Risk Trends 2025 and Beyond: Cyber security

Are you prepared to detect and defend against human hackers, especially those leveraging AI?

Cyber security is a hot topic that’s here to stay. Every year, hackers get more sophisticated, and their attacks more damaging. According to the Canadian Centre for Cyber Security, in 2023 alone, over 70,000 cyber incidents were reported in Canada, a 25 percent increase from the previous year. It cost Canadian cyber victims more than $3 billion in mitigation, recovery, and long-term damage control.

The growing threat of cyber risks

Picture this: you get an email that looks like it’s from your bank, asking you to update your password. You click the link, type in your old password and create a new one. Little do you know; a hacker is using your old password to access your credit card. This is a classic phishing attack. 

The introduction of trends in artificial intelligence (AI), like generative AI (GenAI) is making it harder to distinguish between legitimate and fraudulent communications. To combat this, organizations should implement robust email filters and educate employees to recognize phishing attempts. Multi-factor authentication can add an extra layer of security.

Ransomware attacks are another major threat. Hackers can lock an organization out of its own systems, denying access to data, and demand a ransom to restore access. Keeping software updated with the latest security patches is crucial to fend off these attacks. Also, having a data storage strategy, that maintains timely and reliable backups, may allow you to bypass paying the ransom. The most important control is optimizing your employees’ cyber awareness, so they know how to avoid phishing and insider risk situations. Insiders should be guided by cyber-related policy, which would also outline the acceptable and not acceptable use of AI.

Addressing key vulnerabilities

The rise of remote work has introduced new vulnerabilities. Without the structured security of an office environment, employees' home networks can be weak points. Using virtual private networks (VPNs), keeping security software updated, and educating employees on safe remote work practices can help secure these environments. 

As AI and machine-learning systems are being manipulated by hackers in new ways to commit cyber crime, regular audits, strict data validation, and contingency plans can help address potential AI-related vulnerabilities. Additionally, the National Institute of Standards and Technology has developed technical standards — including international ones — that promote trust in AI technologies and systems.

While it’s common to outsource tasks and services, it comes with risks. Third-party vendors can be entry points for cyber attacks. Thorough security assessments and enforcing strict access controls for these partners are essential.

In this ever-evolving trend, proactive measures, continuous monitoring, and employee education are key. By understanding and addressing these key cyber risk trends, your business can better safeguard its assets and ensure long-term stability. 

Why stop there? Here are other risks to consider:

• Deepfake AI voice and video manipulation
• Data breaches
• Cloud security threats
• IoT (Internet of Things) vulnerabilities
• Mobile security threats

Questions to ask: 

• What information technology (IT) changes have been made recently or are planned over the next three years? Could these changes weaken or remove controls?
• Can employees initiate large financial transactions remotely? Do you have a policy for how and where large financial transactions need to occur?
• Do you conduct background checks on all employees and third-party individuals who are given privileged access rights to your systems?
• How effective are your training and tools for preventing phishing attacks?