The Sophos State of Ransomware 2025 report highlights that 41 per cent of Indian organisations cited a lack of people or capacity and poor-quality protection as key operational reasons for falling victim to ransomware
The rapid evolution of artificial intelligence is changing the security landscape at a fast pace. A process that once took weeks of deliberation and action for an attacker can now be auto-generated, tested, and retargeted to an average user in hours. It’s therefore important to understand these emerging threats, which include shadow AI deployment, deepfakes, and insider threats.
The Rise of Shadow AI
Shadow AI refers to the unauthorised deployment of artificial intelligence systems such as large language models (LLMs) within an organization. As the names suggests, shadow AI is a cousin to shadow IT, which is when employees download unapproved software. Shadow AI emerges when teams or individuals begin experimenting with AI models, and data sets of third-party tools for their work without any governance surrounding such activity. While some of these efforts may be innovative, they also expose the organisation to data leakage, biased outputs, regulatory violations, or exploitable vulnerabilities. This is particularly seen when experimenting with AI is beyond the scope of formal security frameworks.
The Sophos State of Ransomware 2025 report highlights that 41 per cent of Indian organisations cited a lack of people or capacity and poor-quality protection as key operational reasons for falling victim to ransomware. These same gaps often enable shadow AI to flourish unchecked, making it not just a governance issue, but a frontline cybersecurity risk.
Deepfakes & Manipulation of Trust
Deepfake technology is AI-generated synthetic media designed to replicate real individuals. It has evolved from an experimental novelty to a weaponized form of misinformation. This means that it is now relatively easy to make video calls that mimic the voice and face of a business leader, which can be used by threat actors for fraud, disinformation campaigns, and reputational sabotage.
This erosion of digital trust is particularly dangerous in a country like India where 21 per cent of ransomware attacks in 2024 were initiated through malicious emails, often exploiting social engineering tactics. Deepfakes supercharge these tactics, making phishing attempts more believable and harder to detect.
The New Insider Threat
Insider threats, which previously attributed to accidental breaches, have now taken on a new meaning in an AI-driven world. When AI is woven into workflows, sometimes through shadow AI, employees can unintentionally open backdoors for attackers to enter.
The Sophos State of Ransomware report revealed that 29 per cent of ransomware attacks in India in 2024 stemmed from exploited vulnerabilities, and 22 per cent from compromised credentials, both of which can be exacerbated by poorly governed AI tools. Moreover, 36% of IT teams reported increased workloads post-attack, and 25 per cent experienced team member absences due to stress or mental health issues, highlighting the human toll of these evolving threats.
Rethinking Cybersecurity Awareness
These converging threats need a recalibration of cybersecurity awareness. Previously limited in scope, cybersecurity awareness campaigns which focused only on phishing identification and password hygiene must now include topics like AI literacy, verification of synthetic media, and internal AI governance.
Organizations must also prepare for the financial and operational impact of attacks. In India, the average cost to recover from a ransomware attack in 2024 was USD 1.01 million, and only 48 per cent of organisations fully recovered within a week down from 61 per cent the previous year. This underscores the need for proactive education, robust incident response planning, and continuous upskilling.
Cybersecurity Awareness Month: Call to Action
Cybersecurity Awareness Month reminds us that building resilience is not just a month-long campaign, it’s an ongoing responsibility. In this new age of shadow AI experimentation, deepfake deception and insider risks, proactive vigilance is the only viable approach to defense.
Prevention, protection, detection and response, and planning are key to building a culture of cybersecurity awareness within any organization. Every employee is not just a possible security vulnerability, they are also an important defence layer.
Cybersecurity is more than just technology, it’s cultural – fostering awareness, responsibility and agility. The future of digital trust hinges on how we adjust our awareness approaches to recognised and mitigate AI-driven threats.
by Sunil Sharma, Managing Director & Vice President – Sales (India and SAARC), Sophos