As generative AI reshapes cyberattack strategies, Akamai urges enterprises to adopt advanced defenses, secure APIs, and prepare for quantum-era threats to safeguard the future of digital operations.
From January to December 2024, the total number of security incidents handled by the Hong Kong Cybersecurity Incident Coordination Center (HKCERT) has exceeded 12,000, setting a record high. However, the "Hong Kong Enterprise Cyber Security Readiness Index" jointly released by the Office of the Privacy Commissioner and the Productivity Council shows that the cyber security preparedness of local enterprises only maintains at the "basic measures" level on average. This shows that various industries generally do not have enough determination to defend against the increasing Rampant cyberattacks. In fact, as the application of artificial intelligence (AI) becomes more and more popular, global enterprises will face greater cybersecurity risks in 2025. Therefore, Akamai, the global cloud delivery and cybersecurity platform, reminds everyone that they must take more comprehensive measures to prevent cyber attacks. considerations and stricter enforcement.
GenAI makes cyberattacks more efficient.
Akamai CEO and co-founder Tom Leighton pointed out in an earlier interview with international media that generative artificial intelligence (GenAI), which is still in its early stages of development, has its potential impact on network security. The attacker's side. Hackers can now use system training to develop very sophisticated malware and related variants that can successfully evade the defense measures of target organizations. In addition, GenAI has also made very realistic deepfake technology rampant, allowing hackers to easily forge sounds, images and text to impersonate other people's identities, and deceive targets through different media such as emails and video calls, increasing the penetration rate and scope of the attack.
According to predictions from Akamai’s expert team, ransomware incidents using such AI tools will continue to rage in 2025. Hackers' methods will evolve from "double extortion" to "triple extortion" mainly combined with distributed denial of service attacks (DDoS). They will even eventually directly notify customers, employees or other relevant parties of the victim organization that their sensitive information has been compromised. The stolen "quadruple blackmail".
API vulnerabilities trigger corporate AI system crises
Tom also emphasized that companies in the AI era must not only prevent hackers from launching cyber attacks using AI tools, but also step up efforts to protect their AI systems. He believes that as companies involved in the field of artificial intelligence (AI) increasingly frequently access and call machine learning models such as large language models (LLM) through application programming interfaces (APIs), given the countless data that can be accessed in the process, these APIs have quietly become another common attack surface for hackers. In particular, many companies fail to fully grasp the exposure of their own APIs, which gives hackers an opportunity to launch different types of attacks on LLM such as Prompt Injection and Model Denial of Service. This trend has also promoted Akamai's commitment to developing protection mechanisms for API environments, especially those involving GenAI applications.
Although everyone should keep pace with the times and pay more attention to the impact of AI on hacker attack methods and system protection strategies, companies cannot ignore the basic rules of network security. In fact, with or without the existence of AI, hackers will continue to use various means such as phishing messages or API intrusions to attack the system, and they will never go away. Therefore, the Akamai expert team has made the following suggestions to help enterprises prepare for the new year's cybersecurity threats.
Tom visited Hong Kong in mid-2024 and shared with more than 10 executives from key industries such as financial services, retail, entertainment, telecommunications, transportation, public facilities and higher education at a luncheon Looking at the impact of artificial intelligence on the cybersecurity environment, executives also shared their views on cybersecurity and compliance. In 2025, Tom will also plan to visit Greater China again to have more exchanges with customers.
Six major measures to be implemented immediately in 2025
- Strictly implement robust basic security measures, such as reviewing and updating the company's patch management and incident response strategies, and continuously strengthening employee training, including raising employees' awareness of preventing hacker and ransomware attacks.
- Enterprises must strengthen their backup plans to quickly restore normal operations after an attack and minimize losses.
- Identify, monitor and protect all APIs in the system and eliminate related vulnerabilities
- Utilize "Micro-Segmentation" technology to perform extremely granular segmentation access control, thereby reducing the internal attack surface and preventing malicious attacks from moving laterally.
- Implement measures to protect AI systems under its jurisdiction, including LLM and related data.
- At the same time, more efficient network security measures should be adopted in consumer products and enterprise solutions with Internet of Things (IoT) functions to prevent attacks against IoT)
As companies prepare to overcome future challenges today
and actively embrace new challenges in 2025, all sectors of society should also take a long-term view and recognize the potential problems and future development directions of network security. Tom Leighton admitted that AI technology may be able to provide some help to humans in quickly diagnosing attack types, but in the foreseeable future, this technology still cannot replace professional talents. Society's demand for professionals in cybersecurity, artificial intelligence, and even the entire STEM (science, technology, engineering, and mathematics) field is still very urgent. At the same time, Akamai's expert team also expects that because quantum computing technology can crack traditional encryption algorithms in a short time, it will one day make the existing encryption system vulnerable, exposing a large amount of sensitive data to the risk of leakage. Therefore, all sectors of society must begin to seek consensus and formulate a publicly recognized post-quantum encryption standard and implementation date.
In 2025, Akamai will continue to rely on its global distributed edge network platform to deepen its API security, enterprise security, cloud security and cloud computing products and services as its business territory continues to expand. Among them, Akamai's acquisition of some Edgio assets at the end of 2024 has been announced, which will enable Akamai to provide robot management and network application firewalls for enterprise organizations that require strong security. At the same time, Akamai Hong Kong is also increasing its manpower. In the first half of 2025, it will explore new usage scenarios with local partners, and provide comprehensive, professional, and efficient services to assist Hong Kong companies in achieving faster and more efficient resource deployment to cope with various challenges. various operational challenges and achieve the goal of cost reduction and efficiency improvement. The marketing department has also arranged a number of customer events, hoping to communicate more with customers and further strengthen the brand.