META region faces ‘growing’ AI-driven cyberattacks

Businesses in the Middle East, Turkey, and Africa (META) are increasingly at risk of cyberattacks powered by artificial intelligence (AI). 

A new report by Kaspersky, a cybersecurity firm, shows that 70% of surveyed organisations in the region have experienced more cyber incidents over the past year, with over half suspecting these attacks were enhanced by AI.  

“The study underscores the reality that AI, which has revolutionised numerous industries, is now also empowering cybercriminals, adding an additional layer of complexity to the threats businesses face,” Kaspersky says.

“AI is allowing attackers to plan and execute more effective attacks. It’s faster, harder to detect, and creates new challenges for businesses,” according to Oleg Gorobets, a cybersecurity expert at Kaspersky.  

How AI is changing cyberattacks

Cybercriminals are using AI to make their attacks more precise and convincing. For example, AI tools can create realistic phishing emails that trick employees into sharing sensitive information or installing malware. Attackers also use AI to scan company systems for weaknesses faster than ever before.  

“Leveraging AI by cybercriminals is a serious concern for 73% of respondents from the META region,” Kaspersky says. “The pressure of this challenge is pushing companies to reassess their cybersecurity strategies and look for solutions that are both proactive and comprehensive.”

Global losses from cybercrime reached €10 billion in 2024, double the amount from the previous year, according to a report by El País. AI-driven attacks, including automated scams and fake videos known as deepfakes, played a key role in this increase.  

While businesses in the META region are aware of these threats, many are unprepared to handle them. Kaspersky’s study identifies several gaps:  

“Over half of the organisations surveyed in the META region lack crucial resources needed to address these sophisticated threats – 56% don’t have the relevant external cybersecurity expertise at their disposal, 51% report that their IT teams are not large enough, 44% lack highly qualified staff, and 45% fall short in regular training efforts. Additionally, 49% of respondents do not think they have adequate security solutions in place, exposing them to potential vulnerabilities,” Kaspersky reports. “While most respondents claim to know how to address this lack of resources, the fact remains that they aren’t in place.”

This lack of preparation leaves organisations vulnerable to attacks, especially as cybercriminals continue to find new ways to exploit AI.  

“The cybersecurity landscape today mirrors past challenges, with businesses questioning if current solutions suffice,” Gorobets of Kaspersky says.

“Ransomware, once a primary threat, now demonstrates a dangerous surge, and business decision-makers start questioning the causes of this resurgence. The recent hype around AI offers an easy, if not entirely correct explanation. In reality, while using AI to create convincing phishing messages or more effective reconnaissance may be of some help, the root causes are most often more straightforward: cybercriminals have become more organised, better at collaborating, developing innovative attack strategies, and lowering the barriers for less skilled and resourceful attackers.”

What can businesses do to check cyberattacks?

Kaspersky recommends the following steps:  

1. Use Better Security Systems and IT Solutions: Advanced tools, like Extended Detection and Response (XDR), can help detect and block attacks faster.  

2. Train Employees Regularly: Workers need to know how to spot phishing emails, suspicious links, and other common threats.  

3. Get Outside Help: Businesses that lack in-house expertise should consider hiring cybersecurity firms to manage their defenses.  

“Additionally, ongoing employee training, including cybersecurity basics and safe AI practices, adds another critical layer of protection for the organisation,” Gorobets advises.