Marc Peiser, Principal Cloud Consultant, Daemon, looks at ways businesses can combat phishing attacks to build a more resilient future.

Last year, 84% of businesses experienced a phishing attack, the most common attack in the UK amongst medium and large businesses.

Once simple email scams are now morphing into sophisticated, multi-channel threats that exploit every corner of the modern workplace.

Today’s attacks include SMS (smishing), voice calls (vishing) and social media schemes, all designed to deceive employees, steal data, and disrupt operations.

Further, cybercriminals are harnessing AI to craft highly convincing deep fake attacks, making them harder to detect and even more dangerous.

Imagine receiving a call from your CEO, only to find out it was an AI-generated voice clone. This is the new face of phishing.

As organisations embrace hybrid working, onboard third-party vendors and push forward with digital transformation, the threat surface has dramatically expanded.

No longer confined to traditional office environments, today’s workforces are scattered, and legacy security systems are struggling to keep up.

In fact, our research found that more than a third (36%) of Brits have fallen victim to phishing attacks.

AI: The problem and the solution

AI is a double-edged sword in the world of phishing.

It has enabled attacks to become more personalised, dynamic, and indistinguishable from legitimate communication.

A staggering a 60% year-on-year rise in phishing scams has been attributed to AI-driven techniques, underscoring how quickly the landscape is shifting.

However, AI isn’t just a tool for attackers; it’s also a powerful ally in the fight against phishing.

Advanced AI-driven security systems can analyse communication patterns, detect anomalies, and flag potential threats in real time—often before they even reach your employees.

For businesses, the key is to harness AI to not only counter these attacks but to stay one step ahead of evolving threats.

Modernising security infrastructure

Advances in phishing tactics requires a radical overhaul of security infrastructure.

Traditional perimeter-based security, once effective, is no longer sufficient in an age where remote work and cloud-based services blur the lines of the corporate network.

To protect against AI-enhanced phishing, businesses must modernise their approach to cybersecurity, moving beyond outdated systems and embracing intelligent, adaptive solutions.

Security teams must also adopt a mindset of continuous improvement.

Threats evolve rapidly, and defences must evolve in tandem.

This means implementing security systems capable of real-time monitoring and dynamic response, ensuring that businesses can react to new threats as they emerge, rather than relying on static, pre-set rules.

Finally, collaboration between IT, security and other departments is crucial.

A unified approach ensures that security measures are not siloed but integrated across all levels of the organisation, creating a resilient defence system that keeps pace with the evolving threat landscape.

Beyond the tech line of defence

With a modernised security infrastructure in place, it’s vital that everyone in the organisation plays their part in maintaining robust phishing defences.

From the Chief Information Security Officer (CISO) to the frontline employee, your people are a huge part of the solution.

To double down on phishing attacks, here are some guidelines for each layer of your organisation:

CISOs – Lead the transformation of your security infrastructure.

Prioritise the integration of AI-driven security solutions that monitor all communication channels, not just email.

Push for the adoption of behavioural analysis tools to spot unusual user actions and rapidly identify potential compromises.

Develop comprehensive incident response plans that evolve with the threat landscape, ensuring your organisation is always prepared for the next attack.

Employees – Continuous learning is key. Engage in adaptive training programmes that mirror the latest phishing tactics and develop a critical mindset towards unexpected communications, even from known contacts.

Be proactive in reporting anything suspicious and remember: a moment of caution can prevent a serious security breach.

Stakeholders and third-party vendors – Cybersecurity is a shared responsibility.

Support security initiatives by allocating the necessary resources, driving the adoption of new technologies, and cultivating a culture where security is prioritised at every level.

Ensure that third-party partners adhere to your security standards, as their vulnerabilities can quickly become your own.

The path forward

Phishing isn’t going away; it’s getting smarter.

But by embracing AI, overhauling outdated security structures and fostering a security-conscious culture, businesses can defend against today’s threats and build resilience for what’s to come.

The future of cybersecurity lies in being proactive, adaptive, and collaborative. Don’t wait until your organisation becomes the next statistic.

More Security News