How Companies Should Respond to AI-Based Cyberattacks
According to Statista forecasts, the global cost of cyberattacks is expected to rise by about 1 percent annually, reaching $13.82 trillion by 2028. Due to rapid technological advances, particularly in the field of artificial intelligence, hackers are now operating with increasing flexibility and sophistication. This is leading to a drastic shift in the security landscape, the far-reaching consequences of which are reflected in state-sponsored attacks and assaults on critical infrastructure. Addressing current security requirements presents challenges that can only be overcome through collective effort.
AI: Opportunities and Risks
While artificial intelligence offers companies new opportunities to optimize processes, it also poses significant risks. Its use enables cybercriminals to circumvent detection rules and carry out tailored phishing campaigns or automated attacks. At the same time, companies are under pressure to integrate AI quickly and train their workforce at least as fast. Security teams must protect AI models to secure sensitive data and ensure operational stability, often with very limited budgets and resources.
With the help of automated phishing detection systems, companies are able to effectively counter this threat. These systems are designed to improve the speed and accuracy of threat detection while remaining scalable and resource-efficient. By leveraging machine learning and heuristic rules, suspicious URLs and websites can be accurately identified, even if they appear innocuous to other security solutions. Cloudflare’s phishing detection system automatically blocked nearly 80 percent of phishing attempts in the second half of 2024. Such technologies are crucial for maintaining a lead over attackers.
“Blind Spots” and a Growing Attack Surface
The increasing shift toward remote work, cloud migration, and digital transformation has also significantly expanded the attack surface. This trend creates security vulnerabilities that threat actors can quickly exploit. Particularly problematic are “blind spots” where security managers lack sufficient visibility. Without clear insights into these areas, it remains difficult to detect and mitigate threats early on.
Complexity as the Enemy of Security
Another major obstacle to effective cybersecurity is the increasing complexity of modern IT environments. Organizations struggle with fragmented technology stacks, multi-cloud architectures, and a shortage of qualified security experts. These factors hinder situational awareness and increase operational overhead. At the same time, complexity hinders the ability to modernize security measures. Without integrated platforms that offer comprehensive protection and visibility, it remains a challenge for security teams to respond appropriately to threats.
Supply Chain Attacks: An Underestimated Threat
Another growing problem is security incidents in the supply chain. Vulnerabilities in third-party providers can ripple through the entire digital ecosystem and cause significant damage. Security teams must therefore consider risks that extend far beyond their immediate sphere of influence. This requires a holistic view of all dependencies in the technology stack.
The Role of Bots and Leaked Credentials
Bots play a central role in amplifying attacks such as credential stuffing, a method in which leaked credentials are used to gain unauthorized access to systems. According to a study by Cloudflare, 95 percent of login attempts using stolen passwords originate from bots. Platforms such as WordPress are particularly affected, with 76 percent of these attempts succeeding in that environment.
Another problem is the reuse of compromised passwords. As recent research by Cloudflare researchers shows, 41 percent of successful logins on websites within their network are made using stolen credentials. These figures underscore the urgent need for stronger security measures, such as multi-factor authentication (MFA) or rate limits.
Post-Quantum Security: A New Era in Cryptography
With the advent of quantum computers, internet security is facing a fundamental shift. Cryptographic methods, in particular, must be adapted to this new technology, as conventional encryption methods could be easily cracked by quantum computers. However, initiatives such as the collaboration between NIST, Microsoft, and Cloudflare offer hope for robust solutions to this challenge.
Conclusion: The fight against cybercrime requires innovation
The threat landscape in cyberspace is becoming increasingly complex and requires innovative approaches as well as close collaboration between companies, governments, and technology providers. This is because the “defender’s dilemma” is becoming increasingly acute: Cybercriminals need only one successful attack to achieve their goals, while companies must be able to fend off every single attack to maintain business operations and protect data.
Automation, AI-based detection systems, and stronger protective measures are crucial for maintaining an edge over attackers. At the same time, long-term strategies must be developed to prepare for technological advancements such as quantum computing. During its “Security Week 2025,” Cloudflare showcased initiatives and solutions for phishing defense and securing political campaigns, demonstrating how companies can proactively combat cyber threats. Ultimately, however, cybersecurity remains a shared responsibility; only through collective efforts can the internet be made safer.