Middle East Business

Cyber Risks Aren’t Slowing Down

صورة المقال

Cyber Risks Aren’t Slowing Down

By Magnus Jelen, Lead Director of Incident Response UK & EMEA, Coveware by Veeam

Recent victories against major cybercriminal groups and the introduction of stronger cybersecurity regulations have created a perception that the threat landscape is becoming more manageable. Yet beneath the surface, the reality is far less reassuring. Cyberattacks continue to rise, threat actors are rapidly adapting their tactics, and artificial intelligence is accelerating the sophistication of malicious campaigns. In this environment, the greatest danger may not be the attackers themselves, but the complacency that can follow periods of apparent progress.

No one enters the cybersecurity industry expecting calm. The environment is fast-moving, unpredictable, and increasingly high-stakes. According to the World Economic Forum, the number of cyberattacks recorded each week has more than doubled, approaching 2,000 globally. While that figure may sound startling, a quick look at recent headlines suggests it is far from unrealistic—and those incidents represent only the attacks that become public knowledge.

The threat landscape is also evolving at remarkable speed. Artificial intelligence, once viewed as a future concern, is now actively being used by cybercriminals. Phishing campaigns have become more convincing, social engineering tactics more precise, and attackers are leveraging AI-powered tools, including chatbots, to assist in developing malicious code. Governments and regulators have responded with urgency, introducing new rules and strengthening enforcement efforts. Law enforcement agencies have also succeeded in disrupting several prominent cybercrime groups. While these developments are welcome, they risk creating a false sense of security. Cyber threats rarely disappear; they simply evolve.

A Threat Landscape in Transition

If there is one certainty in cybersecurity, it is constant change.

Over the past year, several notorious ransomware groups—including LockBit, BlackCat, and Black Basta—have either been dismantled, disappeared from view, or ceased operations. Across Europe, major regulatory initiatives such as NIS2 and DORA have sought to strengthen organizational resilience, particularly within critical sectors like financial services. In the UK, policymakers have even explored the possibility of banning ransomware payments for critical national infrastructure and public-sector organizations.

Viewed in isolation, these developments could suggest that the cybersecurity landscape is improving. Organizations might even be tempted to believe they can ease off the accelerator.

That would be a mistake.

Recent months have seen a series of successful attacks across Europe, particularly within the retail sector. While ransomware payments may have declined, cybercriminal activity has not. The removal of several large threat groups has created space for smaller actors and independent attackers to enter the market. These emerging players often operate with different motivations. Financial gain remains important, but many are increasingly focused on causing disruption, reputational damage, or operational chaos rather than securing the largest possible ransom.

Today, the ransomware ecosystem can largely be divided into two camps. On one side are highly targeted attacks aimed at large enterprises with significant financial resources. On the other are volume-driven Ransomware-as-a-Service operations conducted by smaller groups and lone actors seeking to maximize disruption through scale.

The result is a threat environment that remains every bit as dangerous as before—only more fragmented and unpredictable.

Compliance Is Not the Finish Line

Regulators have not stood still in response to these challenges.

The introduction of NIS2 and DORA marks a significant shift in how resilience is viewed and governed. NIS2, in particular, elevates cybersecurity from an IT concern to a boardroom responsibility. Senior executives are now expected to oversee cyber risk management directly, placing resilience alongside growth, profitability, and strategy as a core business priority. The regulation also introduces stronger requirements around risk management, mitigation measures, and incident reporting.

DORA, while focused specifically on financial services, tackles critical vulnerabilities such as third-party risk management and operational resilience in one of the most frequently targeted sectors.

These frameworks provide an important foundation for stronger cybersecurity. However, achieving compliance remains a considerable challenge. Prior to NIS2 taking effect, 66% of organizations expected to miss compliance deadlines. Meanwhile, six months after DORA's implementation, 96% of financial services organizations across EMEA still believed further improvements were necessary to meet resilience expectations.

The danger is that organizations may treat compliance as the destination rather than the starting point. Meeting regulatory requirements is important, but compliance alone does not guarantee security. Threat actors do not measure their attacks against regulatory checklists.

Building Resilience Beyond Regulation

The cybersecurity sector currently finds itself facing a perfect storm. Successful law-enforcement operations against major cybercriminal groups have created a sense of reassurance just as new attackers emerge with new tools and tactics. At the same time, intense focus on regulatory compliance risks narrowing organizational attention to minimum requirements rather than long-term resilience.

Organizations should resist the temptation to focus solely on external pressures and instead take a more strategic view of their own preparedness.

Data resilience maturity models can provide a valuable framework for doing so. Rather than addressing individual cybersecurity challenges in isolation, these models offer a structured approach to assessing current capabilities and identifying areas for improvement. By viewing resilience as an integrated discipline rather than a collection of disconnected initiatives, organizations can prioritize investments more effectively and strengthen their overall security posture.

Recovery planning deserves particular attention. While prevention and resilience should always be the primary objective, recovery capabilities are equally critical. Even the most mature organizations cannot eliminate risk entirely, and cybercriminals are unlikely to wait until defenses are fully optimized before launching an attack.

A simple but revealing question remains: if your organization suffered a significant cyberattack today, how long would recovery take?

If the answer would result in severe operational, financial, or reputational consequences, then now is the time to reassess recovery capabilities—not after the next incident occurs.

Cyber threats are becoming more frequent, more sophisticated, and more unpredictable. In such an environment, resilience is not a milestone to achieve but a capability that must be continuously strengthened. The real risk is not the storm itself. It is assuming the skies are clear when they are not.

التعليقات

أضف تعليقًا