As AI reshapes industries, cyber threats are evolving faster than ever. Experts share insights on AI-driven attacks, security strategies, and building cyber resilience.
As AI reshapes industries, it is also redefining the threat landscape for cybersecurity. From financial institutions and media houses to large enterprises and multinational corporations, cyber threats are no are increasingly becoming deadly. The rapid adoption of AI has introduced new challenges, with cybercriminals leveraging advanced tools to orchestrate sophisticated attacks. Deepfake scams, AI-powered phishing, and automated fraud are just a few examples of how attackers are staying ahead of traditional security defenses. In response, organizations across banking, media, and enterprise IT are ramping up security measures to stay ahead.
We bring together expert insights from industry leaders who are at the forefront of cybersecurity across different sectors to share insights on how organizations can adopt AI securely while mitigating threats, and balance innovation with governance to reinforce cyber resilience in an era of rapid digital transformation.
“In industries like construction and interior contracting—where IT was traditionally seen as a back-office function—such external threats have changed perceptions. Boards now demand direct reports from CISOs, recognizing that cyber risks can lead to financial and reputational damage.”
Ali Katkhuda, Group CIO, Depa Group
Tushar Vartak, EVP & Head of Information, Cyber Security, and Fraud Prevention at RAK Bank, sheds light on how financial institutions are combating AI-driven fraud and strengthening security frameworks. Anoop Kumar, CISO at Gulf News, highlights the unique cybersecurity challenges faced by media organizations, including misinformation threats and impersonation attacks. Ali Katkhuda, Group CIO at Depa Group, discusses the evolving role of cybersecurity in non-traditional tech industries, where board-level concerns are driving security investments.
The discussion also throws light on emerging technologies and risk management strategies with insights from Marc Manzano, General Manager – Cybersecurity at SandboxAQ, who explains the impact of AI on cybersecurity frameworks and how organizations can adapt. Ivan Milenkovic, Vice President – Cyber Risk Technology, EMEA at Qualys, provides a risk-based perspective on balancing security and business agility in AI adoption. The panel was moderated by Illyas Kooliyankal, CEO of CyberShelter and a renowned expert in the field of cyber security.
Together, these industry experts provide a comprehensive overview of how businesses can navigate the evolving cybersecurity landscape. They emphasize the importance of proactive security strategies, AI-driven defenses, governance frameworks, and a strong security culture to mitigate emerging threats. As cybersecurity continues to be a boardroom priority, organizations must strike a balance between innovation and security, ensuring resilience in an increasingly digital world.
Media organizations face significant cybersecurity threats, ranging from cyberattacks to geopolitical risks. Their real-time news reporting makes them highly vulnerable to content manipulation—whether through altered images, videos, or fabricated statements from influential figures—posing serious risks to public trust and global stability.
Anoop Kumar, CISO, Gulf News.
Cybersecurity Attacks in the Age of New Technologies
According to Tushar Vartak cyber attackers are often the first to exploit new technologies, and AI is no exception. Just as they leveraged virtualization for malware years ago, they are now using generative AI for more sophisticated attacks. A major concern is the rise of deepfake scams, where fraudulent videos have been used to authorize financial transactions. Similarly, synthetic identities pose a significant challenge for banks in verifying customers and conducting KYC processes.
Another alarming trend is AI-powered phishing, where attackers craft highly personalized and grammatically perfect phishing emails based on a target’s social media activity. Media organizations, though comparatively less regulated than other industries, face an extensive range of cybersecurity threats, says Anoop Kumar. These threats are not just limited to typical cyberattacks but also include geopolitical risks due to the sensitive nature of the content being published. He added that Gulf News, like many other media outlets, experiences a high volume of attacks—averaging around 25,000 daily—ranging from phishing and brute-force attacks to more sophisticated impersonation attempts and logo misuse.
One of the biggest concerns is automated phishing and “vishing” (voice phishing), where attackers try to exploit both employees and readers by impersonating trusted entities. Additionally, deepfake-related incidents are on the rise, creating a major risk of misinformation and reputational damage. Given that media organizations publish real-time news, any alteration or manipulation of images, videos, or written content—such as fabricating statements from influential figures—can have widespread consequences.
“While AI has been used for years in cybersecurity applications such as threat detection and anomaly detection, the current wave of AI, particularly generative AI (GenAI) and LLMs, presents new risks that security teams are struggling to mitigate.”
Marc Manzano, General Manager, Cybersecurity at SandboxAQ.
Despite these threats, media companies often struggle with limited security investments. Governance, risk, and compliance (GRC) frameworks play a crucial role in maintaining security, helping to ensure that all employees and third parties involved in the news production lifecycle—ranging from content creation and publishing to archiving and disposal—adhere to strict guidelines.
