How AI is Accelerating Cyber Threats: Key Trends and Solutions for NZ Businesses in 2025

With technology evolving at an unprecedented pace, artificial intelligence (AI) has emerged as both a critical component of modern systems and a challenge in terms of complexity, ethics and security.

AI plays a dual role in cyber security. On one hand, it helps businesses defend against cyber threats through advanced detection and response capabilities. On the other, it enables cybercriminals to conduct more sophisticated and targeted attacks. As AI-driven cyber threats become more common, Small to medium-sized businesses (SMEs) are particularly vulnerable to these risks due to limited resources and a lack of cyber security expertise.

During the course of 2025, we will start to see the proliferation of AI agents such as Eliza AI. AI agents are intelligent software programmes that learn, reason and act autonomously. They can be given ‘tasks’ such as running a Twitter account, writing an article, or even providing mental health support during therapy sessions. However, as well as beneficial duties, agents could also be given hacking tasks, such as obtaining a list of vulnerabilities for a company, compiling an organisation chart or list of decision makers, or even undertaking full-scale breach attempts.

To help New Zealand SMEs navigate this landscape, this article examines key cyber security risks for 2025, focuses on how AI is escalating these challenges, and offers practical solutions to mitigate them.

Key cyber security risks for 2025

There are four areas where we are going to see rapid changes, and greater risk, as we move through 2025:

1. Voice cloning and deepfakes

2. AI-enhanced spearphishing

3. Supply chain attacks

4. Ransomware and malware growth

 Voice Cloning

The rise of deepfake technology has significantly amplified the threat of scams that manipulate video and audio content to deceive individuals and organisations. With AI’s ability to generate content in real time, these threats have become much harder to identify.

Microsoft’s upcoming integration of voice cloning technology in Teams, which launches in early 2025, will allow users to simulate their voices in multiple languages. This will provide users with the ability to imitate (clone) a voice. While this feature can improve communication, it also presents cyber security risks.

Cyber criminals may exploit this technology to create convincing fake audio, leading to impersonation scams.

Imagine the scenario: Your CEO is away for the afternoon meeting clients. Your CFO receives a note from the CEO asking for an emergency transfer of funds to cover an overdue invoice. The note is followed up with a voice note from someone who sounds like your CEO, stating that the request is genuine. Unsurprisingly, most CFOs would likely adhere to this request.

The ease with which attackers can create and distribute deepfake content only increases the potential for harm, making it a critical issue that businesses must address.

Verbal checks are a traditional method used to verify someone's identity by having a conversation with them over the phone or in person. This process relies on recognising the person's voice and confirming their identity through specific questions or information that only the legitimate person would know. However, with advancements in voice cloning technology, verbal checks may no longer be as reliable for identity verification.

This presents a challenge in terms of trust, something which is going to become more and more relevant as technologies get smarter. Delegated financial authority limits are no longer enough.

Combating voice cloning threats

To mitigate these risks, businesses should implement several protective measures. First, verifying the identity of individuals (especially when requests involve sensitive data or transactions) is critical. Verification may require a passphrase, or answering a question that only the individual would know.

Businesses should run a continuous education programme to keep employees abreast of the latest developments and dangers of deepfakes, training them to recognise signs of manipulated media and to verify the authenticity of any suspicious communications.

In addition, encrypting data during communications is essential to prevent unauthorised access. For example, businesses can use encryption solutions like end-to-end encryption (E2EE) or advanced secure communication platforms such as WhatsApp, Signal or ProtonMail to ensure that translated messages are safeguarded.

Finally, businesses should conduct regular security audits to identify vulnerabilities, ensure compliance with data privacy regulations, and stay ahead of threats.

AI-enhanced spearphishing

AI is set to elevate spearphishing attacks by generating highly personalised emails and automating phishing campaigns. AI-driven spearphishing attacks are more targeted, personalised, and harder to detect. Unlike traditional methods, which rely on attackers manually crafting messages for specific individuals, AI can analyse vast amounts of data—like social media profiles, emails, and online behaviour—to create highly convincing messages. It can mimic the tone and language of trusted contacts, making phishing attempts appear more legitimate.

Additionally, AI can automate the process, allowing attackers to send large volumes of tailored messages, increasing the reach and success of the campaigns.

Combating AI-enhanced spearphishing

To mitigate these sophisticated threats, organisations should adopt several key strategies.

