As digital interconnectedness now permeates every facet of our lives, the privacy and security of ordinary individuals are facing unprecedented challenges. Hackers, increasingly sophisticated in their methods, are now harnessing advanced technologies — including artificial intelligence — to automate and amplify attacks. Financial data, personal identifiers, email accounts, computers, smartphones and online identities have become prime targets.
This is why it is important to examine the dynamics of the cybersecurity landscape, assess the factors driving the escalation of cyber threats and chart some actionable and concrete strategies for individual protection. In other words, proactive digital measures are not merely advisable but imperative.
The cybersecurity ecosystem has undergone a profound transformation. Traditional threats such as malware and phishing persist, but their efficacy has been dramatically increased by AI. According to CrowdStrike’s 2026 Global Threat Report, attacks by AI-enabled adversaries surged by 89 percent last year, with the average breakout time — the period between initial access and lateral movement onto another system — plummeting to 29 minutes, a 65 percent acceleration from 2024. Moreover, 82 percent of detections involved malware-free techniques, which underscores the shift toward stealthier, AI-orchestrated methods and operations.
Cybercrime is imposing staggering economic burdens on nations. Projections indicate that costs will escalate from about $9.2 trillion in 2024 to $13.8 trillion by 2028. Ransomware alone is forecast to inflict $74 billion of damage worldwide in 2026. Data breaches remain rampant: IBM’s Cost of a Data Breach Report 2025 recorded a global average cost of $4.44 million per incident, with the US experiencing an all-time high average of $10.22 million.
AI is acting as a force multiplier for cybercriminals. Generative AI can automate exploitation and facilitate phishing campaigns and deepfake-enabled social engineering.
For example, Microsoft documented a 46 percent rise in AI-generated phishing content last year, while up to 80 percent of phishing attacks now incorporate AI tools. Deepfakes have transitioned from a novelty to a tool for hacking. In one high-profile case, a Hong Kong finance professional was deceived via a deepfake video call in which hackers impersonated company executives, resulting in a fraudulent $25 million payment.
There are independent and state-sponsored actors. Regionally, Asia (34 percent) and North America (24 percent) were the most-targeted areas in IBM X-Force observations for 2025.
Vulnerable populations include everyday users whose devices and accounts serve as entry points into broader networks. Human factors remain central. Verizon’s Data Breach Investigations Report consistently attributes a significant portion (about 68 percent) of breaches to human error. This has been amplified by AI’s capacity to craft convincing lures that are devoid of grammatical errors or inconsistencies.
This escalation is down to several related forces and drivers. First, AI tools lower the barriers for low-skilled actors, enabling scalable automation. Second, the asymmetry between defenders and attackers favors the latter. Third, rapid digital adoption coupled with insufficient global cybersecurity workforce capacity is leaving systemic gaps.
To address this issue, comprehensive solutions that require governmental and corporate intervention are needed. Nevertheless, individuals can still mitigate the risks through disciplined digital measures.
Firstly, employ strong, unique passwords and use password managers. Avoid reusing passwords across accounts. Utilize complex, system-generated passwords managed by reputable tools such as those with end-to-end encryption. This single practice can thwart many attacks.
Secondly, enable multifactor authentication universally. Preferably use phishing-resistant methods such as authenticator apps or security codes sent via text message. Multifactor authentication blocks more than 99 percent of automated credential-based attacks.
Third, recognize and counter phishing and social engineering attempts. Scrutinize unsolicited communications for urgency, unexpected attachments or anomalous sender details. AI-generated content may appear flawless but you can verify it via independent channels such as direct phone calls using known numbers. Hover over links without clicking and employ email filters. Knowing how to detect deepfakes — such as observing unnatural eye movements, lighting inconsistencies or audio artifacts — is also vital.
Fourth, maintain device and software hygiene. This means regularly updating operating systems, applications and firmware to address any vulnerabilities. Enable automatic updates. You can also install reputable antivirus/antimalware software with real-time scanning and behavioral detection. For smartphones, app permissions can be restricted and the sideloading of unofficial apps should be avoided.
Traditional threats such as malware and phishing persist, but their efficacy has been increased by AI.
Dr. Majid Rafizadeh
Fifth, secure sensitive information and backups. Encrypt data while it is at rest and in transit. Use virtual private networks on public Wi-Fi. Some recommend implementing the so-called 3-2-1 backup rule: keep three copies using two different media types, with one offsite. Regularly monitor financial statements and credit reports for anomalies. You can also consider identity theft protection services.
Sixth, cultivate situational awareness. Limit the amount of personal information shared on social media. Use privacy settings judiciously. For high-risk activities, such as financial transactions, employ dedicated devices. Remote wipe capabilities for lost devices are essential.
Finally, stay informed and adaptive. Follow the latest and most credible sources for emerging cyber threats. Periodically review account activity logs and revoke unused authorizations. Some people simulate phishing tests personally or via organizational programs.
Through these simple actions, one can yield compounding benefits that significantly lower the likelihood and lessen the impact of any breach.
BY: Writer Dr. Majid Rafizadeh is a Harvard-educated Iranian-American political scientist.
Disclaimer: Views expressed by writers in this section are their own and do not necessarily reflect The Times Union‘ point of view






