In recent years, observers have cautioned that cyberattacks are becoming not only more frequent but more complex. And that was before the explosive popularity of artificial intelligence technology.
With AI’s rapidly growing accessibility and capabilities, the technology has transformed today’s digital landscape into “the wild, wild West, filled with promise, danger and uncertainty in every direction,” said Rick Norberg, Vertikal6 Inc. CEO.
This massive technology shift doesn’t mean that employers can ignore cybersecurity, Norbert said – in fact, they must not only remain vigilant but harness the technology to bolster their own defenses.
On Oct. 9, Norbert joined fellow industry observers in the first of two panel discussions, titled “Safeguarding the Future of Innovation,” held during Providence Business News’ 2025 Cybersecurity, AI & Tech Summit at the Crowne Plaza Providence-Warwick.
The discussion also featured Douglas Alexander, director of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College; and David Phillips, chief information security officer at OSHEAN Inc. Normand Duquette, senior vice president at Starkweather & Shepley Insurance Brokerage Inc., moderated the panel.
Alexander echoed Norberg’s point, telling audience members, “We need to take a real skeptical eye” when thinking about AI usage. “But we also need to take these tools to understand what they’re good for.”
Meanwhile, “we can’t just throw out our cybersecurity principles because of AI,” he added.
With the rise in cybercrime and technology advancements, Philips and Duquette also expect more companies will need to adopt formal, industry-specific cybersecurity standards to secure contracts or insurance.
“The days of us being able to say we’re doing something … are going to go away,” Philips said. “And we’re all going to have to adapt to and be certified in something.”
This concept currently applies mostly to government contracts, Philips noted, but “if it’s an initiative that’s coming down from the government into business … It’s just more fuel to the thought that this is going to filter into … private businesses.”
Amid the changes ushered in by AI, familiar threats and solutions remain. Emails and phishing scams, for instance, continue to lure in unsuspecting users, panelists said, but cyber criminals are now using the new technology to be more efficient in their attacks.
In fact, emails remain “the No. 1 way [cyber criminals are] getting in right now, via spam,” Alexander said. “And spam is getting way better ... It’s not like you look at it and say, ‘Wow, that doesn’t look right.’ It’s natural language, AI written.”
“I really think the best we can do is understand how to be properly skeptical about all the data and communications that we get,” he said. “Our inboxes are such a dumpster fire of messages to get through, that we tend to do it really fast. … and that’s how they get you.”
But long-standing, simple solutions such as education and keeping employees up to date on best practices remain some of the strongest defenses against cyberattacks.
“That’s the one thing that hasn’t changed, the human element,” Duquette said. “Each year, you can harden your systems, you can fortify as much as you can, but it’s always the human element that lets someone in.”
Addressing this point, Alexander said that many defense tools come down to “educating the end users and making sure that they’re available and capable of seeing the problems, as well as getting better tools to stop it.”
Other tried-and-true methods, such as multifactor authentication, remain as strong protections against cyberattacks, panelists said, though no method is foolproof.
As more workers and employers incorporate AI into their work, companies must also exercise caution with the information that they feed to large language models, or LLMs. Some AI companies promise that their LLMs will not be used to train data models, Norberg noted, but at the moment, nothing binds them to these words.
“They’re not sharing that information with us,” Norberg said. “I don’t think ChatGPT is sharing, ‘This is how we protect your data on the back end,’ right? They’re just saying, ‘Trust us,’ which is early-stage stuff. ... So when it comes to cybersecurity and AI, just be very mindful.”
Alexander also highlighted the need for skepticism at all levels of a company.
“Cybersecurity is a lot about habits of being skeptical … just at a base user level,” Alexander said. “Because we can’t all be in cybersecurity, but we all have to be applying cybersecurity every day.”