Regular employee training is crucial, as it helps individuals identify and respond to phishing attempts, especially those that are more personalised or use social engineering techniques.
Implementing multi-factor authentication (MFA) adds an additional layer of protection, ensuring that even if a phishing attack successfully compromises login credentials, unauthorised access is still prevented.

Using advanced email filtering technologies can also significantly reduce the risk of spearphishing attacks. Solutions like Proofpoint, Mimecast or Microsoft Defender for Office 365 (when properly configured) analyse incoming emails for malicious content, unusual attachments, and suspicious links, and flag or block potential phishing emails. These filters leverage AI and machine learning to detect patterns indicative of phishing attempts, such as uncommon sender addresses or phishing URLs.

Ensuring software is regularly updated and patched helps close vulnerabilities that cyber criminals might exploit.

Finally, SMEs should establish clear verification procedures for sensitive requests, such as verifying via phone (with a passphrase or other check) before acting on requests for financial transactions.

Supply chain attacks

As governments and regulatory bodies worldwide, including in New Zealand, continue to scrutinise the software components used in products—particularly third-party and open-source software—the importance of securing the software supply chain has never been greater. SMEs in New Zealand, which often rely on third-party software vendors for essential tools, may not always have the resources to thoroughly vet these components, putting them at risk of cyber threats.

Attackers are increasingly targeting vulnerabilities in software supply chains to gain access to business systems or data, as compromising a trusted supplier can provide them with a backdoor into multiple organisations. The SolarWinds attack in 2020, which affected thousands of organisations, including US government agencies and distributed malicious code to all businesses that relied on their products, leading to widespread disruption and data breaches.

Combating supply chain attacks

For SMEs, ensuring the security of their software supply chain is crucial. It involves understanding exactly what is running on computer systems, evaluating the security controls for any software protecting critical data, and regular reviews to confirm currency and alignment with your business’s cyber security standards. This is particularly important for New Zealand SMEs that may be using open-source software, which, while cost-effective, often lacks robust security oversight.

Implementing best practices like maintaining a software asset register, and completing a risk assessment against tools used, can help businesses track potential vulnerabilities and apply patches quickly. This doesn’t have to be an onerous process, and once a baseline is established can be regularly updated.

Ransomware and malware growth

The rise in malware attacks, including ransomware, Trojans, and worms, underscores the increasing sophistication of cyber threats targeting businesses, particularly small to medium-sized enterprises (SMEs). Malware attacks have become more complex, often evolving to bypass traditional security measures, and are now able to infiltrate systems with greater ease and speed.

Ransomware encrypts a company’s critical data and demands payment for its release, often crippling business operations for days or even weeks. Trojans disguise themselves as legitimate software but, once installed, allow attackers to gain unauthorised access to sensitive systems or data. Worms, which self-replicate across networks, can spread quickly and cause widespread disruption. These attacks not only threaten a company’s financial stability but can also lead to significant reputational damage and legal ramifications. As SMEs increasingly rely on digital operations and cloud-based services, they become prime targets for these malicious activities, which often exploit security gaps or human error.

Fighting back against the malware threat

To combat the growing threat of malware, investing in advanced antivirus and anti-malware software is essential. Traditional antivirus programs may not provide sufficient protection against sophisticated malware variants, so businesses should consider solutions that offer multi-layered defence, such as endpoint detection and response (EDR) tools. These tools, such as those offered by vendors like Blackpoint, RocketCyber or SentinelOne continuously monitor devices for suspicious behaviour and provide real-time analysis to identify potential threats before they can do harm. Anti-malware solutions, such as Malwarebytes or Bitdefender offer comprehensive protection against a variety of malware types, detecting and removing threats across computers.

The adoption of AI-powered security tools can greatly enhance a business's ability to detect and respond to threats in real-time. Solutions like Darktrace and Vectra use machine learning algorithms to identify unusual network traffic or anomalous behaviours, which may indicate an active attack. These tools continuously learn from patterns of normal activity within the network, enabling them to detect even subtle signs of malware infiltration before it can escalate into a more significant threat. By leveraging AI, businesses can stay ahead of emerging threats that might otherwise go unnoticed by traditional security systems.

