A new breed of sophisticated, AI-driven social engineering attacks is emerging, and CISOs are on high alert. The evolution in channels and tactics wielded by cybercriminals — such as deepfakes, for one — is making phishing attacks and other threats even harder to detect. “This area is changing very, very swiftly,” warns Thoughtworks CISO Nitin Raina in a recent video from our Executive Exchange series.
Bad actors are now leveraging AI to impersonate executives, demanding employees send money or sensitive information. Fake job interviews, such as the recent wave of DPRK IT worker scams, and multi-channel attacks that leverage email, WhatsApp, and SMS are also prevalent.
So, how should organizations prepare for this new era of “sophisticated deception”? According to Raina, “Employees are the first line of defense, so you have to spend time and effort to train them.” Implementing regular training, phishing simulations, and robust measures like phishing-resistant MFA, advanced email security, and zero-trust architecture are important steps to improve your organization’s cyber defenses.
The key, Raina emphasizes, is not just prevention but also rapid detection and response. As cyberattacks grow ever more advanced, the ability to quickly triage and respond to threats is critical for combating these threats.
Watch the full video above to hear more from Nitin Raina on emerging security threats, enabling the organization, and advice for CISOs.
