Cybersecurity: threats are evolving with AI - and how to protect against them
January 20, 2025
/
5 minutes
Artificial Intelligence (AI) is revolutionizing our daily lives... including the small world of hackers. It is becoming both a powerful tool to enhance security and a formidable weapon in the wrong hands. Specifically, this means that the cyber threats of the coming years will escalate. Here’s a clear and relaxed overview of the new risks associated with AI, and most importantly how you – businesses as well as individuals – can stay one step ahead.
AI, a new ally of cybercriminals
AI is a bit like the Swiss Army knife of computer hackers: accessible, versatile, and incredibly effective. Recent reports show an explosion in AI-assisted attacks (+135% in 2023 according to Check Point). In other words, cybercrime is accelerating thanks to AI, used to create deepfakes, launch hyper-targeted phishing attacks, code elusive malware, and automate large-scale attacks. But what are we really talking about?
Deepfakes: These ultra-realistic video or audio montages generated by AI allow for astonishing identity theft. Imagine receiving a video call from your "CEO" demanding an urgent transfer, with their face and voice – while it’s actually a fake. This scenario is no longer science fiction: in 2024, a company in Hong Kong lost 26 million dollars after being tricked by a fake video conference where the scammers posed as executives using deepfakes. One can understand the potential harm of this "ultimate manipulation"! It is becoming increasingly difficult to distinguish the real from the fake, hence the need for heightened vigilance.
Next-Generation Phishing: Phishing (or "fishing") involves tricking you through a fraudulent email or message. With AI, these scams gain credibility. Gone are the blatant spelling errors: an advanced language model can craft an email that perfectly mimics the tone and style of a legitimate company. Better yet, AI can exploit public information (social media, data leaks) to personalize the message just for you. This AI-enhanced spear phishing is much more convincing – and dangerous – because it resembles a message one would genuinely expect. The result: the success rate of these attacks is skyrocketing (Google has observed a 78% increase in the success of AI-assisted phishing).
“Intelligent” Malware: Malware is evolving too. We are seeing the rise of polymorphic malware driven by AI, capable of constantly altering their code to evade antivirus software. For instance, some literally change their "signature" every few seconds, making traditional detection almost impossible. AI also helps hackers to develop malicious code faster (even automatically), without requiring extensive technical skills. In short, creating viruses and ransomware is becoming more accessible, which increases the number of potential attackers.
Large-Scale Automated Attacks: Bots, scanners, scripts… With AI, all this can operate at full throttle without human intervention. Armies of malicious bots are already scouring the web looking for exploitable vulnerabilities, accounting for a significant portion of traffic on the dark web. Whether to steal passwords, spread viruses, or conduct automated disinformation campaigns, AI allows cybercrime to be industrialized. Even complex attacks can now be launched in series and en masse by autonomous software. For defenders, it’s a bit like facing an opponent capable of multiplying infinitely.
In summary: innovations in AI are giving scammers new superpowers. Ultra-realistic deepfakes, undetectable fraudulent emails, evolving viruses, tireless hacker bots… The picture may look daunting. Fortunately, not everything is bleak: the same AI also offers new countermeasures and means to fight back! Before we get there, let’s first see how we, as humans, can reduce risks.
Protecting Yourself in 2025: Good High-Tech and Human Reflexes
Faced with these 2.0 threats, both businesses and individuals have every interest in strengthening their defenses, both with technological tools and with simple prudence. Good news, it is not about reinventing the wheel: often, it’s the rigorous application of good classic practices, enhanced with a dose of common sense in the face of AI.
For Individuals: vigilance and digital hygiene
Two-Factor Verification: If you receive an unusual request (urgent transfer, login code, etc.) via email, message, or even video call, take the time to verify through another channel. A direct phone call to the person concerned often helps clear up doubts. In 2025, hearing a familiar voice is no longer enough to guarantee that it’s the right person – voice deepfakes can imitate tone and intonation. Adopt the “four eyes” reflex: always confirm a sensitive request with a second reliable contact method.
