CNME Editor Mark Forker sat down with Lothar Renner, Vice President of Cisco Security EMEA, for the first time since GISEC in May, to examine in more detail some of the findings that emerged from their Cisco Cybersecurity Readiness Index and AI Index reports, why there is such a insatiable demand to consume AI across the Middle East compared to other markets globally – and why the rush to adopt AI needs to be tempered with the realisation that it needs to be done securely.
Lothar Renner is one of the most respected thought leaders in the IT industry globally.
He has spent 25 years at the US technology giant, and few are better placed to comment on the current state of the cybersecurity landscape across the Middle East region.
Renner delivered a keynote presentation on the Executive Summit Stage during Black Hat MEA in Riyadh, at the beginning of this month.
He began our conversation by highlighting the sheer demand to use AI across the Gulf region, but particularly in the Kingdom of Saudi Arabia.
“We produced our annual Cisco Cybersecurity Readiness Index and our AI Index, and what became evident from the results is that there is a phenomenal appetite to use AI in Saudi Arabia, and it is much higher than the global average. That demand for AI is reflected across the entire Middle East region, but it is particularly pertinent in both the UAE and the KSA. They don’t just want to adopt AI at scale, they want to be leaders in AI, they want to be pioneers, and a great example of that is Abu Dhabi’s aspirations to be the world’s first fully AI-native government. Governments across the Gulf really do see AI as a key advantage, whereas other nations in different markets are much more resistant and cautious, but in the Middle East, nations have gone all in on AI,” said Renner.
The appetite to adopt AI is understandable, because if it is utilised and harnessed effectively then it can have a profound impact on your business.
However, a hugely worrying security statistic from one of Cisco’s reports showed a spike in AI security incidents in parallel to the increase in adoption of AI across the KSA.
“The excitement and hype around AI is palpable, but without trying to be negative, a worrying trend that emerged in our Cybersecurity Readiness Index was that 85% of respondents from the KSA had an AI-related incident in the last 12 months. On the one side you have the excitement, and then on the other side you see the risk. In the KSA they are still allowed to use their own devices, which is higher than the figure globally. At Cisco, I can bring my own device, but that device must be managed by the company. What I highlighted during my presentation was the need to control and secure the communication between the employees and public GenAI applications. Employees are using GenAI to enhance their productivity and boost their creativity, but they are using it without fully understanding that they are exposing proprietary data in the GenAI application. It’s a huge issue, you have to control the data that employees are putting in when accessing GenAI tools, and it is something organisations have to get on top off right away,” said Renner.
Agentic AI has dominated the AI conversation over the last 12 months, but Renner stressed the need for organisations to better control their work environment.
“I think it’s become quite evident that bad actors have the capability to weaponise AI. In the past when a company disclosed some of their vulnerabilities you could count the number of weeks until the first attack happened, but now with AI that’s down to minutes. At Cisco, we believe in the power of AI, and we see ten-fold productivity gains, but you need to control your environment more than ever before. It’s critical organisations control their environments in order to unleash the power of AI. Agentic AI has emerged massively over the last 12 months, but when AI agents speak to each other how do you make sure that there is no bad actor interfering in that? The security attack surface has expanded radically into new areas, and agentic AI, and AI agents must be secured in the same way as we secure machine-to-machine communication, or application security,” said Renner.
Renner believes that organisations must classify AI agents as digital employees, in a bid to counteract growing security concerns about the deployment of agents across the enterprise.
“The productivity gains that AI agents are providing is immense, and it’s only going to grow. However, when it comes to the question of access, I think it’s imperative that organisations view AI agents as employees, and not just as a technology. Cybersecurity vendors really have to find ways to ensure they are protecting their AI agents. At Cisco, we have introduced products that are designed to secure AI agents. I don’t see how regulations from a government perspective would help the situation, instead I think the focus needs to be on determining how AI is going to help your business. What is it that you want AI to help you with? I think it’s more of a cultural shift that is required within organisations. At the end of the day, Agentic AI is here to stay, so you need to treat AI agents as digital employees, and there might be AI agents that you can’t control because you might be using them from external sources, but you need to control the communications flow,” said Renner.
Cisco has claimed that its broad portfolio of products has positioned the company to be somewhat of a pioneer when it comes to the cybersecurity space.
“At the end of the day everybody has to access applications, whether they are hosted in a datacentre, whether its a SaaS application, or whether it’s in relation to the AI piece where organisations are trying to control the LLM models that you have. It’s all about access, but it’s complex and there are a lot of moving parts. At Cisco, we recognised that we needed to unify all of this. We needed to unify all of this and bring it together so we achieve unified visibility, unified management, and ultimately a unified policy. We centralised everything and we created a unified policy engine. We have moved away from the concept of islands of enforcements that are isolated. We have gone beyond Cisco, we know our customers have multi-vendor environments, so we needed to provide a multi-vendor environment to support our customers. I think this approach is the key differentiator that Cisco has in the market, and why we have in many ways redefined cybersecurity,” said Renner.
The complexity of absorbing a company following an acquisition has been well documented.
However, many analysts have been quick to point to Cisco’s acquisition of Splunk as a prime example of a what a good acquisition looks like.
Renner believes the acquisition of Splunk has greatly broadened their security offering, and reiterated the importance of providing customers with choice.
“When we acquired Splunk it was known for its core strength, but it was also known for its openness and multi-environment. Cisco communicated very clearly at the start of the acquisition that it was not changing the way Splunk integrates with other vendors, because we don’t see the other security vendors as enemies. We believe that we need to jointly fight together to stop the bad actors. We wanted to integrate Splunk much deeper into the Cisco portfolio whether that was in security or networking. However, despite our desire to embed Splunk much deeper into our products, we still wanted to give customers the choice to choose what they want to integrate with Splunk. We wanted a native integration far beyond what existed before we acquired Splunk, and we have achieved that,” said Renner.
Renner concluded a typically engaging and informative exchange by highlighting how many organisations are guilty of thinking multi-factor authentication are bullet proof, and he conceded that identity-based attacks continue to head in an upward trajectory.
“The threat landscape is always changing and evolving, but the classical malware that we had for years and the ransomware attacks has declined significantly, now does that mean it’s over, or is it just a moment in time, it’s hard to predict. However, what is evident that identity-based attacks are on the rise, and with AI now in the mix it has become even more nuanced. The other thing we have seen is that more and more customers have rolled out multi-factor authentication and are under the impression that once they roll that out they are secure, but that’s not the case. In my opinion MFA implementations are not good enough. So, whilst the threat landscape is always evolving, I believe that identity-based attacks are going to continue to grow exponentially, and issues around MFA implementations will increase,” said Renner.
