News

AI, Ransomware, and the battle to secure vulnerable sectors — Olufemi

AI, Ransomware, and the battle to secure vulnerable sectors — Olufemi

By Chioma Okoye

As global industries brace for an increasingly digitized future, the cyber war of 2025 has arrived with full force, exposing the vulnerabilities in sectors heavily reliant on legacy systems, complex supply chains, and limited security budgets.

In an exclusive insight into today’s most pressing cybersecurity issues, Olufemi Emmanuel Owolabi, a seasoned Cloud Security Engineer at 10mg Health in Birmingham, UK, shares his expert perspective on how both cybercriminals and defenders are leveraging artificial intelligence (AI), and what organizations must do to stay ahead.

“Industries such as manufacturing, healthcare, and retail are experiencing heightened cybersecurity challenges,” Owolabi revealed. “Manufacturing alone reported 230 ransomware incidents in Q1 2025, followed by wholesale and retail (170 incidents), and healthcare (123 incidents).”

He attributed this spike to reliance on outdated infrastructure and operational hesitations in updating software. “In my experience working with SMEs in healthcare IT, even routine software updates are sometimes delayed due to operational pressure. That makes these environments ripe for exploitation—especially from attackers using automated vulnerability scans,” he added.

Artificial Intelligence is playing a central role on both sides of the digital battlefield. “Cybercriminals leverage AI to automate phishing campaigns, develop sophisticated malware, and conduct deepfake scams,” Owolabi warned. “Conversely, defenders are using AI for threat detection, behavioral analysis, and automating incident responses. It marks a new phase in the cybersecurity arms race.”

At 10mg Health, AI-powered threat detection has helped reduce false positives by 35%, enabling the team to zero in on actual threats. “But we also monitor how AI is being weaponized. We’ve seen phishing emails so well-written they bypass traditional filters,” he noted.

Ransomware remains a critical threat, with sophisticated double extortion tactics becoming the norm. “Groups like RansomHub now encrypt data and also threaten to leak it,” Owolabi explained. “Organizations need robust backup strategies, regular security audits, and comprehensive incident response plans.”

He emphasized employee training as a key deterrent. “One of the best practices we’ve adopted is isolating critical backup systems offline. During a recent internal drill, this measure significantly cut down our simulated recovery time from days to hours.”

Small and medium-sized enterprises (SMEs), despite resource constraints, can still implement several cost-effective strategies to bolster their security posture. Owolabi recommends starting with multi-factor authentication (MFA), which he has seen block several unauthorized login attempts within weeks of implementation. He also advises that keeping software up-to-date is a vital, low-cost move to patch known vulnerabilities.

Another effective approach is to invest in basic cybersecurity awareness training for employees. Many attacks, especially phishing schemes, prey on uninformed staff. Finally, deploying endpoint protection solutions can offer an added layer of defense against malware and unauthorized access. According to Owolabi, “Security doesn’t have to be expensive; it just needs to be intentional.”

Organizations are also increasingly vulnerable through third-party vendors. To address this, Owolabi suggests evaluating the cybersecurity practices of all suppliers. It is essential to adopt a zero-trust model—assuming no implicit trust and verifying every access request.

Monitoring network traffic and user behavior for anomalies is another crucial step in catching early signs of compromise. Organizations should also be prepared for potential breaches originating from their partners by having robust protocols in place. Recalling a past incident, Owolabi shared, “An audit I participated in uncovered a third-party HR tool with excessive access to internal files. Correcting that reduced our attack surface by 20%.”

Credential-based attacks are on the rise, and organizations need to rethink how they protect access to their systems. Owolabi advises enforcing strong password policies that require complexity and regular changes to minimize risk. However, relying solely on passwords is no longer sufficient.

Integrating multi-factor authentication adds additional verification layers, while monitoring login activity helps detect and respond to unauthorized access attempts early. Just as importantly, educating employees about phishing and social engineering tactics remains a fundamental defense. “Credential stuffing is one of the fastest-growing threats,” Owolabi emphasized. “Companies must assume passwords are already compromised and add behavioral or contextual authentication to stay ahead.”

Looking ahead, Owolabi identified several emerging threats that organizations must prepare for. These include AI-driven attacks, where artificial intelligence is used to craft persuasive phishing emails or to generate complex malware that can bypass traditional defenses. Another looming danger is supply chain exploitation, where attackers find weaknesses in third-party vendors to gain indirect access to more secure networks.

Credential stuffing continues to be a major concern, with attackers using stolen credentials to gain unauthorized access to systems. Additionally, deepfake scams are becoming more prevalent, using manipulated media for deceptive purposes. To counter these evolving threats, organizations must stay current with threat intelligence, invest in advanced security technologies, and prioritize a company-wide culture of cybersecurity awareness. “One area we’re now exploring is securing voice verification systems from deepfake manipulation,” Owolabi noted. “Something that seemed sci-fi two years ago is very real now.”

Olufemi Emmanuel Owolabi is a cybersecurity and network infrastructure expert with over five years of experience across telecom, healthcare, and enterprise IT. Currently a Cloud Security Engineer at 10mg Health, he holds a B.Sc. in Telecommunication Science from the University of Ilorin, Nigeria, and an M.Sc. in International Business with Data Analytics from Ulster University, UK.

He is a member of the British Computer Society (MBCS) with RITTech recognition, an Associate Member of the IET, and holds industry certifications including CCNA, AZ-900, ITIL v4, and Aviatrix Multi-Cloud Network Associate.

Exit mobile version