Account Protection: Use strong and unique passwords (a password manager can help you with this) and enable two-factor authentication wherever possible. These basic measures remain devilishly effective, even against sophisticated attacks. A hacker who has stolen your password through phishing will be stopped cold if an SMS code or a fingerprint is also required.
Updates and Antivirus: Continue to diligently apply updates for your devices and applications. Many automated attacks exploit known vulnerabilities – which patches specifically address. A good up-to-date antivirus/anti-malware adds an extra layer of security, particularly against common malware. Admittedly, it won’t detect all “smart” malware, but it will already stop classic threats that remain plentiful.
Caution on the Web: Be extra careful before clicking on a link or downloading an attachment, even if the message seems authentic. If in doubt, do not click. Similarly, be wary of overly enticing or alarming content on social media – AI makes it easier to create fake viral content. Lastly, avoid overexposing your personal data online (date of birth, names of children, etc.): this information is a goldmine for fueling targeted scams.
Regular Backups: This advice has always been valid, but it makes all the more sense with the threat of ransomware (these programs that encrypt your files and then demand a ransom). Make frequent backups of your important data, ideally on an offline medium. In case of an attack, you won’t be held hostage to your files.
For Businesses: anticipating and training is the key to success
Employee Awareness: Humans remain the hackers' preferred weak link – but also your best asset if you turn them into a strong link. Regularly train your teams on cyber risks, especially the new scams related to AI. Simulate internal phishing, organize workshops on deepfakes, and share examples of scams that make the headlines. A well-trained employee is a company 60% less exposed to cyberattacks according to a Ponemon study. By combining technology and education, one can create a true human shield against threats, with each employee becoming an actor in security.
Immersive Training: There are now innovative solutions to train your troops in almost real conditions. For example, Riven has developed for IMD (in Lausanne) a cyberattack simulation in the form of a real-time multiplayer game, incorporating adaptive features and customizable scenarios. This type of “serious game” puts participants in the shoes of either attackers or defenders, raising their awareness of attacks (here, a ransomware) in a playful way. The goal? For everyone to acquire the right reflexes in a crisis situation, so as not to be caught off guard on D-day.
Advanced Monitoring and Detection: Equipped with appropriate tools, your information system can also keep watch 24/7. Consider deploying security solutions enhanced by AI (detection of abnormal behavior, real-time log analysis, etc.). These intelligent systems can detect subtle signals that a human would miss and can stop an emerging attack. They excel, for example, at identifying a spike in suspicious network traffic or an unusual login in the middle of the night. Of course, nothing replaces a human analyst for the final decision, but AI can significantly speed up your teams’ responsiveness.
Systematic Verification Policies: Implement strict control procedures, especially for sensitive operations. For instance, to avoid “fake president” fraud (in whatever high-tech form), require confirmation by phone from a second responsible party before any significant transfer. Similarly, be wary of urgent requests that deviate from the norm, even if they seem to come from a known senior executive – hierarchy should not prevent vigilance. It’s better to slightly offend a legitimate director through excessive caution than to lose millions due to a digital impersonator!
Access and Data Management: Adopt the principle of least privilege: each user or application should only access the data and systems necessary for their task. By limiting rights, the impact an intruder (human or AI) can have is reduced. Segment the network, encrypt sensitive data, and closely monitor administrator access. And of course, back up your critical data offline and test your disaster recovery plans – it cannot be emphasized enough.
Conclusion: AI, threat or shield?
If AI causes cold sweats by boosting attacks, it also brings great solutions to counter them. Predictive analysis, automated incident response, enhanced authentication… technology evolves on both sides. Ultimately, staying secure in the coming years will require a careful blend of tech and ground actions: investing in cutting-edge cybersecurity tools and cultivating good human reflexes.
The cyber war of tomorrow will not be fully automated – your vigilance and common sense will always make the difference. By staying informed, training your teams, and adopting a proactive posture, you can ride the wave of AI serenely, without tipping over to the dark side. After all, the best weapon against Skynet… is us!
