TAdoption of AI requires a policy framework to guide the industry, the public and AI-based content creators on what they can and cannot create. If someone creates malicious and destructive AI-based data for criminal activities, then they should be punished as if they were manufacturing a pistol and rifle without a license. Thus, the policy framework is needed in the same way as for the production of weapons like pistols and rifles for the adoption and production of good AI.
According to the latest data revealed by Kaspersky, one of the leading cybersecurity companies in the world, cyber threats in Pakistan increased by 17% in 2023 compared to 2022. 24.4% of users in Pakistan were affected by threats in line in Pakistan. Additionally, experts noted a 59% increase in attacks using banking malware. Such attacks are designed to collect online banking credentials and other sensitive information from infected machines. Researchers also reported a 35% increase in attacks from Trojans that masquerade as legitimate computer programs but are used by cybercriminals to execute malicious code. Additionally, ransomware attacks designed to encrypt a victim’s data, files or system, making them accessible in exchange for payment, increased by 24% in Pakistan.
On the other hand, the number of targeted ransomware groups increased by 30% globally between 2022 and 2023. Along with this increase, the number of victims of targeted ransomware attacks increased by 70% over of the same period. In another study, a cybersecurity company revealed that 15% of companies worldwide faced cyber incidents due to insufficient investments in cybersecurity in the last two years. Alarmingly, critical infrastructure, oil, gas and energy organizations have suffered the highest number of cyber incidents due to inappropriate budget allocation.
These staggering figures show how much individuals and organizations are suffering at the hands of cybercriminals and regulations are still lagging behind. Criminals are using artificial intelligence more actively and countries must seek to proactively control them. Recently, at the 9th Annual Cybersecurity Weekend – META 2024, experts discussed the critical importance of AI and cybersecurity regulations to protect future generations from cyberattacks.
Shahzad Shahid, policy advocate and IT and digital economy expert in Pakistan, believes that protection and policy framework are very important for the financial sector because people trust financial institutions and give them all their information. There are two types of people. One knows who is being hacked and the other does not. Unfortunately, in the financial industry, people are being hacked indirectly and they don’t realize it. It is therefore necessary to put controls in place, in addition to raising awareness and educating. Furthermore, there is a need to put in place effective policies and framework to protect user data, as well as producers and users of the technology, so that trust factors among stakeholders are not compromised.
Since the private sector started adopting AI first, while governments started late, governments can therefore learn from the experiences of the private sector. Government and law enforcement should have the same capacity and capacity to counter cybercriminals as those who use the latest technologies and tools to attack.
Kaspersky experts revealed that more than 400,000 threats are countered by cybersecurity managers with the support of AI and machine learning alone. It would not be possible to detect and counter such a large number of threats on a daily basis. Technology always carries certain risks. It is therefore necessary to follow certain guidelines and develop good policy frameworks and guidelines to minimize risks. Additionally, humans should not rely solely on technology. You should not rely solely on ChatGpt as it presents information reliably, but it is not always accurate. This requires humans to cross-check.
In Pakistan, long-term policymaking is quite slow due to bureaucratic obstacles and bottlenecks. Pakistan faces significant challenges in the areas of data protection, AI and cybersecurity policies. Although the country has made progress in developing regulations to protect data and privacy, their implementation remains a considerable problem. The lack of comprehensive legislation and enforcement mechanisms leaves individuals and organizations vulnerable to data breaches and cyber threats. Additionally, the lack of a unified approach among different government agencies and stakeholders further complicates the situation.
Pakistan does not have comprehensive data protection laws similar to GDPR (General Data Protection Regulation) in the European Union or CCPA (California Consumer Privacy Act) in the United States. However, some data protection provisions are scattered across different laws and regulations.
Pakistan released the first Pakistani Data Protection Bill in 2018, and currently in 2024, it is still waiting to be presented in parliament. The first artificial intelligence policy is also in the development phase and is based on four key points: enabling AI through awareness and preparation, enabling the AI market, creating an environment progressive and reliable, as well as its transformation and evolution. Pakistan released a cloud computing policy in 2021, which also only addresses public sector enterprises. However, the SECP and SBP issue regulations on cloud management for banks and private companies from time to time.
Strengthening collaboration between government agencies, industry stakeholders and civil society is essential to developing comprehensive policies that balance innovation with ethical considerations and protect the rights of individuals in the digital age.
AI can help promote economic growth by encouraging investment in AI research and development, which can lead to the creation of new jobs and industries, as well as improved productivity and efficiency. Governments need to develop a roadmap for the adoption of artificial intelligence (AI) and can learn from the example of the private sector which has already started to adopt it. In the META region, the government started late in adopting AI and raising awareness about it because citizens on the street are not aware of AI. The cybersecurity industry must follow strict ethical principles for data protection and adoption of AI and ML.
Writing is a staff member