Another crucial step is ensuring regular and secure backups of critical data. Backups provide a safety net in case of a ransomware attack, allowing businesses to restore their systems and data without succumbing to the attacker’s demands. It is important that backups are stored offline or in a secure, cloud-based environment, such as with services like Datto SaaS Protect, Backblaze or Acronis, to ensure that they cannot be compromised by the malware itself. Additionally, SMEs should implement a clear and tested backup restoration process to quickly recover from an attack without significant downtime.

Implementing mobile device management (MDM) solutions is crucial for businesses with remote or mobile workforces. With the increasing use of mobile devices to access corporate networks, SMEs must ensure these devices are secure from malware. MDM solutions, such as VMware Workspace ONE or Microsoft Intune, allow businesses to manage and secure mobile devices by enforcing encryption, remote wiping, and app controls. These solutions help prevent malware from spreading through mobile access points and provide administrators with greater control over devices accessing sensitive information.

Employees must be educated on the latest cyber threats, how to spot phishing attempts, and safe practices for managing company data. Regular training sessions, simulated phishing attacks, and workshops focused on security awareness can help employees recognise suspicious activities and understand their role in protecting the organisation’s digital infrastructure.

Summary

As we move further into 2025, the intersection of artificial intelligence (AI) and cyber security presents both a significant opportunity and an ongoing challenge for New Zealand’s small and medium-sized enterprises (SMEs). AI-driven technologies are reshaping the threat landscape, making cyberattacks more sophisticated, personalised, and harder to detect.

From AI-enhanced spearphishing and deepfakes to malware proliferation and supply chain vulnerabilities, SMEs are facing an increasingly complex array of threats that could jeopardise their financial stability, operational continuity, and reputation. As the cost of cybercrime continues to soar globally, New Zealand SMEs must understand and address the risks these emerging technologies pose.

However, there is a silver lining. By leveraging AI for their own cyber security needs, SMEs can significantly enhance their ability to detect, mitigate, and respond to cyber threats. Smart solutions, ranging from advanced email filtering and multi-factor authentication to AI-powered threat detection and strong identity verification protocols, empower businesses to stay ahead of cybercriminals. Moreover, regular security audits, and secure data backup practices form the foundation of a robust cyber security posture. Cyber security training should also be an ongoing priority for SMEs, as human error remains one of the weakest links in any security system.

As the digital landscape continues to evolve, it’s crucial for SMEs to remain agile, informed, and proactive in adopting both technological and human-centred safeguards. By doing so, they can mitigate the risks associated with AI-driven cyber threats, safeguard their assets, and ensure their long-term business success in an increasingly interconnected world.

Checklist

Top three protections you can action today

1. Set up passphrases or other validation processes with key employees who have access to financial data, or the ability to complete financial transactions

2. Always verify the identity of individuals in sensitive communications, especially for financial or confidential matters

3. Educate employees on identifying and responding to phishing attempts, recognising suspicious activities, and understanding the latest cyber threats and best practices

Ongoing protections

Secure23 recommends the following ongoing protections to help keep your company safe:

1. Conduct regular security risk assessments to identify vulnerabilities and stay compliant with data privacy regulations

2. Ensure secure and regular backups of critical data stored offline or in a secure cloud-based environment, ensuring rapid recovery in case of an attack

3. TEST YOUR BACKUPS

4. Use tools like Proofpoint, Mimecast or Microsoft Defender for Office 365 to filter and block potential phishing emails using AI and machine learning

5. Create a list of all software in use in your organisation

6. Ensure all software is regularly updated and patched to close vulnerabilities

7. Utilise multi-factor authentication (MFA), biometric systems, and secure digital signatures to ensure the legitimacy of communications

8. Implement fraud detection tools to flag manipulated video or audio content using AI-driven analysis

9. Regularly evaluate the security posture of third-party vendors and ensure their practices align with your business’s cyber security standards

10. Maintain detailed documentation of all software components in use to track potential vulnerabilities and apply patches quickly

11. Stay up to date with new regulations and best practices in software supply chain security

12. Invest in multi-layered security solutions like EDR tools (e.g., RocketCyber, Blackpoint or SentinelOne) and anti-malware tools (e.g. Malwarebytes or Bitdefender) to detect and eliminate threats in real-time

13. Use AI-powered security tools like Darktrace or Vectra to identify unusual network activity or suspicious behaviours indicative of a cyberattack

14. Implement Mobile Device Management (MDM) solutions such as Microsoft Intune or VMware Workspace ONE to secure mobile devices accessing company data, preventing malware infiltration via mobile access points