Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.
So, what can be done about these cyber threats now?
That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”
They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.
Human-Centric Cyber Threats 101
Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?
As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.
The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.
How Has AI Impacted Human-Centric Cyber Threats?
AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.
As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.
In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”
In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.
These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.
Unfortunately, it doesn’t stop there.
As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.
How to Counter AI-Powered Human-Centric Cyber Threats
Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.
Enhancing Email Security Measures
The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.
Tom provides a brief overview of how you can do this.
No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.
No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.
And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.
Keeping Up With System Updates
Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.
Top of Form
Nurturing a Culture of Skepticism
The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.
At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”
Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.
They should always ask themselves – who is sending this, and why are they doing so?
This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.
Growing the Cybersecurity Culture
The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.
Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.
According to Tom, it will probably take at least 18 months before these results start to show.
During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.
However, this strong interdepartmental relationship is important for another reason.
As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”
Staying Educated
The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.
The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.
Conducting Regular Training
For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.
Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.
But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.
However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.
So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.
Following in the Competitors’ Footsteps
When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.
However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.
Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.
Stay Vigilant
It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.
So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.
-
From the same author
Read the articleSource:
- Agenda Digitale, published on November 25th, 2025
In recent years, the word ” sustainability ” has become a firm fixture in the corporate lexicon. However, simply “doing no harm” is no longer enough: the climate crisis , social inequalities , and the erosion of natural resources require a change of pace. This is where the net-positive paradigm comes in , a model that isn’t content to simply reduce negative impacts, but aims to generate more social and environmental value than is consumed.
This isn’t about philanthropy, nor is it about reputational makeovers: net-positive is a strategic approach that intertwines economics, technology, and corporate culture. Within this framework, digitalization becomes an essential lever, capable of enabling regenerative models through circular platforms and exponential technologies.
Blockchain, AI, and IoT: The Technological Triad of Regeneration
Blockchain, Artificial Intelligence, and the Internet of Things represent the technological triad that makes this paradigm shift possible. Each addresses a critical point in regeneration.
Blockchain guarantees the traceability of material flows and product life cycles, allowing a regenerated dress or a bottle collected at sea to tell their story in a transparent and verifiable way.
Artificial Intelligence optimizes recovery and redistribution chains, predicting supply and demand, reducing waste and improving the efficiency of circular processes .
Finally, IoT enables real-time monitoring, from sensors installed at recycling plants to sharing mobility platforms, returning granular data for quick, informed decisions.
These integrated technologies allow us to move beyond linear vision and enable systems in which value is continuously regenerated.
New business models: from product-as-a-service to incentive tokens
Digital regeneration is n’t limited to the technological dimension; it’s redefining business models. More and more companies are adopting product-as-a-service approaches , transforming goods into services: from technical clothing rentals to pay-per-use for industrial machinery. This approach reduces resource consumption and encourages modular design, designed for reuse.
At the same time, circular marketplaces create ecosystems where materials, components, and products find new life. No longer waste, but input for other production processes. The logic of scarcity is overturned in an economy of regenerated abundance.
To complete the picture, incentive tokens — digital tools that reward virtuous behavior, from collecting plastic from the sea to reusing used clothing — activate global communities and catalyze private capital for regeneration.
Measuring Impact: Integrated Metrics for Net-Positiveness
One of the main obstacles to the widespread adoption of net-positive models is the difficulty of measuring their impact. Traditional profit-focused accounting systems are not enough. They need to be combined with integrated metrics that combine ESG and ROI, such as impact-weighted accounting or innovative indicators like lifetime carbon savings.
In this way, companies can validate the scalability of their models and attract investors who are increasingly attentive to financial returns that go hand in hand with social and environmental returns.
Case studies: RePlanet Energy, RIFO, and Ogyre
Concrete examples demonstrate how the combination of circular platforms and exponential technologies can generate real value. RePlanet Energy has defined its Massive Transformative Purpose as “Enabling Regeneration” and is now providing sustainable energy to Nigerian schools and hospitals, thanks in part to transparent blockchain-based supply chains and the active contribution of employees. RIFO, a Tuscan circular fashion brand, regenerates textile waste into new clothing, supporting local artisans and promoting workplace inclusion, with transparency in the production process as a distinctive feature and driver of loyalty. Ogyre incentivizes fishermen to collect plastic during their fishing trips; the recovered material is digitally tracked and transformed into new products, while the global community participates through tokens and environmental compensation programs.
These cases demonstrate how regeneration and profitability are not contradictory, but can actually feed off each other, strengthening the competitiveness of businesses.
From Net Zero to Net Positive: The Role of Massive Transformative Purpose
The crucial point lies in the distinction between sustainability and regeneration. The former aims for net zero, that is, reducing the impact until it is completely neutralized. The latter goes further, aiming for a net positive, capable of giving back more than it consumes.