Moreover, insider threats and third-party risks are constant concerns. Media houses work with multiple stakeholders, including journalists, external content providers, and advertisers, creating multiple entry points for cybercriminals.
The adoption of technology at various stages is introducing new challenges, making continuous education a top priority. At Gulf News, efforts are underway to enhance acceptable use policies, refine processes, and adapt available technologies to effectively address these emerging threats.Bottom of Form
Ali Katkhuda, Group CIO of Depa Group, leads the IT initiatives of the multinational luxury interior contracting group specializing in high-end projects across hospitality, retail, and private aviation.
According to Katkhuda, while the construction and interior industry is not traditionally tech-driven, cybersecurity has become a top priority. Driven by board-level concerns and high-profile incidents like WannaCry and the recent CrowdStrike incident, cybersecurity strategy is built on three pillars: technology, governance, and people. While technology is the easiest to manage with proper tools, suppliers, and AI-driven security monitoring, governance and cultural differences across global offices pose challenges.
“AI can streamline vulnerability management by prioritizing threats based on exploitability, asset criticality, and exposure. Organizations should move beyond traditional vulnerability management to speed up security response while maintaining agility.”
Ivan Milenkovic, Vice President, Cyber Risk Technology, EMEA at Qualys
A major concern is the evolving nature of cyberattacks, especially AI-driven threats. The company has implemented AI-based security solutions for real-time monitoring and anomaly detection, recognizing that AI is both a threat and a defense tool. The shift to large language models (LLMs) has made attacks more sophisticated, particularly in areas like identity theft and boardroom cybersecurity. However, advancements such as zero-trust platforms and AI-powered security tools like XDR and MDR provide effective countermeasures.
The role of Chief Information Security Officers (CISOs) has gained significant prominence in recent years, largely due to the increasing frequency and sophistication of cyberattacks, regulatory pressures, and high-profile security incidents that have shaken industries worldwide. For instance, the WannaCry ransomware attack in 2017, which crippled healthcare and critical infrastructure globally, was a wake-up call for businesses. Similarly, recent cybersecurity incidents, such as the CrowdStrike update failure, have shown how vulnerabilities in third-party software can disrupt global operations. These events have highlighted the need for proactive security strategies and placed CISOs at the center of risk management and business continuity planning.
In industries like construction and interior contracting—where IT was traditionally seen as a back-office function—such external threats have changed perceptions. Boards now demand direct reports from CISOs, recognizing that cyber risks can lead to financial and reputational damage.
The increasing adoption of AI in cyber threats has further underscored the importance of CISOs. This shift has expanded the CISO’s role beyond compliance and policy enforcement to include strategic risk management, investment in cutting-edge security technologies, and fostering a cybersecurity-aware corporate culture. As businesses adopt zero-trust architectures, advanced threat monitoring tools (XDR, MDR), and AI-powered security analytics, CISOs are expected to drive these initiatives.
AI-driven cyberattacks have surged exponentially, causing a major shift in the cybersecurity landscape. Traditional security measures are being bypassed and what was once a predicted threat is now a reality, making it crucial for organizations to develop proactive strategies to combat these evolving risks.
Illyas Kooliyankal, CEO of CyberShelter
In fact, security is now embedded in the KPIs of CEOs, chairpersons, and board members, so that organizations can take proactive measures to prevent cyber threats from disrupting business operations.
Challenges in Times of AI-Driven Cyber AI-Driven Cyber Threats
Marc Manzano, General Manager, Cybersecurity at SandboxAQ, is a leading voice in the field of cybersecurity and quantum computing. Manzano warns that the rapid rise of AI-driven cyberattacks demands urgent and adaptive security strategies. Traditionally, cybersecurity has been able to adapt to technological advancements, but the unprecedented scale and speed at which AI is being deployed pose unique challenges. While AI has been used for years in cybersecurity applications such as threat detection and anomaly detection, the current wave of AI, particularly generative AI (GenAI) and LLMs, presents new risks that security teams are struggling to mitigate.
One of the most pressing concerns is the protection of sensitive data, as AI models require vast amounts of information for training and operation. ML infrastructure security, or MLOps security, is another critical area that has been largely overlooked in the rush to deploy AI solutions. Many organizations are pushing AI-driven tools into production without proper security assessments, leaving them exposed to vulnerabilities. Speed and security often conflict, and the accelerated deployment of AI solutions without proper safeguards has increased the risk of cyberattacks.
Looking ahead, the biggest threat comes from autonomous AI agents—AI systems capable of making decisions and executing tasks independently. These agents could automate complex processes, but without proper oversight, they might introduce significant security risks. If AI-generated software is deployed into production, organizations must have robust mechanisms to validate, monitor, and control these processes. The cybersecurity industry currently lacks the necessary tools to ensure AI-powered applications operate within security and compliance frameworks.
