The rapidly evolving nature of AI is a double -edged sword with regard to cybersecurity. As friendly and beneficial as generating AI (Gen Ai) can be, it is also more and more badly used in the form of a cunning and manipulation, such as the deep voice, the face or name of a person or an organization to cause payments. By 2027, for example, 17% of total cyber attacks will involve the use of the AI generation, according to Gartner1. This figure should increase rapidly.
While high -level incidents continue to underline the scale and sophistication of AI threats, the same technology also offers companies powerful and proactive tools to defend their critical infrastructure and remain ahead of the attackers. For example, detection of models to identify intrusions in networks or spot new malware and other threats can point out an unusual and potentially harmful activity much faster than any human.
Consequently, the role of AI in cybersecurity has gone from a technical issue to a strategic commercial imperative.
“Cybersecurity is one of the main concerns today, and businesses invest massively to fight against this”
Aaron ChiewDigital channel chief for the DBS Institutional Banking Group
The dark side of AI: new borders in cyber-menaces
The AI brings powerful capacities, but these same capacities amplify cyber-risk in three main ways:
- Accelerated processing time – AI can deal with large sets of data very quickly, allowing crooks and fraudsters to identify usable models and design new scam tactics with unprecedented efficiency.
- Deepfake’s prevalence and credibility – an example was in Hong Kong, where Deepfake technology was used to usurp the identity of company managers during a video call, successfully convincing an account clerk to transfer $ 25 million to fraudsters.2
- Rapid creation of misleading or manipulative information in the form of scam content – including the automation of scam calls, the generation of false realistic advertisements and the creation of websites that imitate legitimate companies to encourage people to provide sensitive information or make unauthorized payments.
Such threats have large-scale repercussions, beyond obvious financial losses. One of the most damaging is the erosion of confidence, both within the organization and with customers.
For example, Chiew noted that employees can start questioning the authenticity of the calls they receive, uncertain if they really speak to the person they believe. This growing uncertainty could lead to more steps and verification process to confirm the legitimacy of communications. “Which could have been a quick transaction in the pre-A world could now take much more time,” he said. “The question of whether companies can maintain the same level of operational efficiency in the future is increasingly uncertain.”
The damage does not stop at the office door. The reconstruction of confidence with customers can take a long time once a cybersecurity incident becomes public knowledge.
Intensify the defenses against the cyber-menices of the AI
Companies are not motionless in this new era, with the threat of AI now. For example, 66% of organizations expect AI to have the most significant impact on cybersecurity of the coming year3.
In response, investment in cybersecurity protection measures has increased considerably in various industrial sectors. For example, in August 2024, Gartner planned that global expenses for end user information security would increase 15% this year to 212 billion dollars4.
At the same time, companies examine their processes and implement stricter communication policies with regard to the role of AI tools as an advanced way to identify and respond quickly to the dangers, said Chiew. “They relocate the way they interact with each other in a digital space, to understand how they implement these measures to protect cybersecurity in complete safety so that the current processes can take place gently.”
This triggers actions such as data protection policies more defined in terms of collection and storage, as well as stricter directives for the use of social media, as well as regular tests of systems and infrastructure.
Transform cyber risk into operational resilience
Companies are at different stages of their cybersecurity career, but in any case, a clear and structured path to protection is essential.
According to Chiew, start -up companies should start with the basics:
1. Check all requests carefully
Always check the credibility of requests received by e -mail – in particular those involving sensitive financial changes. For example, if an employee requests an update of the payroll or a supplier e-mail to modify the bank details, confirm the request by recalling a recorded verified number.
2. Audit your internal processes
Regularly examine internal work flows to identify weak points that could be exploited by human error or fraud. Even small procedural gaps can open the door to cyberrencies.
For mature stadium companies, the key is to strengthen and test stress:
1. Invest in penetration tests
Take cybersecurity professionals or specialized agencies to carry out penetration tests and simulate attacks. This allows you to discover vulnerabilities in systems, processes or infrastructure before attackers do it.
2. Monitor and continuously upgrade the systems
Periodically examine your infrastructure and security protocols to stay ahead of the evolution of threats. As Chiew warns: “It takes only an escape or a single gap – and for the crooks, finding and exploiting these gaps is full -time work.”
Explore DBS’s resources so that companies protect themselves from scams: https://go.dbs.com/protectyourbusiness