This shift in perspective requires a strong Massive Transformative Purpose: an inspiring and shared goal that guides strategic choices, preventing technology from becoming a sterile end. Without this level of intentionality, even the most advanced tools risk turning into gadgets with no impact.
Regenerating business also means regenerating skills to train a new generation of professionals capable not only of using technologies but also of directing them towards regenerative business models. From this perspective, training becomes the first step in a transformation that is simultaneously cultural, economic, and social.
The Regenerative Future: Technology, Skills, and Shared Value
Digital regeneration is not an abstract concept, but a concrete practice already being tested by companies in Europe and around the world. It’s an opportunity for businesses to redefine their role, moving from mere economic operators to drivers of net-positive value for society and the environment.
The combination of blockchain, AI, and IoT with circular product-as-a-service models, marketplaces, and incentive tokens can enable scalable and sustainable regenerative ecosystems. The future of business isn’t just measured in terms of margins, but in the ability to leave the world better than we found it.
Read the articleSource:
- Raconteur, published on November 06th, 2025
Many firms have conducted successful Artificial Intelligence (AI) pilot projects, but scaling them across departments and workflows remains a challenge. Inference costs, data silos, talent gaps and poor alignment with business strategy are just some of the issues that leave organisations trapped in pilot purgatory. This inability to scale successful experiments means AI’s potential for improving enterprise efficiency, decision-making and innovation isn’t fully realised. So what’s the solution?
Although it’s not a magic bullet, an AI operating model is really the foundation for scaling pilot projects up to enterprise-wide deployments. Essentially it’s a structured framework that defines how the organisation develops, deploys and governs AI. By bringing together infrastructure, data, people, and governance in a flexible and secure way, it ensures that AI delivers value at scale while remaining ethical and compliant.
“A successful AI proof-of-concept is like building a single race car that can go fast,” says Professor Yu Xiong, chair of business analytics at the UK-based Surrey Business School. “An efficient AI technology operations model, however, is the entire system – the processes, tools, and team structures – for continuously manufacturing, maintaining, and safely operating an entire fleet of cars.”
But while the importance of this framework is clear, how should enterprises establish and embed it?
“It begins with a clear strategy that defines objectives, desired outcomes, and measurable success criteria, such as model performance, bias detection, and regulatory compliance metrics,” says Professor Azadeh Haratiannezhadi, co-founder of generative AI company Taktify and professor of generative AI in cybersecurity at OPIT – the Open Institute of Technology.
Platforms, tools and MLOps pipelines that enable models to be deployed, monitored and scaled in a safe and efficient way are also essential in practical terms.
“Tools and infrastructure must also be selected with transparency, cost, and governance in mind,” says Efrain Ruh, continental chief technology officer for Europe at Digitate. “Crucially, organisations need to continuously monitor the evolving AI landscape and adapt their models to new capabilities and market offerings.”
An open approach
The most effective AI operating models are also founded on openness, interoperability and modularity. Open source platforms and tools provide greater control over data, deployment environments and costs, for example. These characteristics can help enterprises to avoid vendor lock-in, successfully align AI to business culture and values, and embed it safely into cross-department workflows.
“Modularity and platformisation…avoids building isolated ‘silos’ for each project,” explains professor Xiong. “Instead, it provides a shared, reusable ‘AI platform’ that integrates toolchains for data preparation, model training, deployment, monitoring, and retraining. This drastically improves efficiency and reduces the cost of redundant work.”
A strong data strategy is equally vital for ensuring high-quality performance and reducing bias. Ideally, the AI operating model should be cloud and LLM agnostic too.
“This allows organisations to coordinate and orchestrate AI agents from various sources, whether that’s internal or 3rd party,” says Babak Hodjat, global chief technology officer of AI at Cognizant. “The interoperability also means businesses can adopt an agile iterative process for AI projects that is guided by measuring efficiency, productivity, and quality gains, while guaranteeing trust and safety are built into all elements of design and implementation.”
A robust AI operating model should feature clear objectives for compliance, security and data privacy, as well as accountability structures. Richard Corbridge, chief information officer of Segro, advises organisations to: “Start small with well-scoped pilots that solve real pain points, then bake in repeatable patterns, data contracts, test harnesses, explainability checks and rollback plans, so learning can be scaled without multiplying risk. If you don’t codify how models are approved, deployed, monitored and retired, you won’t get past pilot purgatory.”
Of course, technology alone can’t drive successful AI adoption at scale: the right skills and culture are also essential for embedding AI across the enterprise.
“Multidisciplinary teams that combine technical expertise in AI, security, and governance with deep business knowledge create a foundation for sustainable adoption,” says Professor Haratiannezhadi. “Ongoing training ensures staff acquire advanced AI skills while understanding associated risks and responsibilities.”
