Artificial intelligence is being integrated into nearly every industry. Its applications span from marketing and logistics to journalism, finance, and even crime. Specifically, cybercrime.
Cyber attacks on major companies have already increased. Headline-grabbing attacks from the last five years include those on Caesars Entertainment and MGM Resorts in Las Vegas, the British Library, and Change Healthcare. Now, with artificial intelligence to aid cybercriminals, the threat is even more pressing. Let’s avoid overstressing the situation.
Cybercrime: A Quick History
Cybercrime has existed alongside the internet itself. In the early days of malicious programs, infections often came to early computers via floppy disks. However, the Morris Worm, the first known internet-distributed virus, was already in circulation by the late 1980s.
The 2000s brought social engineering viruses, the rise of phishing to steal information and login details, and, of course, pop-ups galore. Memorable cybercrime moments of that time included the compromise of the Miami Dolphins’ stadium website, IKEA, and The Sun.
Credential stuffing (thanks to decades of terrible password practices) and large-scale data scraping have been clear contenders for the most prominent forms of online exploitation in the last decade. Cybercriminals have demonstrated their ability to target not only corporations. Infrastructure-level organizations, including the UK’s National Health Service, Spain’s phone operator Telefonica, German railways, and France’s car manufacturer Renault, were all affected by 2017’s massive WannaCry attack.
Adapting to the New Age of Cyberthreats
While some tactics have remained stalwarts of cybercrime over the last several decades, some are unique to the modern era. Alternatively, they are reimagined versions of well-known attacks. Today, criminals can use AI to automate phishing campaigns, write malware code faster than you can blink, and simulate the voice of a real employee using deepfake calls.
Risk: AI-Generated Phishing Emails
Solution: AI email filtering
Traditional spam filters can miss AI-generated messages. New email security platforms now use behavioral fingerprinting. This technique detects content with unusual tone or timing, even if everything else in the message looks legitimate.
Risk: Deepfake Voice Attacks
Solution: Voice verification tools
Is this a recent development? CFOs are receiving voice memos that sound like their CEO requesting urgent wire transfers. To counter this, companies can use biometric voice recognition or multi-step verifications before answering sensitive questions, even over the phone.
Risk: Supply Chain Vulnerabilities
Solution: Vendor risk monitoring
Automated tools can help companies monitor software vendors for newly discovered vulnerabilities. These tools can also detect data handling issues or abnormal access patterns. It’s faster, and more dynamic than solely relying on annual security reviews.
Risk: Insider Threats Using Generative AI
Solution: Real-time DLP and tighter access controls
Internal staff now have a greater ability to run scripts or generate convincing content with AI. Consider tightening internal permissions, monitoring file movement, and setting up alert thresholds for abnormal behavior.
According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach was $4.88 million. The best time to rethink cybersecurity with a forward-looking perspective is right now. This is because the number of cyber threats is likely to climb in future years.
Holistic Security
Modern tools and approaches can significantly enhance the cybersecurity of any organization. But sometimes, the biggest weaknesses simply come down to the basics. The best way to approach cybersecurity is to build a strong foundation that is protected from many angles. Building a strong foundation involves several steps. You should educate your staff, enhance internal processes, and adopt a proactive approach.
- Train employees to recognize phishing, vishing, and social engineering attempts.
- Limit admin privileges so that only essential people have access to important systems.
- Make VPN usage a routine, especially for remote teams or frequent travelers. Investing in a business VPN is an affordable way to reduce your team’s exposure to surveillance or insecure Wi-Fi networks.
- Patch consistently. Out-of-date software is one of the easiest entry points for nefarious actors.
- Conduct regular security audits to find exposure areas before attackers.
Rethinking Cybersecurity in 2025
First off, don’t panic. Please consider postponing the emergency cybersecurity strategic problem-solving meeting. Take a moment to think about your systems. As of right now, who has access to what? Are there any shared login spreadsheets floating around your marketing team? Are there any systems that needed to be updated three weeks ago? Address those issues first. Then, make cybersecurity best practices something valued. Incorporate them into everything moving forward, including onboarding, contracts, Slack, and the kitchen sink (especially if it has a computer attached).