Another major challenge is identity management. Traditionally, security frameworks have focused on human identity management and more recently machine identity management. However, with AI’s rise, the boundary between human and non-human identity management is becoming increasingly blurred. Organizations need a more sophisticated approach to authentication and authorization, ensuring that both humans and AI-driven systems have the appropriate access levels at the right time. Unfortunately, existing identity and access management (IAM) tools are not yet equipped to handle this complexity at the scale and speed required by modern enterprises.
Overall, while AI is driving innovation and efficiency across industries, it is also exposing organizations to new cybersecurity risks. The gap between AI’s rapid advancement and cybersecurity readiness is widening, requiring urgent investment in security strategies that can keep pace with AI-driven transformation.
“Cyber attackers are often the first to exploit new technologies, and AI is no exception.”
Tushar Vartak, EVP & Head of Information, Cyber Security, and Fraud Prevention at RAK
Security in the Fabric of the Organization
Ivan Milenkovic, Vice President, Cyber Risk Technology, EMEA at Qualys says that cybersecurity is not an isolated function but an integral part of business strategy. But at the same time, cybersecurity is a supporting function that must align with business objectives rather than dictate them. The level of security an organization adopts is a business decision, influenced by factors such as risk appetite, regulatory requirements, and financial constraints.
With the rapid adoption of AI and emerging technologies, security teams must shift from a reactive, threat-centric approach to a proactive, risk-based strategy. Traditionally, cybersecurity teams focus on immediate threats, vulnerabilities, and potential breaches. However, this approach often leads to security being seen as an obstacle rather than an enabler. Instead, security professionals must work closely with business leaders to understand what is truly at stake—what assets, data, or operations are most valuable and what risks could impact them.
AI introduces new risks and enhances existing threats, making it even more crucial to take a holistic view of risk management. Security teams should anticipate emerging threat classes and integrate AI-driven security solutions. Rather than being seen as a cost center, cybersecurity should be positioned as a key component of business resilience and competitive advantage.
By embedding security discussions into business decision-making, organizations can ensure that AI and other technological advancements are implemented with the right safeguards. The focus should be on enabling informed decisions—equipping business leaders with the right insights to balance innovation with security. This approach not only mitigates risks but also fosters a culture where security is a business enabler, helping organizations innovate safely while maintaining trust and compliance.
The foundation of cybersecurity lies in cryptography, and modern organizations need better tools to manage it end-to-end. This includes discovering where and how cryptography is used, ensuring compliance, and automating vulnerability fixes without extensive human interventions. Effective cryptographic management enhances both data protection and system security, preventing breaches through robust authentication. A centralized, holistic approach—covering discovery, management, and remediation—is necessary to focus on emerging AI-driven threats rather than long-standing vulnerabilities.
Leveraging AI to Enhance Cybersecurity and Fraud ManagementBottom of Form
AI is a double-edged sword in cybersecurity and fraud management. On the dark web, malicious actors use jailbroken AI models like FraudGPT and WormGPT to craft highly sophisticated malware, generate targeted attacks, and bypass antivirus defenses. The evolution of AI-powered threats, such as the Morris 2 worm, highlights how AI assistants can be manipulated for data exfiltration and spreading cyber threats.
However, AI also strengthens cybersecurity defenses. AI-driven tools assist security teams in incident triaging, penetration testing, and automated response. A notable success story is using AI for multilingual fraud awareness campaigns in banking.
It is important to have a holistic approach to AI security, which covers various aspects like user rights, data accuracy, bias, and ethics. From a security standpoint, organizations must take responsibility for their defenses while relying on a trusted ecosystem of vendors and strategic partners.
A strong security strategy involves a combination of in-house expertise and external partnerships, such as 24/7 Security Operations Centers (SOCs). Additionally, businesses must address legacy systems, ERP constraints, and on-premise infrastructure, as cloud solutions are not always feasible. Cybersecurity efforts must cover the entire ecosystem, not just modern cloud environments.
Implementing Security and Governance Framework
A strong GRC (Governance, Risk, and Compliance) framework is essential for integrating AI securely and efficiently. The approach begins with asset and data awareness, ensuring that all data is identified and compliance is maintained through a structured pipeline. Automated audits help reduce costs by making compliance readiness more efficient. Risk-based decision-making, powered by predictive analytics, allows organizations to assess financial, operational, and security risks before implementation.
AI should be adopted strategically as a commodity while maintaining security and cost control. Additionally, education and governance play a crucial role in embedding security awareness across people, processes, and technology. By following this structured approach, organizations can achieve faster, more secure, and cost-effective market delivery.
