Cybercriminals are increasingly using artificial intelligence (AI) to create convincing and hard-to-detect attacks. To stay ahead, companies need smarter defences and a clear, adaptable strategy, says Aaron Chiew, Head of Digital Channels for DBS’ Institutional Banking Group.
The rapidly evolving nature of AI is a double-edged sword as far as cybersecurity goes. As user-friendly and beneficial as Generative AI (Gen AI) can be, it is also being misused ever more frequently in the form of trickery and manipulation, such as deepfaking the voice, face or name of a person or organisation to elicit payments. By 2027, for example, 17% of total cyberattacks will involve the use of Gen AI, according to Gartner1. This figure is expected to rise quickly.
While high-profile incidents continue to underscore the scale and sophistication of AI-driven threats, the same technology also equips companies with powerful, proactive tools to defend their critical infrastructure and stay ahead of attackers. For example, detecting patterns to identify intrusions into networks, or spotting new malware and other threats can flag unusual and potentially harmful activity much quicker than any human could.
As a result, AI’s role in cybersecurity has evolved from a technical issue into a strategic business imperative.
“Cybersecurity is one of the key concerns today, and companies are investing heavily to combat this”
Aaron Chiew, Head of Digital Channels for DBS’ Institutional Banking Group
AI’s dark side: New frontiers in cyber threats
AI brings powerful capabilities, but those same capabilities are amplifying cyber risks in three major ways:
- Accelerated processing times – AI can process vast datasets very quickly, enabling scammers and fraudsters to identify exploitable patterns and design new scam tactics with unprecedented efficiency.
- The prevalence and believability of deepfakes – a case in point was in Hong Kong, where deepfake technology was used to impersonate company executives on a video call, successfully convincing an accounts clerk to transfer $25 million to fraudsters.2
- Rapid creation of deceptive or manipulative information in the form of scam content – including automating scam calls, generating realistic looking fake ads, and creating websites that mimic legitimate businesses to trick people into providing sensitive information or making unauthorised payments.
Such threats have far-reaching repercussions, beyond the obvious financial losses. One of the most damaging is the erosion of trust, both within the organisation and with clients.
For example, Chiew noted employees may start to question the authenticity of the calls they receive, uncertain whether they’re truly speaking to the person they believe they are. This growing uncertainty could lead to more verification steps and processes to confirm the legitimacy of communications. “What might have been a quick transaction in the pre-AI world could now take much longer,” he said. “Whether businesses can maintain the same level of operational efficiency going forward is increasingly uncertain.”
The damage doesn’t stop at the office door. Rebuilding trust with customers can take a long time once a cybersecurity incident becomes public knowledge.
Stepping up defences against AI cyber threats
Companies are not standing still in this new era, with the threat from AI now top of mind. For example, 66% of organisations expect AI to have the most significant impact on cybersecurity in the year to come3.
In response, investment in cybersecurity protection measures has risen significantly across various industry sectors. For example, in August 2024, Gartner projected that global end-user spending on information security would grow by 15% this year to $212 billion4.
At the same time, companies are reviewing their processes and implementing stricter communication policies with regard to the role of AI tools as an advanced way to quickly spot and respond to dangers, said Chiew. “They are relooking at how they interact with each other in a digital space, to understand how they implement these cybersecurity protection measures safely so the current processes can run smoothly.”
This is triggering action such as more defined data protection policies in terms of collection and storage, along with stricter guidelines for using social media, plus regular penetration testing of systems and infrastructure.
Turning cyber risk into operational resilience
Companies are at different stages of their cybersecurity journey, but in all cases a clear and structured path to protection is essential.
According to Chiew, early-stage companies should start with the basics:
1. Verify all requests carefully
Always double-check the credibility of requests received by email – especially those involving sensitive financial changes. For instance, if an employee requests a payroll update or a supplier emails to change bank details, confirm the request by calling back using a verified number on record.
2. Audit your internal processes
Regularly review internal workflows to identify weak points that could be exploited through human error or fraud. Even small procedural gaps can open the door to cyber threats.
For mature-stage companies, the key is to strengthen and stress-test:
1. Invest in penetration testing
Engage cybersecurity professionals or specialist agencies to conduct penetration testing and simulate attacks. This helps uncover vulnerabilities in systems, processes, or infrastructure before attackers do.
2. Continuously monitor and upgrade systems
Periodically review your infrastructure and security protocols to stay ahead of evolving threats. As Chiew warns: “It only takes a single loophole or gap – and for scammers, finding and exploiting these gaps is a full-time job.”
Explore DBS’ resources for businesses to protect against scams: https://go.dbs.com/ProtectYourBusiness
Sponsored by:
- https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025 ↩︎
- https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html ↩︎
- https://www.weforum.org/publications/global-cybersecurity-outlook-2025/ ↩︎
- https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025 ↩︎
