It starts like any other Zoom call: coffee in hand, the finance team on screen, and the CFO leading the discussion. The project is urgent. Deadlines are tight. Substantial wire transfers are needed.
You follow the instructions, making one transfer and then another. By the end of the call, you’ve completed fifteen transactions and moved $25 million.
Too soon, you realize none of it was real. The faces and voices were deepfakes, AI-generated clones created by cybercriminals.
This happened to UK-based engineering firm Arup in 2024 and their story isn’t an isolated one. Today’s cyberattacks don't just target your systems. They target your people.
“Cybersecurity is as much a business investment in terms of people, processes and procedures as it is technology,” said Booker Zaytsoff, director of professional services at Accurate Network Services. He says the shift from purely technical defences to a human-first approach is reshaping how cybersecurity works.
Old threats, new tricks
There was a time when IT security meant installing antivirus software and backing up your server. Today’s threats are harder to spot and much harder to stop.
Business email compromise (BEC) attacks are one example. These scams rely on tricking people, not hacking systems. Criminals study your organization, learn how you communicate and impersonate someone from inside.
They don’t break in. They get invited.
“The power that a threat actor has by just gaining access to the communication tools of an individual in an organization is really powerful,” said Zaytsoff. “These aren’t super technically sophisticated attacks. They’re leveraging human emotion and the way our brains work.”
These scams often succeed. Half of Canadian businesses faced attempted or successful fraud last year. While some recover quickly with minimal expense, others spend more than $100,000 managing the fallout. And the damage isn’t just financial; it can erode trust, strain internal teams and undermine your reputation.
How AI is changing tactics
For years, cybersecurity teams had one small advantage: bad grammar. Clunky phishing emails full of awkward phrasing and typos were easy to spot.
“AI has removed those natural language red flags,” Zaytsoff said. With tools like ChatGPT and other AI language models, cybercriminals can now generate emails that mimic tone, match formatting and reference real business relationships.
The result? Scam emails that look and feel like legitimate communication.
“The tactics are becoming more polished,” he explained. “It’s very difficult to spot these phishing attempts. Sometimes we can’t even tell if an email is legitimate.”
With the ability to generate thousands of convincing messages in minutes, attackers aren’t hoping for a lucky break. They’re playing the odds.
“There’s a quantifiable statistical chance that your business will be breached,” Zaytsoff said. “That’s a hard fact. And it’s one reason more clients are starting to take cybersecurity seriously, not just as a tech issue, but as a business priority.”
Smarter systems help you stay ahead of bad actors
Most cyberattacks rely on human nature: a fast decision, a trusted name, a sense of urgency.
“These assailants are taking advantage of how our brains work,” said Zaytsoff. “There are very few people with the mental discipline to spot it every time.”
That’s why the strongest cybersecurity doesn’t come from training every employee to spot a scam. It comes from building systems that remove the guesswork.
As Zaytsoff put it: “Having good internal discussions about your business practices, and putting controls in place to mitigate attacks, might come at the expense of convenience. But it’s far more effective than relying on people to catch every threat.”
He said simple process changes can have an outsized impact. For example, requiring a second sign-off on major financial transactions or verifying unusual requests in person can stop a phishing attempt before it starts. “A lot of risks can be mitigated just by having a face-to-face conversation.”
Smaller organizations may even have the advantage. With fewer layers and tighter communication, it’s often easier to notice when something feels off.
But strong instincts aren’t enough. You still need clear protocols and reliable protections. These straightforward steps can help reduce risk and build resilience:
- Automate system updates. Keep all systems and software current with automatic patching. Don’t rely on memory or manual reminders.
- Enforce multifactor authentication (MFA). “If users can opt out, it’s that one weak link that becomes an entry point,” Zaytsoff warned. Apply MFA across the board.
- Monitor network activity. Know what’s happening on your systems. “Being able to detect anomalies is key,” he said.
- Upgrade beyond antivirus. Legacy software won’t cut it. Invest in next-generation tools like Endpoint Detection and Response (EDR) to identify and block advanced threats.
- Secure the right cyber insurance. “Cyber insurance is critical for any business, regardless of size,” Zaytsoff noted. Make sure your policy fits the scale and risk profile of your organization.
Cybersecurity isn’t optional
Good cybersecurity doesn’t have to be complicated. But it does need to be consistent. It’s time to treat it like any other core business habit. The goal isn’t perfection. It’s resilience.
And resilience isn’t something you have to build alone.
Cybersecurity has outgrown the DIY approach. The threats are too sophisticated. The stakes are too high. But that also means you don’t have to figure it out on your own. You can work with professionals who understand both the technical risks and the business realities.
Let’s talk about how Accurate Networks can help you put cybersecurity fundamentals in place that actually fit your business. Get in touch.
Leadership Insight Behind This Piece
This article was inspired by a recent conversation with Booker Zaytsoff, Director of Professional Services at Accurate Network Services. Drawing on his front-line experience with cybersecurity incidents across a wide range of industries, Booker’s practical insights help Accurate clients build strong, resilient systems.
