The adoption of AI needs a policy framework to guide the industry and the public and AI based content creators about what they can create and what they cannot produce. If someone is creating AI based malicious and destructive data for criminal activities, then they must be punished as if they were making a pistol and rifle without a license. So, the policy framework is needed in a similar way as it is for producing arms like pistol and rifle for adoption and production of good AI.
According to the latest data revealed by Kaspersky, which is one of the leading cyber security companies in the world, cyberthreats in Pakistan increased by 17 percent in 2023 as compared to 2022. 24.4 percent of users in Pakistan were affected by online threats in Pakistan. Further, experts saw attacks using banking malware rise by 59 percent. Such attacks are designed to collect online banking credentials and other sensitive information from infected machines. Researchers also reported an increase of 35 percent in trojan attacks that disguise themselves as legitimate computer programs but are used to run malicious code by cybercriminals. In addition, ransomware attacks designed to encrypt a victim’s data, files, or system, making them accessible in exchange for a payment, increased by 24 percent in Pakistan.
On the other hand, a surge was seen in the number of targeted ransomware groups globally by 30 percent from 2022 to 2023. In parallel to this increase, the number of victims of targeted ransomware attacks spiked by 70 percent within the same time period. In another research study, a cyber security firm revealed that 15 percent of companies globally have experienced cyber incidents due to insufficient cybersecurity investment in the last two years. Alarmingly, critical infrastructure, oil and gas and energy organizations suffered the biggest number of cyber incidents due to improper budget allocation.
These big numbers show how individuals and organizations are suffering in the hands of cyber criminals and regulations are still lagging behind. Criminals are more active in using Artificial intelligence and countries need to proactively look to control them. Recently, during the 9th annual Cyber Security Weekend – META 2024, experts discussed how AI and Cybersecurity Regulations are crucial for safeguarding future generations from cyber-attacks.
Shahzad Shahid, Policy Advocate and Expert on IT and Digital Economy in Pakistan, believes that protection and policy framework is very important for the financial sector as people trust the financial institutions and give them their all information. There are two types of people. One knows who is hacked and the other doesn't know. Unfortunately, in the financial sector, people are being hacked indirectly and they are unaware of it. So, there is a need for controls in place, besides creating awareness and education. Further, there is a need for good policies and framework to protect the user’s data and producers and users of the technology so the trust factors among the stakeholders are not compromised.
Since the private sector has started adopting the AI first while the governments started late, so the governments can learn from the private sector experiences. Government and law enforcement agencies should have the same capability and capacity to counter the cyber criminals as they have who are using the latest technologies and tools to attack.
Experts from Kaspersky revealed that over 400,000 threats are countered by the cybersecurity officials only with the support of AI and Machine Learning. It would not be possible to detect and counter these huge numbers of threats on a daily basis. Technology always comes with some risks. So, there is a need to follow some guidelines and evolve good policy frameworks and guidelines to minimize the risks. Furthermore, humans should not solely rely on technology. One should not rely on ChatGpt alone as it presents the information in a confident way but it may not always be accurate. For this, humans need to make cross checks.
In Pakistan, the long-term policy making is quite slow due to bureaucratic hurdles and bottlenecks. Pakistan faces significant challenges in the realm of data protection, AI, and cybersecurity policies. While the country has made strides in developing regulations to safeguard data and privacy, implementation remains a considerable issue. The lack of comprehensive legislation and enforcement mechanisms leaves individuals and organizations vulnerable to data breaches and cyber threats. Moreover, the absence of a unified approach among various government agencies and stakeholders further complicates the situation.
Pakistan does not have comprehensive data protection laws similar to the GDPR (General Data Protection Regulation) in the European Union or the CCPA (California Consumer Privacy Act) in the United States. However, there are certain provisions related to data protection scattered across different laws and regulations.
Pakistan issued the first draft of the Pakistan Data Protection Act in 2018, and currently in 2024, it is still awaiting to be presented in the parliament. The first artificial intelligence policy is also in the phase of drafting based on four key points: enabling AI through awareness and readiness, AI market enablement, building a progressive and trusted environment, and its transformation and evolution. Pakistan issued a cloud policy in 2021, however, that too addresses only public sector enterprises. However, SECP and SBP issue regulations on cloud management for banking and private companies from time to time.
Strengthening collaboration between government bodies, industry players, and civil society is essential to develop comprehensive policies that balance innovation with ethical considerations and protect individuals' rights in the digital age.
AI can help to promote economic growth by encouraging investment in AI research and development, which can lead to the creation of new jobs and industries, as well as improved productivity and efficiency. The governments must come up with the roadmap of the adoption of Artificial Intelligence (AI) and can learn from the private sector as it has already started adopting it. In the META region, the government has started late on the adoption of the AI and awareness creation about AI as the commoners on the streets are unaware of the AI. The cybersecurity industry must follow the strict ethical principles for the protection of data and adoption of AI and ML.
The write is a staff member