Skip to main content

Emerging Security Threats Need Tomorrow’s Solutions

Puneet Kohli, president of the application modernization business unit at Rocket Software, explains how companies can protect themselves today

Puneet Kohli June 12, 2025

As technology becomes increasingly hyper-connected, cybercriminals have become more adept and agile in identifying a company’s vulnerabilities and crafting targeted attacks. While standard cybersecurity practices focus on malware, viruses, etc., attackers have evolved their approach to go after human vulnerabilities, which are often harder to assess and guard against. Phishing schemes and fake worker attacks are now blossoming as effective methods for breaching previously secure systems, often preying upon human emotions in the process. These schemes, if unthwarted, can have devastating financial and reputational consequences for companies.

In recent years, cyberattacks have evolved from a simple virus or malware infection to sophisticated and multi-faceted war. According to Phishing Statistics, phishing attacks rose by 12% in 2024 due to more advanced methods and better-focused scams, with 3.4 billion estimated phishing emails sent daily. Considering that 90% of all data breaches include some form of phishing, this is a worrying trend—the consequences of which should not be taken lightly.

Cyber Attacks Are More Expensive Than You Think   

Data breaches cost money and time, not to mention long-term reputational consequences. In today’s digital age, consumers expect that their sensitive data is being protected by the companies they choose to do business with. When that trust is broken, it can lead to a loss of customer loyalty, a tarnished brand image, decreased market value and regulatory consequences.

The cost of a data breach is on the rise, with the average breach in 2024 costing organizations over $4.99M. Often, organizations struggle to quickly detect breaches—it can take upwards of 204 days for a company to identify a phishing attack and 73 days to contain a breach, a serious risk. Every day a breach is not contained is another day sensitive data is available to bad actors. In order to combat standard phishing attacks, companies and their IT teams allocate over $1 million annually in preventative efforts, thereby shifting important IT resources away from essential day-to-day business operations.

One example of a notable phishing incident cost Google and Facebook over $120 million from 2013-2015. The cybercriminal had purposely sent fake invoices via email to large companies like Google and Facebook for a period of years, stealing over $120 million in payments that were directed to his own bank accounts. The invoices were sent through fake emails that were not caught by the companies’ financial departments, showcasing the importance of employee education on how to spot such emails.

But phishing schemes are not the only threat facing companies today. Sometimes, the biggest threats come from within. Cybercriminals have gotten savvy in recent years, infiltrating companies by getting hired as IT professionals under false identities. This strategy is especially harmful as fraudulent workers can obtain access to previously secure systems through legitimate login credentials, bypassing external security blockers to gather sensitive information.

Stopping Emerging Security Threats

The rising threats of advanced phishing schemes and fraudulent workers showcase the need for companies to reassess their cybersecurity systems. Cybercriminals are now able to not only pinpoint technological vulnerabilities but also take advantage of human weakness to an alarming and damaging extent.

To best protect themselves, companies need to adapt to the changing times and focus on employee education, strict identify verification and a culture of vigilance and accountability. As cybercrime evolves, so must brands. To create a solid line of defense against these evolving cybersecurity threats, companies must learn to recognize and prevent both phishing schemes and fraudulent workers.

Cybersecurity risks can sometimes hide in plain sight. In order to stay vigilant, companies can follow the tips below:

  • Be mindful of credentials that don’t add up—Weak or outdated credentials are often signs of fraudulent workers or unauthorized personnel. Cybercriminals may attempt to bypass defenses using shared logins, weak passwords or unprotected VPNs. Companies can implement MFA to add an additional level of security and help block these breaches before they start.
  • Put employee education first—As AI tools become increasingly adept at creating phishing emails and fake profiles, preemptively educating employees about the dangers of these types of activities can help companies safeguard their data from the inside.
  • Follow the money—Suspicious payroll activity can be a sign that a fake employee may have infiltrated a company’s payroll system, rerouting funds to fraudulent or offshore accounts. IT professionals should be on the watch for anomalies such as ghost employees (fake workers who only exist on paper to collect a paycheck) or strange changes in HR records.  
  • Proactively remain compliant—Being compliant with data protection regulations—such as the General Data Protection Regulation (GDPR), a European legal framework outlining rules for collecting and using personal data; or the Digital Operational Resilience Act (DORA), an EU regulation aimed at strengthening IT security of financial entities—can help ensure a company is safeguarding their data and maintaining trust in a proactive manner.
  • Identify insider threats—Disgruntled employees or part-time contractors can pose significant security risks. While acts may be intentional or accidental, both are costly and can undermine a company’s guardrails. By monitoring and managing access, an organization can mitigate insider threats and protect sensitive data.  

The Best Defense Is a Proactive One

Companies and organizations that react to a data breach, like a phishing attack or fraudulent employee scheme, are already behind. A strong defense begins with proactive cybersecurity measures and a deep desire to foster employee awareness.

By undergoing ongoing training, companies can ensure that employees have the tools they need to recognize phishing attempts, spot red flags and report any suspicious activity before sensitive data is stolen. But knowledge and awareness aren’t enough. According to Proofpoint, over 70% of employees still engage in risky behaviors, such as reusing passwords or clicking on unknown links. Training is one way to combat this, but companies must move beyond training, and into employee empowerment, where employees have a personal commitment to fostering cybersecurity best practices.

In addition to empowering and educating employees, organizations can turn to modern technologies to safeguard their data. Implementing systems like phishing-resistant, password-less secure access to host applications can help companies strengthen their IT security while remaining compliant with national and international regulations. In addition, businesses can bolster their security with authentication services like single sign-on (SSO), which allows a user to access apps with a single set of login credentials, or secure shell (SSH), which gives users secure ways to access a computer over an unsecured network. Identify and access management (IAM) systems further help minimize risk by implementing role-based access controls, ensuring that employees only have access to the systems and data required for their specific job functions.

Conclusion

Cybersecurity threats are changing. A mistaken email exchange from a baffled employee or a nefarious individual posing as a fake IT worker can both inflict the same level of damage. Cybercriminals are smart. They adapt. And as technology adapts, they move with it by utilizing deep fake technology, AI, etc., and exploiting human weaknesses. As these digital and work environments evolve, opportunities for vulnerabilities only increase.

To defend against these threats, organizations must take a proactive approach by investing in advanced technological defenses like secure host access, and by making robust, ongoing employee training efforts to empower employees to safeguard critical data. Together, these strategies can combat the rising prevalence and sophistication of cybercriminals.

Related Articles See more

Articles

My Hands-on Experience With IBM Multi-Factor Authentication (MFA) on z/OS

Afroz Alam

June 9, 2025

Articles

IBM Brings Server Design Changes to OpenSSH

Rob McNelly

June 6, 2025

Press Releases

M81 Launches Version 4.01 of Control for i, Revolutionizing Monitoring for IBM i Systems

June 4, 2025

© 2025 TechChannel. All rights reserved

Key Enterprises LLC is committed to ensuring digital accessibility for techchannel.com for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards.