Cybersecurity in flux: new threats and how to protect yourself
From politically motivated attacks to shadow AI: cyberrisks are manifold and defending against them is a complex matter. A targeted cybersecurity strategy is required. These threats are pressing concerns and should be incorporated into your strategy.
April 2025, text Andreas Heer 5 min.
If there is a parallel between the geopolitical situation and cybersecurity, it is this: uncertainty is increasing and it is becoming more difficult to forecast developments. And, of course, the global situation has an impact on cybersecurity. Politically motivated cyber sabotage and cyber espionage are on the rise – without any resulting reduction in the ‘old familiar’ ransomware and supply chain attacks.
The latest Swisscom Cybersecurity Threat Radar highlights the new threat scenarios faced by cybersecurity managers. Some are obvious, like those mentioned at the outset. Others, such as shadow AI, are the consequence of rapid technological developments.
And finally, the increase in various cyberrisks is taking its toll on those whose job it is to defend against them on a day-to-day basis: cybersecurity professionals. They are under enormous pressure, which has its own consequences. This article provides an overview of key emerging threats, their risks and appropriate countermeasures.
Shadow AI: training on confidential data
Let’s start with the newcomer: the boom in and hype surrounding generative artificial intelligence (GenAI) has not escaped the notice of company employees. They want to use tools such as ChatGPT, Microsoft Copilot, Anthropic Claude and Google Gemini in their day-to-day work and benefit from the efficiency gains. If employers don’t respond quickly enough to these needs, employees may use web browsers and SaaS to cover them.
In Microsoft’s 2024 Work Trend Index, 80% of respondents stated that they use their private GenAI tools for work purposes as well. US company Harmonic, which specialises in AI security, drilled down even deeper. It found that almost two-thirds of ChatGPT users used the service free of charge and without an account, and every twelfth prompt contained confidential information.
This represents a significant risk for companies. The inputs and results related to free and GenAI offerings for individuals are generally used to train the language models and are incorporated into their ‘knowledge’. This unofficial use – referred to as shadow AI – therefore represents a data security and compliance risk. If confidential information, such as customer data, employee details and annual reports, is saved on insecure platforms or used for GenAI training, this data leakage can constitute a breach of legal and contractual provisions.
Shadow AI: confidential data entered by employees on platforms. Source: Harmonic
Companies should therefore respond if they discover a security incident involving shadow AI(opens in new tab). Technical preventive measures such as network proxies and SASE or CASB solutions can help to identify and/or block unauthorised AI tools.
At the same time, companies may also benefit from employees using GenAI to increase their efficiency. Open communication between employees, IT departments and security teams is key to deploying useful AI tools and using them safely. Formal processes for reviewing and approving new AI applications and training on their secure use are helpful in this regard.
For the money and fame: DDoS attacks
But it’s not just companies that can block access – cybercriminals can, too. Distributed Denial of Service (DDoS) attacks are cyberattacks that aim to overload websites and IT systems(opens in new tab) and thus paralyse them. It’s often hard to defend against these because attackers combine different methods that are difficult to mitigate at system level, for example due to changing IP addresses and browser identifiers.
DDoS attacks are often threatened in order to reinforce ransom demands during ransomware attacks. There are commercial motives behind such ‘triple extortion’ – encryption, data loss and DDoS. However, politically motivated attacks have also increased in Switzerland, at the latest in the context of the war in Ukraine and particularly in the run-up to and during geopolitical events such as the Bürgenstock Conference and the World Economic Forum (WEF). The main targets have been websites of the federal government and larger cities, but also of private organisations. But also around the Eurovision Song Contest (ESC), the intensity of DDoS attacks increased.
The risks of such attacks include significant financial losses and reputational damage caused by the failure of important systems if business operations can no longer be guaranteed. Effective protection against DDoS attacks requires preventive measures and a robust IT and network infrastructure to mitigate the threats. Contingency plans are an important part of business continuity management (BCM).
The ‘Age of Disorder’: boosting cyber resilience through regulations
In September 2024, cybersecurity experts registered more than 300,000 DDoS attacks by the previously unknown botnet GorillaBot. One of these affected critical infrastructure in Switzerland, as explained by the National Cyber Security Centre (NCSC) in an analysis of the botnet(opens in new tab).
Such attacks on critical infrastructure and confidential data can be expected to increase in uncertain times. This is particularly true of our current ‘Age of Disorder’ – a term used to imply a turning point in which previously stable political and economic structures are changing for the worse.
Various regulations and legislative changes designed to better protect critical infrastructure in this situation have come into force or are planned in Switzerland and the EU. In Switzerland, the revised Federal Information Security Act (ISG) has been in effect since 2025. It aims to strengthen the cyber resilience of critical infrastructure and has introduced an obligation to report cyber incidents in relation to such. The initial experiences are positive, according to experts in the Swisscom livestream on the current threat situation.
The EU’s NIS 2 Directive has taken a similar direction, obligating member states to have a cybersecurity strategy and expanding the requirements for increased cyber resilience to other areas beyond ‘traditional’ critical infrastructures. DORA (the Digital Operational Resilience Act) has set comparable targets, but explicitly for the financial sector. By contrast, the Cyber Resilience Act (CRA) aims to increase the security of hardware products that contain a digital, networked component. The law complements the NIS 2 Directive and is intended to help strengthen supply chain security.
Swiss companies also operating in the EU must likewise comply with these requirements, depending on their area of business. To achieve the desired strengthening of cyber resilience, organisations must in some cases invest considerable effort to fulfil their obligations.
Fragile workforce: occupational burnout
Employee resilience is also important. Cybersecurity is a stressful profession(opens in new tab), with constantly increasing pressure from both legislators and attackers. Experts in the Security Operation Center (SOC) are confronted with a flood of alerts every day. While a situation is ongoing, the professionals involved often cannot simply close their laptop for the evening, but must continue to respond to the incident until it has been resolved.
The consequences of such strain range from alert fatigue to stress and burnout. Psychological pressure and cognitive overload also increase the likelihood of errors and thus the risk that a cyberattack will succeed.
These are the most common reasons for stress amongst cybersecurity professionals. Source: ISACA State of Cybersecurity Report 2024
Companies must therefore take targeted action to ensure security and support their people. This includes mindfulness programmes and psychological safety measures designed to strengthen resilience at both an individual and organisational level. A mindful approach to work organisation is key to managing cybersecurity pressures and avoiding a ‘fragile workforce’.
The pressure is mounting
There is currently no sign of relief on the cyber defence front – quite the opposite, in fact. Given the present situation, we can expect an increase in cyberattacks – this is because, in addition to newer forms of threat, the ‘old familiar’ attackers are still active, especially ransomware players. They are also making the most of new technologies such as GenAI, for example for credible phishing e-mails and voice phishing (vishing). Ransomware remains one of the biggest threats, as experts agreed during the livestream. Actors are increasingly changing their tactics: they no longer encrypt data but exfiltrate it and threaten to publish it to reinforce their ransom demands.
Companies therefore need to strengthen the cyber resilience of their infrastructure even more in order to be better prepared for current and unexpected developments. And they must also consider the physical health of their cybersecurity professionals when taking these measures.