Kamilia Amdouni is a distinguished expert and researcher in cyber and tech policy, dedicated to promoting responsible behaviour in cyberspace and advancing international laws and norms. With a passion for global digital governance and cooperation, she brings a wealth of experience and a multicultural perspective, being fluent in multiple languages and having a French, Tunisian, and British background. 

Kamilia has worked as a consultant on emerging technologies for multinational corporations and has recently focused on advocacy and policy development in international security, including arms control, cybercrime, and cybersecurity. She has contributed to initiatives by prominent organizations such as the EU Agency for Law Enforcement Cooperation (EUROPOL), the Center for International Studies and Diplomacy in London, and the CyberPeace Institute in Geneva. Kamilia holds an MA in Global Diplomacy from the University of London (SOAS) and an MBA from the French business school ESLSCA. 

We found her comments relating to cybersecurity in Switzerland and global dynamics particularly interesting, we hope you do too.

How can organisations stay ahead of AI enabled cyber threats? 

Cybercriminals and state-sponsored actors are leveraging AI to develop increasingly sophisticated attack strategies. These include automating attacks and creating realistic deepfakes for phishing campaigns and voice synthesis.  

Recent resources have highlighted what impact AI will have on cyber threats by 2025. AI is poised to significantly increase both the volume and severity of cyber-attacks. The evolving threat landscape will see enhancements in existing tactics, techniques, and procedures. 

Cyber threat actors—both state and non-state, regardless of skill level—are already utilizing AI to varying extents. AI enhances capabilities in reconnaissance and social engineering, making these activities more effective, efficient, and harder to detect. 

As we advance into an era of AI, it is crucial to strengthen organisational defences. The adoption of AI-driven cybersecurity solutions is a layer for a secure foundation. These solutions should adapt to evolving threats, detect anomalies in real time, and swiftly neutralise risks. While technology adoption is a key component of the cybersecurity framework, it is not the sole factor. Building a robust cybersecurity culture is equally important. Training employees to recognise AI-driven attacks will be essential. Furthermore, establishing strong governance frameworks with comprehensive processes and policies for prevention and incident response is also vital.  

Taking a sectoral prism to this issue, in certain sectors, such as non-profits, investment in cybersecurity has historically been deprioritised due to donor obligations to fund humanitarian and development operations. It is important that these critical actors are not left behind. The surge in cyberattacks against critical infrastructure sectors also underscores the necessity for these providers of essential services and national authorities to be prepared for AI-enabled cyber threats. 

How do you see AI transforming the role of cybersecurity professionals in the next decade? 

AI is set to revolutionise the learning landscape, significantly impacting cybersecurity education for students and professionals. By simplifying technical language and removing certain barriers, AI will help learners with resources to understand cybersecurity principles and processes like incident response, but also facilitate the understanding of commands and tools. This shift will allow cybersecurity learners to engage with strategic and tactical processes more quickly, accelerating their learning curve and enhancing their value to organisations. 

However, the risk of an AI divide, highlighting the existing disparities in AI capabilities across different regions is likely to leave some countries behind. It is crucial that we support underserved areas to ensure they are not left vulnerable to increasingly sophisticated cyber threats. By providing this support, we can help these regions effectively tackle systemic cyber challenges in the coming years.  

Cybersecurity in Switzerland and Global Dynamics  

1. What are the unique cybersecurity challenges that Switzerland faces in 2024, and how are they being addressed?  

2. How do you see global dynamics influencing cybersecurity strategies in Switzerland and worldwide? 

Cyberspace is inherently political, reflecting a battleground of worldviews, ideologies, and strategic interests. Ideology-driven threat actors are increasingly active, acting as cyber proxies in armed conflicts and beyond, thus intensifying the global cyber threat landscape. The war in Ukraine has illustrated that most cyberattacks occurred in non-belligerent countries, targeting critical infrastructure sectors. Switzerland was not exempt, experiencing DDoS attacks against railway companies, airports, and public administration, resulting in website connectivity disruptions with undetermined long-term impacts. 

In 2023, a survey revealed that nearly half (45%) of large Swiss companies fell victim to cyberattacks. These breaches have led to sensitive data leaks on the darknet, including information from the Federal Office of Police (Fedpol) and the Federal Office for Customs and Border Security (FOCBS). Despite not being among the highest-risk countries for cyberattacks, Switzerland’s defences lag behind its European peers. 

In response, Switzerland’s National Cyber Security Centre (NCSC) was elevated to a federal office in 2024. The global cyber context spurred Switzerland to announce a new National Cybersecurity Strategy in March 2023, outlining 17 measures and emphasising the importance of public-private cooperation, involving the private sector, academia, and non-profit organizations. A steering committee of experts from various sectors will oversee its implementation. 

Switzerland must learn from the rapidly evolving cyber threat landscape and anticipate future threats, particularly those powered by AI. The intersection of cyber, AI, and disinformation is becoming increasingly prominent through cyber/AI-enabled operations campaigns. However, Swiss authorities have yet to fully acknowledge the seriousness of these emerging threats.