AI-based systems used to enhance cyberattacks, mainly by rapidly processing data of companies before and once inside an organisation's digital perimeter, are reducing the time cyberattackers need before attacking to 58 days, and is reducing the dwell time they spend mapping out an organisation before attacking to 12 days.

This was one of the key trends identified in technology company Microsoft's ‘Digital Defence Report 2025’, and highlighted by Microsoft Africa chief security adviser Kerissa Varma during a media briefing at the company's offices in Bryanston, Johannesburg, on November 3.

“We are starting to see AI-enabled attacks that allow the cyberattacks to do more information gathering and more quickly, and to then monetise their attacks further.”

AI systems are enabling security practitioners to respond more quickly and the more quickly a team could react to an incident, the greater their ability to reduce harm.

For cyberattackers, AI enabled them to pivot more quickly once they have infiltrated an organisation's network and gain further access, and then compromise or exfiltrate data, deploy ransomware or generally monetise their attack, she said.

Speed was of the essence for security practitioners and, if an incident could be contained, then the teams could prevent harm. This was why the cybersecurity industry must respond by deploying and leveraging AI-based systems to combat cybercrime, said Varma.

A separate example was how AI-created content and automation had changed phishing. Phishing was a known cybersecurity risk, but, as seen in the report over the past year, phishing emails created by AI systems were 4.5 times more likely to prompt users to click a malicious link, said Varma.

“The AI-automated successful phishing rate is about 54% compared with the typical 12% success rate of phishing emails. Further, the profitability of using AI-enabled phishing attacks is on average 50 times higher than without AI automation.

“The fact that they are getting such benefits from using AI will inevitably spur more use of AI, including that it is also easing the overheads for the threat actor to understand an organisation and easing the overheads of the threat actor to understand the stolen data and secure greater monetary gain,” she said.

The report recommended that organisations regularly check and update access codes to help prevent unauthorised use and set up alerts to notify of unusual activity.

They should also adopt modern authentication methods and enforce multi-factor authentication (MFA) for critical accounts, she said.

However, it was important that there be control over where MFA was applied and who could change MFA requirements. It was no use if an attacker could easily register a new device and use that to complete MFA checks, she said.

Additionally, the report recommended that organisations implement advanced monitoring and logging tools to detect irregular patterns and conduct periodic security audits.

AI-powered defence is essential. As adversaries begin to move at the speed of AI, so must defenders.

Microsoft used AI to conduct threat analytics, identify detection gaps, validate detections, identify phishing campaigns, automate remediation and shield vulnerable users. It had built AI into all the components in its ecosystem to help protect its users, Varma said.

Further, AI agents could help in threat mitigation and incident response AI agents could help organisations automatically respond to threats, including by suspending suspicious accounts and initiating a password reset, containing a breach before an attacker could conduct further malicious activities.

AI agents could also enforce policies, monitor credentials and app permissions, and control employee accesses.

“As intrusion attempts become the norm, it is essential that governing boards and C-suite executives recognise that cyber-risks are a form of business risk and treat them accordingly.

“Managing cybersecurity risk should happen in the boardroom. Boards of directors and executives must manage financial and operational risks, and cybersecurity risks present operational and financial risks,” Varma said.

Solutions to help mitigate this risk should include conducting security exercises, implementing key performance indicators tied to cyber hygiene, and cross-training teams to build resilience, the report recommended.