Bárbara García (INCIBE): Artificial intelligence will be a double-edged sword
In this interview, Bárbara García, Knowledge and Awareness Technician for Businesses and Professionals at INCIBE (the Spanish National Cybersecurity Institute), outlines key measures for both companies and citizens to bolster digital security. She also assesses the evolving threat landscape, driven by the rise of artificial intelligence and an increase in targeted attacks, warning that these threats are expected to continue developing throughout 2025.
How did cybersecurity threats evolve in 2024, and what are the forecasts for 2025?
Cybersecurity threats underwent major shifts in 2024, shaped by the growing use of artificial intelligence and the surge in targeted attacks. Cybercriminals leveraged AI to enhance the sophistication of scams, including phishing messages nearly indistinguishable from legitimate ones, and the creation of deepfakes used to deceive individuals and organisations. Ransomware continued to pose a serious risk, but with a more focused strategy: rather than widespread attacks, perpetrators conducted prior research on their targets to maximise impact and demand higher ransoms. Supply chain attacks also increased, exploiting vendors with weaker security protocols to gain access to larger corporate networks. In parallel, the theft and leakage of personal and business data became increasingly common, fuelling fraud and identity theft.
Data collected through INCIBE’s 017 Cybersecurity Helpline revealed that identity theft via impersonation (fake profiles on social media and websites) remained the most reported issue, followed by business email compromise (BEC), phishing, legal compliance concerns (such as NIS2, CRA, and DORA), and voice phishing (vishing).
Looking ahead to 2025, these threats are expected to keep evolving. Artificial intelligence will prove to be a double-edged sword: while it can enhance cyber defences, it will also enable more automated and harder-to-detect attacks. Critical infrastructure, such as energy and transport, will likely become increasingly attractive targets for sabotage and service disruption. Financial scams are anticipated to become more advanced, adapting to individual profiles using stolen data. In response, governments are expected to tighten regulatory frameworks, requiring higher security standards across the business sector, as is already occurring with regulations such as NIS2, CRA, and DORA, ensuring stronger protections for the public. The foundation for reducing online risk will continue to lie in prevention and, above all, in common sense.
What problems and losses can cybercrime cause?
Many small and medium-sized enterprises (SMEs) still fail to recognise the critical importance of cybersecurity, mistakenly assuming cybercriminals only target large corporations. Any organisation, regardless of size, can become a victim. While large firms may have robust cybersecurity systems in place, SMEs often present easier opportunities for attackers.
Cybercrime can lead to severe financial losses. Through phishing or malware, attackers may steal sensitive data, such as banking credentials, intellectual property, or customer information, to sell on the black market. Stolen credentials can also be used for identity fraud, including applying for loans or making purchases in the victim’s name. Reused passwords across accounts only increase the risk of further breaches.
In a business context, compromised credentials can be exploited to launch more advanced attacks, such as ransomware, locking access to vital data until a ransom is paid, or acts of sabotage that disrupt operations. In some cases, criminals also hijack compromised systems to carry out large-scale Distributed Denial-of-Service (DDoS) attacks.
It’s important to note that not all cyberattacks are financially driven. Some aim to damage a company’s reputation, conduct industrial espionage, or use a vulnerable supplier as a backdoor to larger organisations. All of this underscores the pressing need for companies to strengthen their cybersecurity strategies, because any piece of data, however insignificant it may seem, can be exploited for malicious purposes.
How can cybersecurity be strengthened in personal and professional settings, in companies, and in commerce?
Improving digital security, whether in personal life, the workplace, or business, starts with awareness. Employees are the first line of defence, and regular training is essential. Staff should be taught how to recognise cyber threats, particularly phishing attempts. Clear internal policies should be established, outlining the roles and responsibilities of each team member in safeguarding data.
Strong password practices are another key element: passwords should be long, complex, and changed regularly. The use of password managers and enabling two-factor authentication wherever possible is highly recommended. Encrypting data, both at rest and in transit, is essential to protecting it in the event of a breach.
Keeping all systems and software up to date, and regularly applying security patches, helps to eliminate known vulnerabilities. Regularly backing up critical data, and encrypting those backups, ensures recovery in case of an attack. Access to sensitive data should be limited strictly to those who require it, reducing the potential for unnecessary exposure. Ongoing system monitoring helps detect anomalies early, while regular audits can identify potential weaknesses before they are exploited.
Equally important is having a defined incident response plan in place. This ensures a swift and coordinated response in the event of a breach, limiting its impact. INCIBE recently released the Guide to Cybersecurity Crisis Management in Companies, which outlines key strategies and tools for organisations to maintain security and operational stability during cyber crises. For assistance with any cybersecurity concern or question, companies, professionals, and the general public can contact INCIBE’s free and confidential Cybersecurity Helpline (017), available daily from 08:00 to 23:00, 365 days a year.
What other tools does INCIBE offer?
INCIBE’s mission is clear: to help build a safer and more trustworthy digital environment for everyone. The organisation offers a wide range of tools, resources, and services aimed at improving cybersecurity. Through its incident response service (INCIBE-CERT), training programmes, and technical guidance, INCIBE supports companies in fostering a cybersecurity culture, one that blends risk awareness with skills development in digital security. By embedding this culture, the likelihood of a successful cyberattack is greatly reduced. Additionally, INCIBE empowers individuals to take proactive steps to protect their personal data. An informed and cyber-aware society is better equipped to guard against today’s digital threats.