Ultimately, an AI operating model is the playbook that enables an enterprise to use AI responsibly and effectively at scale. By drawing together governance, technological infrastructure, cultural change and open collaboration, it supports the shift from isolated experiments to the kind of sustainable AI capability that can drive competitive advantage.
In other words, it’s the foundation for turning ambition into reality, and finally escaping pilot purgatory for good.
-
Go to all authors
Related posts
Source:
- Agenda Digitale, published on November 25th, 2025
In recent years, the word ” sustainability ” has become a firm fixture in the corporate lexicon. However, simply “doing no harm” is no longer enough: the climate crisis , social inequalities , and the erosion of natural resources require a change of pace. This is where the net-positive paradigm comes in , a model that isn’t content to simply reduce negative impacts, but aims to generate more social and environmental value than is consumed.
This isn’t about philanthropy, nor is it about reputational makeovers: net-positive is a strategic approach that intertwines economics, technology, and corporate culture. Within this framework, digitalization becomes an essential lever, capable of enabling regenerative models through circular platforms and exponential technologies.
Blockchain, AI, and IoT: The Technological Triad of Regeneration
Blockchain, Artificial Intelligence, and the Internet of Things represent the technological triad that makes this paradigm shift possible. Each addresses a critical point in regeneration.
Blockchain guarantees the traceability of material flows and product life cycles, allowing a regenerated dress or a bottle collected at sea to tell their story in a transparent and verifiable way.
Artificial Intelligence optimizes recovery and redistribution chains, predicting supply and demand, reducing waste and improving the efficiency of circular processes .
Finally, IoT enables real-time monitoring, from sensors installed at recycling plants to sharing mobility platforms, returning granular data for quick, informed decisions.
These integrated technologies allow us to move beyond linear vision and enable systems in which value is continuously regenerated.
New business models: from product-as-a-service to incentive tokens
Digital regeneration is n’t limited to the technological dimension; it’s redefining business models. More and more companies are adopting product-as-a-service approaches , transforming goods into services: from technical clothing rentals to pay-per-use for industrial machinery. This approach reduces resource consumption and encourages modular design, designed for reuse.
At the same time, circular marketplaces create ecosystems where materials, components, and products find new life. No longer waste, but input for other production processes. The logic of scarcity is overturned in an economy of regenerated abundance.
To complete the picture, incentive tokens — digital tools that reward virtuous behavior, from collecting plastic from the sea to reusing used clothing — activate global communities and catalyze private capital for regeneration.
Measuring Impact: Integrated Metrics for Net-Positiveness
One of the main obstacles to the widespread adoption of net-positive models is the difficulty of measuring their impact. Traditional profit-focused accounting systems are not enough. They need to be combined with integrated metrics that combine ESG and ROI, such as impact-weighted accounting or innovative indicators like lifetime carbon savings.
In this way, companies can validate the scalability of their models and attract investors who are increasingly attentive to financial returns that go hand in hand with social and environmental returns.
Case studies: RePlanet Energy, RIFO, and Ogyre
Concrete examples demonstrate how the combination of circular platforms and exponential technologies can generate real value. RePlanet Energy has defined its Massive Transformative Purpose as “Enabling Regeneration” and is now providing sustainable energy to Nigerian schools and hospitals, thanks in part to transparent blockchain-based supply chains and the active contribution of employees. RIFO, a Tuscan circular fashion brand, regenerates textile waste into new clothing, supporting local artisans and promoting workplace inclusion, with transparency in the production process as a distinctive feature and driver of loyalty. Ogyre incentivizes fishermen to collect plastic during their fishing trips; the recovered material is digitally tracked and transformed into new products, while the global community participates through tokens and environmental compensation programs.
These cases demonstrate how regeneration and profitability are not contradictory, but can actually feed off each other, strengthening the competitiveness of businesses.
From Net Zero to Net Positive: The Role of Massive Transformative Purpose
The crucial point lies in the distinction between sustainability and regeneration. The former aims for net zero, that is, reducing the impact until it is completely neutralized. The latter goes further, aiming for a net positive, capable of giving back more than it consumes.
This shift in perspective requires a strong Massive Transformative Purpose: an inspiring and shared goal that guides strategic choices, preventing technology from becoming a sterile end. Without this level of intentionality, even the most advanced tools risk turning into gadgets with no impact.
Regenerating business also means regenerating skills to train a new generation of professionals capable not only of using technologies but also of directing them towards regenerative business models. From this perspective, training becomes the first step in a transformation that is simultaneously cultural, economic, and social.
