The rise of AI-driven attacks and accelerated software delivery cycles make the protection of organisations more difficult, as 87% of chief information security officers (CISOs) in the Middle East say application security remains a blind spot.
With the burgeoning AI-driven attacks, CISOs in the Middle East and across the globe find themselves exposed to advanced cyber threats. Credit goes to the challenges of data silos the security and C-suite teams face within enterprises to analyse emerging cyber vulnerability.
Commenting on these cyber threats, Bernd Greifeneder, Chief Technology Officer at Dynatrace, said, “The growing use of AI is a double-edged sword, creating efficiency gains for both digital innovators and those seeking to breach their defences.
“On the one hand, there’s a greater risk of developers introducing vulnerabilities through AI-generated code that has not been adequately tested, and on the other, cybercriminals can develop more automated and sophisticated attacks to exploit them. Adding further pain, organisations must also comply with emerging regulations such as the SEC mandate, which requires them to identify and report on the impact of attacks within four days,” Greifeneder continued.
Dynatrace explored these communication gaps to better understand how a unified approach to observability and security can help teams collaborate more effectively and reduce exposure to risk.
What alignment difficulties do security and C-suite teams face?
Dynatrace surveyed around 1300 global CISOs, including 150 global respondents in the Middle East to understand the state of application security in 2024. Here are a few key takeaways from the survey:
- Lack of C-level and board alignment leads to cyber risks: CISOs struggle to drive alignment between security teams and the C-suite, with 87% of CISOs saying application security is a blind spot at the CEO and board level.
- Security teams are too technical: Around 70% of the C-suite executives believe that security teams talk in technical terms without providing business context. However, 77% of CISOs highlight the issue is rooted in security tools that cannot generate insights that C-level executives and boards of directors can use to understand business risks and prevent threats.
- AI is driving more advanced cyber threats: Addressing this technology and communications gap is becoming more critical as the rise of AI-driven attacks and cyber threats significantly increases business risk.
Against this backdrop, 76% of Middle Eastern CISOs say their organisation has experienced an application security incident in the past two years. These incidents carry significant risk, with CISOs globally highlighting the common consequences they’ve experienced, including impacted revenue (47%), regulatory fines (36%), and lost market share (28%).
“Cybersecurity incidents can have devastating consequences for organisations and their customers, so the issue has rightfully become a critical board-level concern. However, many CISOs are struggling to drive alignment between security teams and senior executives because they’re unable to elevate the conversation from bits and bytes to specific business risks.
“CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimise their risk exposure,” Greifeneder added.
Also Read: Are Misaligned Upskilling Efforts Hindering AI Progress?
Which initiatives can minimise AI-driven application security risks in organisations?
Commenting on the emerging AI-powered cyber-attacks, Greifeneder said, “Organisations urgently need to modernise their security tools and practices to protect their applications and data from modern, advanced cyber threats. The most effective approaches will be built on a unified platform that drives mature DevSecOps automation and harnesses AI to deal with distributed data at any scale. These platforms will provide the insights the entire business can rally behind and use to demonstrate compliance with stringent regulations.”
- As they look for a solution, 81% of Middle Eastern CISOs say DevSecOps automation is more important to manage the risk of vulnerabilities introduced by AI.
- Additionally, 71% of the CISOs say DevSecOps automation is critical to ensuring reasonable measures have been taken to minimise application security risk.
- Around 80% of CISOs in the Middle East believe that DevSecOps automation will be essential to their ability to stay on top of emerging regulations such as the SEC cybersecurity mandate, NIS2, and DORA.