Guest blog courtesy of Flare.Cybercriminals are using AI to create convincing impersonations, making employee cybersecurity awareness and robust security measures more critical than ever.
Originally published on ITPro Today.You just received an email that sounds a lot like your boss asking if he can log into your Salesforce account because he doesn't have one. The email even mentions the client whose SEO you've been improving. You send your credentials, and nothing happens.
Two weeks later your finance team is missing a payment from your client, but when you call, the client confirms they paid. What happened? They paid a fake account.
Today, cybercriminals are leveraging tools like large language models to
craft highly personalized emails. They can use AI models, scrapers, and open-source intelligence to scan company profiles on platforms like LinkedIn and mimic real people within the organization. And once attackers gain access to one account, such as Salesforce or SEMrush, if this is linked to another, let's say Google, threat actors could use their access to compromise data in both linked accounts.
Although attacks are getting more advanced — living-off-the-land (LotL) techniques, supply chain compromises, credential stuffing at scale — the entry points haven't changed much. According to
Arctic Wolf's 2025 threat report,
ransomware (44%), business email compromise (27%), and network intrusions (24%) still make up the bulk of incidents. What connects these attacks is that they depend on mistakes made by employees.
Clicking on a malicious link, falling for a fake invoice, or failing to secure access credentials together open the doors to
99% of breaches. With AI advancing, cybercriminals are learning how to bypass threat intelligence tools, and businesses need to keep employees equally up to speed to spot when they are under attack.
Know What You've Got
Although AI makes threats harder to detect, many breaches aren't caused by sophisticated hacking. They happen because organizations might not realize employees let their kids play Minecraft on their corporate laptops, or an old server or forgotten IoT device is still online. If IT doesn't know an asset exists, or who uses it, the team can't secure it, and hackers look for forgotten, unmonitored devices to break in.
There is also the issue of bring your own devices (BYODs). The rise of unauthorized devices and applications, such as employees working from personal laptops and third-party cloud environments, makes it difficult for even the most expert IT personnel to implement adequate asset management techniques. IT teams need to be able to discover and map both known and unknown assets continuously. Tools like
endpoint detection and response (EDR), network scanners, and
identity and access management (IAM) are becoming critical, with the need for visibility with some notion of identity threat detection and response (ITDR). Zero trust architecture is a proactive architecture principle that helps contain threats, too.
While these tools individually help defend against threats in real time, there needs to be a multilayer approach because if your EDR system can track every entry point, so can attackers. IT teams should assume threat actors know as much about their asset inventory as they do — or more. Business leaders and CTOs need to ensure employees understand this so they take more precautions when installing unauthorized apps (like Minecraft and Roblox) on company property. Employees must also report lost company devices right away so IT can remotely wipe sensitive data before it gets into the wrong hands.
Stop Reusing Passwords and Automate Logging Out
In addition to monitoring what's going on inside your house, it's just as important to regularly check that you've locked all the front (and back) doors.
Managing and securing multiple systems can tempt employees to repeat passwords for simplicity. If employees continue to avoid using tools like corporate password managers to enforce strong, unique passwords, IT teams need to ask themselves why. How can they make warnings about this more impactful without burdening staff?
It's a constant give-and-take with cybersecurity: Tools like single sign-on (SSO) are introduced to reduce login friction for cases where employees frequently shift between platforms such as
Microsoft 365 and Salesforce. They are also credited with giving centralized control over user access, which can be helpful when employees leave the business or when unusual activity occurs. Bolting these with multi-factor authentication (MFA) means that even if a password is stolen, attackers will have an extra authentication layer to crack.
The trouble is that, even with corporate password managers and MFA in place, hackers are still finding ways to steal credentials. These tools are designed to prevent hackers from entering your home, but if the door is left open, they won't stop anyone from walking in. The average annual growth rate of
exposed accounts is 28%. Session expiration policies based on risk level and adaptive access policies can trigger forced signouts if a session shows abnormal behavior (e.g., logging in from a new IP while still active on another), which will help reduce account session takeovers.
IT teams need to constantly upskill and stay on top of what hackers are doing, refresh their basic hygiene methods, and filter this knowledge throughout the organization.
Integrate Cyber Training Into the Job
Businesses are already up against record workplace stress levels: In 2024,
83% of workers felt overwhelmed to some degree by information overload. No one wants to add tedious cybersecurity training to their plate. IT teams must do their best to avoid generic slideshows and data that might not seem directly relevant to employees. Instead, when cybersecurity education is integrated into daily operations in short micro-learning sessions, the results are different. Data from 2022 shows that
microlearning improves employee engagement by 50% and supports long-term retention by 80%.
Short, scenario-based exercises, like sending fake phishing emails, invite employees to identify suspicious elements such as urgent language and unexpected links. Reward employees who report such incidents immediately. This helps create a safe environment for them to do so — especially in cases where employees have already clicked harmful attachments. Reiterate how deleting the evidence will harm the safety of their sensitive information and the rest of the organization.
IT teams can take recent cyberattack case studies from similar companies and show employees how they started, such as a fake invoice email and what went wrong — perhaps the employee didn't verify the sender. Importantly, IT must demonstrate the impact and financial loss of the attack. Did the hacker get hold of payroll data? What was the cost? How could the employee have stopped the scam? By demonstrating real consequences and solutions in digestible steps, the training becomes much more memorable and easy to follow.
Still, although the idea of IT teams preparing dynamic incident walkthroughs for every new threat or breach is ideal, it isn't realistic. Companies should also leverage the free training that is available from reputable cybersecurity firms and credible training schools. And ensure employees have dedicated time to use them. The average cost of a data breach was
$4.88 million in 2024, and 90% of cyberattacks start with human error. One hour per month in employee training could prevent an attack that could cost millions of dollars in downtime and legal fees.
Companies that actively train employees in cyber-threat intelligence don't just reduce risks; they build a security-first culture. Some
80% of organizations say security awareness training has reduced phishing susceptibility. When cybersecurity is interactive and engaging, employees stop seeing it as an obligation and start seeing it as a challenge worth tackling. Businesses that fail to upskill their workforce will fall behind — and pay the price in data breaches and reputational damage. Companies that invest in dynamic, engaging cybersecurity training, however, turn their employees into their best defense.
