The evolving cybersecurity landscape has increased security pressures for IT leaders. With the World Economic Forum estimating, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025, the situation is only escalating[1]. The rise of new technologies, such as Artificial Intelligence (AI), and the complexities introduced by flexible working have made IT security feel like a constantly moving target. Maintaining information security, is now among the most time-consuming responsibilities for IT leaders, with Canon research finding that 50% rank it as one of their top three concerns[2].
The security landscape continues to evolve rapidly, but it’s important in all the discussions around AI powered threats we don’t lose sight of what can often make or break and successful attack – the basics.
The new AI reality
AI is no longer a challenge of the future, it is intensifying attacks today. Its accessibility allows cybercriminals to execute more sophisticated attacks. This is because AI enables threat actors to develop malware that exploits software vulnerabilities and create phishing attempts using personalisation, deep fakes and auto translation. For example, AI powered scams now leverage localisation and in some cases even audio creation to enhance their impact.
Despite these threats, strengthening a business’ first line of defence is its people. Proper training to recognise and report phishing is critical in combating AI powered attacks.
Mastering the basics
Basic cybersecurity practices are more vital than ever. A robust foundation can make it harder for AI driven threats to succeed. A significant number of the high-profile incidents in recent years stemmed from simple vulnerabilities, such as unpatched software. This means companies must prioritise strong perimeter defence, enforcing multi-factor authentication (MFA), regular updates and security patches, and a robust recovery action plan.
Embracing zero-trust principles, such as MFA and least privilege access – and enforcing good cyber hygiene is crucial. While MFA and automated updates ensure a secure baseline, educating employees may be the difference between a contained threat and a costly cyber incident.
The regulation revolution
Governments and regulators are stepping up to address cyber resilience. The European Union’s NIS2[3] directive requires businesses to meet cybersecurity standards, while sector specific regulations, like DORA in the financial sector, calling for robust risk management, resilience testing and incident reporting[4].
Standardised procedures foster confidence in third party software and hardware creating a unified cyber framework. This ‘regulation revolution’ is set to intensify in 2025, with the European Union’s Cyber Resilience Act set to come into effect in 2027, alongside continuing conversations around AI regulation. Businesses must maintain compliance both now and in the long term.
Preparing for future threats
The cybersecurity landscape, as witnessed in 2024, has grown significantly more complex, with AI amplifying the sophistication of cyberattacks. Despite this evolving threat environment, mastering fundamental security principles remains crucial. Organisations that prioritise these foundations will strengthen their cyber resilience in 2025, positioning themselves to effectively navigate any challenges that arise in the next couple of years.
Find out more about Canon’s Information Security Solutions.
[1] WEF_Global_Risks_Report_2023.
[2] Canon IT barometer – Canon Europe
[3] The NIS2 Directive: A high common level of cybersecurity in the EU | European Parliament