5 emerging threats your security awareness training program should address

1. Address AI-driven phishing attacks 

The rise of AI has transformed phishing from clumsy mass emails into sophisticated, personalized attacks that can fool even security-conscious employees. Staff can no longer rely on obvious red flags like poor grammar or generic greetings. AI tools now craft messages that look completely legitimate and professional. 

"With the rise in AI, phishing emails can now be crafted to look 100% legitimate and professional," explains Infosec security expert Jamey Austin. "Employees should know who emails them regularly. And if they receive an email from someone unfamiliar, then that in and of itself should immediately trigger a red flag." 

The challenge extends beyond the initial email. Attackers now use AI to clone entire websites in seconds, making it harder for employees to verify legitimacy simply by checking linked pages. Combined with urgency tactics and social engineering, these AI-generated attacks create a perfect storm of deception. 

Training goals should focus on developing deeper verification skills: 

• Building habits around verifying unexpected requests through separate communication channels 
• Understanding how AI can mimic writing styles and company templates 
• Recognizing that urgency and pressure tactics remain key indicators of phishing attempts 
• Reporting suspicious emails immediately, even if unsure 
• Teaching employees to inspect email headers and original message content for signs of manipulation 

Regular phishing simulations must evolve to include these AI-enhanced tactics. Traditional tests using obvious spelling errors or generic templates no longer prepare employees for real threats. Instead, simulations should mirror the sophisticated techniques attackers now employ. 

Organizations also need clear policies around AI tool usage and verification procedures. This includes guidelines for when to verify requests through alternate channels and specific steps for confirming sensitive actions like financial transfers or data sharing. 

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

VIEW PRICING

2. Combat deepfake impersonation threats 

The $25 million heist at that company in Hong Kong tells us one important thing: employees can no longer trust their eyes or ears. During a video call, finance staff saw and heard what appeared to be their Chief Financial Officer and other executives requesting urgent transfers. Every face was familiar, every voice authentic. Yet all were AI-generated fakes. 

This incident demonstrates how deepfake technology has evolved beyond social media pranks into a serious corporate threat. Criminals now create convincing video and audio impersonations of executives, colleagues and business partners to facilitate fraud. These attacks succeed by exploiting our natural trust in what we see and hear. 

"Deep fakes will become very prevalent,” Evans warns, “You have to have alternate means of identifying people. You need to confirm who you're speaking with at all times if it's something important because real-time deepfakes have become a reality." This technology has advanced so rapidly that even real-time video interactions can be faked. 

Posters, newsletters, videos and phishing simulations help employees keep security awareness top of mind. 

Training programs must adapt to this new reality by focusing on specific verification protocols: 

• Establishing secondary authentication methods for high-stakes requests 
• Creating clear procedures for validating video call participants 
• Teaching employees to question urgent financial or data transfer requests 
• Implementing multi-factor verification for sensitive business processes 
• Training staff to recognize signs of potential deepfake manipulation 

The challenge goes beyond spotting fakes since it isn’t always possible. Organizations need robust policies defining when video authentication is required and what verification steps must be followed. This includes protocols for executive communications, financial approvals and data access requests. 

The rise of remote work has made this threat more pressing. With video calls now standard for business communication, attackers have more opportunities to deploy deepfake scams. Organizations must consider how their authentication procedures adapt to this virtual environment, particularly for high-risk actions like financial transfers or data access changes. 

Security awareness programs should include regular updates on deepfake technology capabilities and new detection methods. This keeps employees current with evolving threats while reinforcing the importance of verification procedures. 

3. Prevent ransomware attacks 

The ransomware attack on MGM Resorts showcased the devastating impact modern ransomware can inflict. The hotel key card system stopped working, slot machines went dark, and guests couldn't access their rooms. The attack cost MGM an estimated $100 million in damages. Just weeks earlier, Caesars Palace paid $15 million dollars in ransom to prevent a similar fate. 