The Regenerative Future: Technology, Skills, and Shared Value
Digital regeneration is not an abstract concept, but a concrete practice already being tested by companies in Europe and around the world. It’s an opportunity for businesses to redefine their role, moving from mere economic operators to drivers of net-positive value for society and the environment.
The combination of blockchain, AI, and IoT with circular product-as-a-service models, marketplaces, and incentive tokens can enable scalable and sustainable regenerative ecosystems. The future of business isn’t just measured in terms of margins, but in the ability to leave the world better than we found it.
Source:
- Raconteur, published on November 06th, 2025
Many firms have conducted successful Artificial Intelligence (AI) pilot projects, but scaling them across departments and workflows remains a challenge. Inference costs, data silos, talent gaps and poor alignment with business strategy are just some of the issues that leave organisations trapped in pilot purgatory. This inability to scale successful experiments means AI’s potential for improving enterprise efficiency, decision-making and innovation isn’t fully realised. So what’s the solution?
Although it’s not a magic bullet, an AI operating model is really the foundation for scaling pilot projects up to enterprise-wide deployments. Essentially it’s a structured framework that defines how the organisation develops, deploys and governs AI. By bringing together infrastructure, data, people, and governance in a flexible and secure way, it ensures that AI delivers value at scale while remaining ethical and compliant.
“A successful AI proof-of-concept is like building a single race car that can go fast,” says Professor Yu Xiong, chair of business analytics at the UK-based Surrey Business School. “An efficient AI technology operations model, however, is the entire system – the processes, tools, and team structures – for continuously manufacturing, maintaining, and safely operating an entire fleet of cars.”
But while the importance of this framework is clear, how should enterprises establish and embed it?
“It begins with a clear strategy that defines objectives, desired outcomes, and measurable success criteria, such as model performance, bias detection, and regulatory compliance metrics,” says Professor Azadeh Haratiannezhadi, co-founder of generative AI company Taktify and professor of generative AI in cybersecurity at OPIT – the Open Institute of Technology.
Platforms, tools and MLOps pipelines that enable models to be deployed, monitored and scaled in a safe and efficient way are also essential in practical terms.
“Tools and infrastructure must also be selected with transparency, cost, and governance in mind,” says Efrain Ruh, continental chief technology officer for Europe at Digitate. “Crucially, organisations need to continuously monitor the evolving AI landscape and adapt their models to new capabilities and market offerings.”
An open approach
The most effective AI operating models are also founded on openness, interoperability and modularity. Open source platforms and tools provide greater control over data, deployment environments and costs, for example. These characteristics can help enterprises to avoid vendor lock-in, successfully align AI to business culture and values, and embed it safely into cross-department workflows.
“Modularity and platformisation…avoids building isolated ‘silos’ for each project,” explains professor Xiong. “Instead, it provides a shared, reusable ‘AI platform’ that integrates toolchains for data preparation, model training, deployment, monitoring, and retraining. This drastically improves efficiency and reduces the cost of redundant work.”
A strong data strategy is equally vital for ensuring high-quality performance and reducing bias. Ideally, the AI operating model should be cloud and LLM agnostic too.
“This allows organisations to coordinate and orchestrate AI agents from various sources, whether that’s internal or 3rd party,” says Babak Hodjat, global chief technology officer of AI at Cognizant. “The interoperability also means businesses can adopt an agile iterative process for AI projects that is guided by measuring efficiency, productivity, and quality gains, while guaranteeing trust and safety are built into all elements of design and implementation.”
A robust AI operating model should feature clear objectives for compliance, security and data privacy, as well as accountability structures. Richard Corbridge, chief information officer of Segro, advises organisations to: “Start small with well-scoped pilots that solve real pain points, then bake in repeatable patterns, data contracts, test harnesses, explainability checks and rollback plans, so learning can be scaled without multiplying risk. If you don’t codify how models are approved, deployed, monitored and retired, you won’t get past pilot purgatory.”
Of course, technology alone can’t drive successful AI adoption at scale: the right skills and culture are also essential for embedding AI across the enterprise.
“Multidisciplinary teams that combine technical expertise in AI, security, and governance with deep business knowledge create a foundation for sustainable adoption,” says Professor Haratiannezhadi. “Ongoing training ensures staff acquire advanced AI skills while understanding associated risks and responsibilities.”
Ultimately, an AI operating model is the playbook that enables an enterprise to use AI responsibly and effectively at scale. By drawing together governance, technological infrastructure, cultural change and open collaboration, it supports the shift from isolated experiments to the kind of sustainable AI capability that can drive competitive advantage.
In other words, it’s the foundation for turning ambition into reality, and finally escaping pilot purgatory for good.
Have questions?
Visit our FAQ page or get in touch with us!
Write us at +39 335 576 0263
Get in touch at hello@opit.com
Talk to one of our Study Advisors
We are international
We can speak in:
