Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.

So, what can be done about these cyber threats now?

That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”

They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.

Human-Centric Cyber Threats 101

Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?

As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.

The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.

How Has AI Impacted Human-Centric Cyber Threats?

AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.

As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.

In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”

In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.

These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.

Unfortunately, it doesn’t stop there.

As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.

How to Counter AI-Powered Human-Centric Cyber Threats

Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.

Enhancing Email Security Measures

The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.

Tom provides a brief overview of how you can do this.

No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.

No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.

And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.

Keeping Up With System Updates

Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.

Top of Form

Nurturing a Culture of Skepticism

The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.

At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”

Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.

They should always ask themselves – who is sending this, and why are they doing so?

This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.

Growing the Cybersecurity Culture

The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.

Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.

According to Tom, it will probably take at least 18 months before these results start to show.

During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.

However, this strong interdepartmental relationship is important for another reason.

As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”

Staying Educated

The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.

The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.

Conducting Regular Training

For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.

Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.

But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.

However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.

So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.

Following in the Competitors’ Footsteps

When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.

However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.

Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.

Stay Vigilant

It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.

So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.

Related posts

CCN: Australia Tightens Crypto Oversight as Exchanges Expand, Testing Industry’s Appetite for Regulation
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 3 min read

Source:

  • CCN, published on March 29th, 2025

By Kurt Robson

Over the past few months, Australia’s crypto industry has undergone a rapid transformation following the government’s proposal to establish a stricter set of digital asset regulations.

A series of recent enforcement measures and exchange launches highlight the growing maturation of Australia’s crypto landscape.

Experts remain divided on how the new rules will impact the country’s burgeoning digital asset industry.

New Crypto Regulation

On March 21, the Treasury Department said that crypto exchanges and custody services will now be classified under similar rules as other financial services in the country.

“Our legislative reforms will extend existing financial services laws to key digital asset platforms, but not to all of the digital asset ecosystem,” the Treasury said in a statement.

The rules impose similar regulations as other financial services in the country, such as obtaining a financial license, meeting minimum capital requirements, and safeguarding customer assets.

The proposal comes as Australian Prime Minister Anthony Albanese’s center-left Labor government prepares for a federal election on May 17.

Australia’s opposition party, led by Peter Dutton, has also vowed to make crypto regulation a top priority of the government’s agenda if it wins.

Australia’s Crypto Growth

Triple-A data shows that 9.6% of Australians already own digital assets, with some experts believing new rules will push further adoption.

Europe’s largest crypto exchange, WhiteBIT, announced it was entering the Australian market on Wednesday, March 26.

The company said that Australia was “an attractive landscape for crypto businesses” despite its complexity.

In March, Australia’s Swyftx announced it was acquiring New Zealand’s largest cryptocurrency exchange for an undisclosed sum.

According to the parties, the merger will create the second-largest platform in Australia by trading volume.

“Australia’s new regulatory framework is akin to rolling out the welcome mat for cryptocurrency exchanges,” Alexander Jader, professor of Digital Business at the Open Institute of Technology, told CCN.

“The clarity provided by these regulations is set to attract a wave of new entrants,” he added.

Jader said regulatory clarity was “the lifeblood of innovation.” He added that the new laws can expect an uptick “in both local and international exchanges looking to establish a foothold in the market.”

However, Zoe Wyatt, partner and head of Web3 and Disruptive Technology at Andersen LLP, believes that while the new rules will benefit more extensive exchanges looking for more precise guidelines, they will not “suddenly turn Australia into a global crypto hub.”

“The Web3 community is still largely looking to the U.S. in anticipation of a more crypto-friendly stance from the Trump administration,” Wyatt added.

Read the full article below:

Read the article
Agenda Digitale: Generative AI in the Enterprise – A Guide to Conscious and Strategic Use
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 6 min read

Source:


By Zorina Alliata, Professor of Responsible Artificial Intelligence e Digital Business & Innovation at OPIT – Open Institute of Technology

Integrating generative AI into your business means innovating, but also managing risks. Here’s how to choose the right approach to get value

The adoption of generative AI in the enterprise is growing rapidly, bringing innovation to decision-making, creativity and operations. However, to fully exploit its potential, it is essential to define clear objectives and adopt strategies that balance benefits and risks.

Over the course of my career, I have been fortunate to experience firsthand some major technological revolutions – from the internet boom to the “renaissance” of artificial intelligence a decade ago with machine learning.

However, I have never seen such a rapid rate of adoption as the one we are experiencing now, thanks to generative AI. Although this type of AI is not yet perfect and presents significant risks – such as so-called “hallucinations” or the possibility of generating toxic content – ​​it fills a real need, both for people and for companies, generating a concrete impact on communication, creativity and decision-making processes.

Defining the Goals of Generative AI in the Enterprise

When we talk about AI, we must first ask ourselves what problems we really want to solve. As a teacher and consultant, I have always supported the importance of starting from the specific context of a company and its concrete objectives, without inventing solutions that are as “smart” as they are useless.

AI is a formidable tool to support different processes: from decision-making to optimizing operations or developing more accurate predictive analyses. But to have a significant impact on the business, you need to choose carefully which task to entrust it with, making sure that the solution also respects the security and privacy needs of your customers .

Understanding Generative AI to Adopt It Effectively

A widespread risk, in fact, is that of being guided by enthusiasm and deploying sophisticated technology where it is not really needed. For example, designing a system of reviews and recommendations for films requires a certain level of attention and consumer protection, but it is very different from an X-ray reading service to diagnose the presence of a tumor. In the second case, there is a huge ethical and medical risk at stake: it is necessary to adapt the design, control measures and governance of the AI ​​to the sensitivity of the context in which it will be used.

The fact that generative AI is spreading so rapidly is a sign of its potential and, at the same time, a call for caution. This technology manages to amaze anyone who tries it: it drafts documents in a few seconds, summarizes or explains complex concepts, manages the processing of extremely complex data. It turns into a trusted assistant that, on the one hand, saves hours of work and, on the other, fosters creativity with unexpected suggestions or solutions.

Yet, it should not be forgotten that these systems can generate “hallucinated” content (i.e., completely incorrect), or show bias or linguistic toxicity where the starting data is not sufficient or adequately “clean”. Furthermore, working with AI models at scale is not at all trivial: many start-ups and entrepreneurs initially try a successful idea, but struggle to implement it on an infrastructure capable of supporting real workloads, with adequate governance measures and risk management strategies. It is crucial to adopt consolidated best practices, structure competent teams, define a solid operating model and a continuous maintenance plan for the system.

The Role of Generative AI in Supporting Business Decisions

One aspect that I find particularly interesting is the support that AI offers to business decisions. Algorithms can analyze a huge amount of data, simulating multiple scenarios and identifying patterns that are elusive to the human eye. This allows to mitigate biases and distortions – typical of exclusively human decision-making processes – and to predict risks and opportunities with greater objectivity.

At the same time, I believe that human intuition must remain key: data and numerical projections offer a starting point, but context, ethics and sensitivity towards collaborators and society remain elements of human relevance. The right balance between algorithmic analysis and strategic vision is the cornerstone of a responsible adoption of AI.

Industries Where Generative AI Is Transforming Business

As a professor of Responsible Artificial Intelligence and Digital Business & Innovation, I often see how some sectors are adopting AI extremely quickly. Many industries are already transforming rapidly. The financial sector, for example, has always been a pioneer in adopting new technologies: risk analysis, fraud prevention, algorithmic trading, and complex document management are areas where generative AI is proving to be very effective.

Healthcare and life sciences are taking advantage of AI advances in drug discovery, advanced diagnostics, and the analysis of large amounts of clinical data. Sectors such as retail, logistics, and education are also adopting AI to improve their processes and offer more personalized experiences. In light of this, I would say that no industry will be completely excluded from the changes: even “humanistic” professions, such as those related to medical care or psychological counseling, will be able to benefit from it as support, without AI completely replacing the relational and care component.

Integrating Generative AI into the Enterprise: Best Practices and Risk Management

A growing trend is the creation of specialized AI services AI-as-a-Service. These are based on large language models but are tailored to specific functionalities (writing, code checking, multimedia content production, research support, etc.). I personally use various AI-as-a-Service tools every day, deriving benefits from them for both teaching and research. I find this model particularly advantageous for small and medium-sized businesses, which can thus adopt AI solutions without having to invest heavily in infrastructure and specialized talent that are difficult to find.

Of course, adopting AI technologies requires companies to adopt a well-structured risk management strategy, covering key areas such as data protection, fairness and lack of bias in algorithms, transparency towards customers, protection of workers, definition of clear responsibilities regarding automated decisions and, last but not least, attention to environmental impact. Each AI model, especially if trained on huge amounts of data, can require significant energy consumption.

Furthermore, when we talk about generative AI and conversational models , we add concerns about possible inappropriate or harmful responses (so-called “hallucinations”), which must be managed by implementing filters, quality control and continuous monitoring processes. In other words, although AI can have disruptive and positive effects, the ultimate responsibility remains with humans and the companies that use it.

Read the full article below (in Italian):

Read the article