Hackers socially engineered their way past MGM Resort's cybersecurity safeguards. Here's what to do to protect yourself. 

These high-profile incidents highlight how ransomware has evolved from opportunistic attacks into precision strikes against specific targets. Modern ransomware groups conduct detailed reconnaissance, exploit multiple vulnerabilities and time their attacks for maximum impact. They often combine encryption with data theft, threatening to leak sensitive information unless victims pay up. 

The human element plays a critical role in these attacks. While technical vulnerabilities matter, attackers frequently gain initial access through employee actions: clicking malicious links, downloading compromise files, or falling for social engineering tactics. According to Verizon's 2024 Data Breach Investigations Report, ransomware now appears in 23% of all breaches. 

Security awareness programs must focus on specific preventative behaviors: 

• Recognizing signs of ransomware deployment attempts, including suspicious email attachments and unexpected software behavior 
• Understanding the importance of rapid reporting when potential ransomware is detected 
• Following strict protocols for isolating effective systems to prevent spread 
• Maintaining vigilance with external storage devices and downloads 
• Practicing proper data backup procedures as a last line of defense 

Organizations should regularly run simulated ransomware scenarios to test response procedures. These exercises help employees understand their roles during an attack and reinforce the importance of quick action. Training should emphasize that everyone plays a part in prevention, from avoiding suspicious downloads to maintaining secure backups. 

Special attention must be paid to remote workers, who often work outside traditional security perimeters. Training should address secure home network configurations, safe file-sharing practices, and proper VPN usage. As ransomware groups increasingly target remote access points, employees need to understand how their home setup affects corporate security. 

Regular updates to training content are crucial as ransomware tactics evolve. Programs should incorporate recent attack examples, new distribution methods and emerging prevention strategies to prepare employees for current threats. 

Download The ransomware paper for more real-life insights and predictions from the trenches. 

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Demo Now

 4. Secure cloud environments, Wi-Fi and IoT 

The shift to remote and hybrid work has dramatically expanded potential attack surfaces through cloud services, public Wi-Fi usage and connected IoT devices. Each of these technologies offers convenience and productivity benefits but also creates new vulnerabilities that attackers actively exploit. 

"It's extremely easy for somebody to spoof an access point,” warns Austin about the dangers of public Wi-Fi. “A Wi-Fi Pineapple can easily spoof an access point and completely own any user that connects to it." Criminals use these fake access points to intercept all traffic passing through them, potentially capturing login credentials, financial data and sensitive company information. 

Cloud security poses its own challenges as organizations migrate more operations to cloud platforms. Misconfigured sharing settings, weak access controls, and improper data handling can expose sensitive information to unauthorized users. Without proper training, employees might accidentally share confidential documents with external parties or store sensitive data in unsecured cloud locations. 

IoT devices create additional risks through their often-overlooked security settings. Smart printers, security cameras, thermostats and other connected devices can serve as entry points if not properly secured. Many of these devices come with default passwords and outdated firmware, making them attractive targets for attackers seeking network access. 

Training programs must address these technological risks through practical guidance: 

• Teaching proper VPN usage for securing remote connections 

• Identifying signs of compromised Wi-Fi networks and fake access points 

• Understanding cloud storage security settings and proper sharing protocols 

• Recognizing IoT vulnerabilities and implementing basic device security 

• Following best practices for password management across multiple devices 

Organizations should implement clear policies around: 

• Approved cloud service usage and data storage guidelines 

• Public Wi-Fi access restrictions for company devices 

• IoT device security requirements and regular updates 

• Network segmentation to isolate IoT devices from critical systems 

• Regular security audits of connected devices and cloud configurations 

Security awareness training must emphasize the interconnected nature of these risks. A compromised IoT device can provide access to cloud storage, while unsecured Wi-Fi might expose cloud credentials. Employees need to understand how their actions across these technologies affect overall security. 

Regular hands-on training exercises help employees understand these concepts in practice. This might include walking through proper cloud-sharing settings, Wi-Fi security checks, or showing how to update IoT device firmware and passwords. Training should also cover emergency response procedures for suspected breaches across any of these technologies. 

The FBI warns that Wi-Fi routers in homes and small businesses are the next big target for hackers. Here’s how to keep them secure.  

 5. Stop social engineering attacks 

While technology evolves rapidly, social engineering remains one of the most effective attack methods because it exploits human psychology rather than technical vulnerabilities. Attackers now combine traditional social engineering tactics with AI and deepfake technology to create increasingly sophisticated schemes. 

People need to remember to put security practices above their day-to-day interactions with individuals, says Austin. “If someone approaches an employee and asks them to do something that goes against security policy, especially if they interact with them regularly, they may want to go against that policy out of kindness." 

Training can help counteract this tendency by reinforcing the importance of following protocols. This is also why insider threats are particularly dangerous: trust is built in. 

The FBI has warned that attackers may pay someone to infiltrate a company or train people to qualify for a position specifically to gain inside access. Some groups have even used sophisticated methods during remote interviews, like having someone feed answers or use deepfake technology to impersonate candidates to get hired and gain insider access. 

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Demo Now

Modern social engineering attacks take many forms: 

• Business email compromise, where attackers insert themselves into legitimate email threads 
• USB baiting with modified devices that appear legitimate but contain malware 
• Tailgating attacks, where unauthorized individuals follow employees into secure areas 
• Impersonation attempts using stolen credentials or deepfake technology 
• Phone-based attacks exploiting urgent situations or authority figures 

Training programs must address these sophisticated threats: 

• Teaching employees to verify requests through separate communication channels 
• Building awareness of how attackers exploit trust and authority 
• Practicing responses to common social engineering scenarios 
• Understanding the psychology behind social engineering tactics 
• Recognizing how AI enhances social engineering attempts 

Organizations should create clear procedures for handling common social engineering situations: 

• Verification protocols for financial requests or system access changes 
• Guidelines for challenging unknown individuals in secure areas 
• Procedures for reporting suspected social engineering attempts 
• Rules about sharing company information on social media 
• Policies on physical security and visitor management 

Regular simulations help employees recognize and respond to social engineering attempts. These exercises should include both digital and physical scenarios, helping staff understand how attackers might target them through multiple channels. 

Sign up for a FREE account to preview this Core Concepts program and every Infosec IQ training module, poster, infographic and campaign tool.

Key takeaways for addressing emerging threats 

The current cybersecurity landscape demands a shift in how organizations approach security awareness training. The threats covered in this guide — AI-powered phishing, deepfake fraud, sophisticated ransomware, expanded technology vulnerabilities, and enhanced social engineering — show how attackers continuously adapt their tactics. 

Security awareness programs must involve annual compliance training to address these challenges: 

• Update training content regularly to reflect new AI-enabled threats 
• Include real-world examples that demonstrate the immediate relevance of these risks 
• Create practical, role-based scenarios that reflect how different employees encounter threats 
• Implement verification procedures for high-risk actions like financial transfers 
• Build a security-first culture that encourages reporting and questioning 

Security awareness training began with compliance and has evolved from there, says Theo Nassar, founder of Right-Hand Cybersecurity. "A shift is being created is as we move towards building more proactive and tailored programs addressing the behaviors and risks that within our organization." 

This proactive approach, combined with continuous education and practical guidance, helps employees serve as a strong first line of defense against evolving cyber threats. 

For more on security awareness, check out our other free resources (coming soon): 

• Security awareness assessment: How mature is your program? 
• From apathy to action: 5 proven ways to boost employee cybersecurity engagement 
• 3 ways to launch your security awareness program: Pros and cons of each 

Want to talk to someone about security awareness training? Reach out to someone at Infosec.