The period that we are currently living through is a time of fast-evolving, dynamic, and even game-changing factors in technology that are significantly affecting cyber security and global safety. We are witnessing rapidly growing and globally penetrating technological advancements, including artificial intelligence, threat actors who learn fast, and malicious programmes that evolve quickly. Stronger employee awareness, AI-enhanced cyber defence tools and close public-private partnerships are all key factors to help companies stay ahead.
This year, Cyber Security Awareness Month is not just about reminding employees and people worldwide of the regular measures they must take, such as using strong passwords, activating multi-factor authentication, updating software, and staying vigilant about known threats. These are all very important, but we must also place much more emphasis on talking about and educating people on new, evolving threats and the importance of collective responsibility.
A threat landscape turbo-charged by automation and AI
The rapid advancement of AI technologies has fundamentally changed the nature of cyber threats. Cyberattacks are becoming increasingly sophisticated, with threat actors now leveraging artificial intelligence to automate, personalise, and scale their methods. The following examples illustrate how AI is transforming – and amplifying – the threat landscape:
- Fast-generating personalised phishing: AI can be used to craft highly convincing emails and messages by leveraging public data, making them harder to detect.
- Dynamic malware generation: these are solutions that create dynamic and evasive malware that constantly changes its code or behaviour to bypass traditional antivirus systems.
- Automated social engineering tools: these mimic human communication, making voice and video impersonations (vishing) more realistic and effective. Voice cloning can make phone calls sound exactly like a trusted person and be used to extract confidential information.
- Automated vulnerability discovery: AI-powered tools, often programmed by threat actors, can scan and detect vulnerabilities much faster, and attempt to exploit them using intelligent bots, making the risk of compromise and data breaches much more real.
- Bypassing biometrics: sophisticated deepfakes could potentially even be used to bypass facial or voice recognition systems, to give bad actors unauthorised access to an organisation’s systems.
Employee training to fight new threats
It is critically important to educate people on how to protect themselves and the organisations they work for against these new, evolving threats. Employees should stay alert at all times and question every message they receive, always checking links in emails before clicking on them. They must also be trained in more advanced verification techniques and fact-checking methods. The new-generation phishing and vishing attacks outlined above can be very convincing. However, it is still possible to identify fake emails, voice and video messages if you know how to look out for the warning signs:
- Always question urgent requests, even if at first sight they appear to come from a trusted source.
- Verify the supposed sender of such a request by calling them back on a known, trusted number. Agreed codewords or other personal checks can also be useful for particularly sensitive communications.
- On video calls, look out for unnatural eye movements, lip-synch issues, robotic or unnatural body movements, or slightly different facial features that could indicate you are interacting with a fake, not a real person.
Above all, if a call or message feels strange or overly urgent, pause and verify.
Advanced, AI-enhanced cyber security tools
While artificial intelligence is clearly being used to drive an increase in the number and the sophistication of cyber threats, it also offers us a valuable opportunity to strengthen our existing defences. Organisations can harness AI to improve threat detection capabilities, monitor systems more effectively to identify any suspicious activity, and strengthen email protection tools to block malicious content.
Read our article AI in cyber security: a new era in government visa services
At TLScontact, we are deploying AI-enhanced solutions to strengthen cyber security across our IT ecosystem. These technologies provide endpoint and email protection, threat detection and response, and intelligence-driven monitoring to identify and combat sophisticated attacks.
All implementations are deployed responsibly and in accordance with the EU AI Act, GDPR, as well as internationally-recognised cyber security best practices, including relevant ISO and NIST guidance, to ensure transparency, robust risk management, and human oversight throughout.
Public-private partnerships to counter cybercrime
Finally, recent developments show that public-private partnerships are crucial to combat cybercrime effectively. While governments and law enforcement agencies have the mechanisms and authority to prosecute cybercriminals, private companies and organisations operate in innovative and fast-developing environments that can support investigations, help collect evidence and stay ahead of threat actors in terms of technology.
As a member of the Computer Crime and Digital Evidence Committee of the International Association of Chiefs of Police (IACP), I can see the value of forums that bring together public and private sector actors to exchange and coordinate on these topics. Our in-house cyber security team also works closely with expert partners and the government departments that we represent, such as the UK Home Office, to help us maintain robust cyber defences in the face of a rapidly evolving threat landscape. Working together, we can identify and counter emerging cyber threats more effectively and ensure stronger deterrence against malicious actors.
Combating new AI-driven threats demands more than just advanced technology. It requires informed people, intelligent systems, and strong collaboration. By combining continuous employee training, AI-powered defence tools, and close collaboration between public and private sector, organisations can stay one step ahead in this new era of digital risk.
Article written by
Filip Stojanovic, Head of Cyber Security