By Bambi Escalante
ARTIFICIAL INTELLIGENCE (AI) is transforming the way organizations operate, driving speed, innovation, and efficiency across industries. But the same technology is also being weaponized by cybercriminals, enabling them to launch faster, stealthier, and more convincing attacks than ever before.
In the Philippines, the consequences are already being felt. According to a recent IDC survey commissioned by Fortinet, nearly 78% of organizations reported encountering AI-powered cyber threats in the past year. Among the most concerning are AI-enhanced social engineering attacks, which exploit trust and human behavior to trick victims into revealing information, transferring funds, or approving fraudulent requests.
WHEN OLD TRICKS GET AN AI UPGRADESocial engineering is not new. Phishing e-mails, fraudulent calls, and impersonation schemes have long been used to deceive individuals. What is new is how AI supercharges these tactics.
Attackers can now automate reconnaissance, scanning social media posts, company websites, and leaked credentials to build detailed profiles of their targets. With this data, AI can craft personalized phishing messages that are grammatically correct, contextually relevant, and nearly indistinguishable from legitimate communications. Even security-savvy employees may find it difficult to spot the difference.
The rise of deepfakes adds another dimension. Cloned voices and AI-generated videos are being used to impersonate executives, colleagues, or customer service agents. These synthetic media assets are convincing enough to pressure victims into taking urgent action, whether it’s wiring funds, sharing login credentials, or approving sensitive transactions.
What makes these threats so alarming is their scale. With AI-driven automation, cybercriminals can launch hundreds or thousands of highly targeted attacks simultaneously, increasing both their reach and effectiveness. The result is a more persistent threat landscape that traditional defenses alone cannot keep up with.
A PREPAREDNESS GAP IN THE PHILIPPINESThe IDC survey highlights a worrying confidence gap. Only 9% of organizations in the Philippines said they feel very confident in defending against AI-powered threats. A further 27% admitted these attacks are outpacing their detection capabilities, while almost one in five confessed to having no ability to track AI threats at all.
This preparedness gap leaves businesses exposed to significant risks. The most common consequences of cyberattacks in the Philippines include loss of customer trust (62%), regulatory penalties (56%), and data theft (54%). Nearly half of organizations experienced direct financial losses, with one in four reporting costs exceeding $500,000. For a growing digital economy, these numbers underscore the urgent need for smarter defenses.
USING AI TO FIGHT AIIf adversaries are leveraging AI, defenders must too. AI can dramatically improve the speed and accuracy of threat detection and response, enabling security teams to sift through vast amounts of data, spot anomalies, and neutralize threats before they escalate.
E-mail security is a strong example. AI can analyze the tone, structure, and context of messages to detect subtle signs of phishing or impersonation that traditional filters may miss. Over time, these systems learn normal communication patterns, making it easier to spot anomalies. Combined with automated responses, this helps reduce the workload on security teams and accelerates containment.
But technology cannot operate in silos. To be effective, AI-powered tools must be part of an integrated cybersecurity platform that unifies defenses across networks, endpoints, cloud environments, and operational technology. A platform-led approach ensures consistent visibility, coordinated responses, and reduced complexity, all of which are critical in a landscape where lean security teams are already stretched thin.
EMPOWERING PEOPLE AS THE FIRST LINE OF DEFENSEWhile technology is critical, people remain a decisive factor in defending against social engineering. Every employee, from the boardroom to the front line, plays a role in cybersecurity. When equipped with the right knowledge and tools, they can serve as an effective first line of defense.
Security awareness training is therefore essential. Employees must understand the risks, recognize common attack techniques, and know how to respond to suspicious activity. This is especially important in the Philippines, where cybercriminals often exploit urgency and trust in personal interactions.
Fortinet’s Security Awareness and Training service, delivered through the Fortinet Training Institute, is one example of how organizations can foster a cyber-aware workforce. Delivered as a SaaS solution, it provides timely, relevant training on evolving threats such as phishing and impersonation, and allows organizations to customize modules and track user progress. By cultivating a culture of vigilance, companies can significantly reduce their exposure to AI-enhanced social engineering.
BUILDING RESILIENCE IN THE AGE OF AIAI is reshaping the cyber battlefield, turning familiar tactics into sophisticated, scalable campaigns. The Philippines cannot afford to fall behind. Addressing these threats requires a balanced approach, harnessing AI-powered defenses while empowering people through awareness and training.
Cybersecurity is no longer just about preventing breaches; it is about resilience. By combining smarter technologies, integrated platforms, and a culture of vigilance, organizations in the Philippines can build the resilience needed to withstand and adapt to the next wave of AI-powered threats.
Bambi Escalante is the country manager, Fortinet Philippines.
