security posture. Top threats observed in 2024 include: Identity-based attacks: These attacks accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs being particularly attractive due to their access to sensitive data. Ransomware tactics: Last year, ransomware attacks continued to impact organizations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. Additionally, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts. Exploitation of Network Vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted network vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years. Multi-Factor Authentication (MFA) Abuse: Multi-factor authentication (MFA) abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This highlights the critical need for robust MFA implementations and vigilant monitoring of IAM systems. AI-Refined Cyber Threats: Despite industry speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to refine existing techniques. Enhancements in social engineering tactics and task automation were the primary applications of AI, rather than the development of entirely new methods of attack. Cisco Talos' 2024 Year in Review provides valuable insights for cybersecurity professionals and organizations looking to enhance their defense strategies. By identifying key trends and offering actionable recommendations, the report serves as a critical resource for mitigating emerging cyber threats. For more information, please visit
