I’m thrilled to sit down with Dominic Jainy, a seasoned IT professional whose deep expertise in artificial intelligence, machine learning, and blockchain has positioned him as a thought leader in the cybersecurity space. With a passion for exploring how emerging technologies shape industries, Dominic brings a unique perspective on the evolving landscape of cyber threats and defenses. Today, we’ll dive into critical topics like the sophistication of phishing attacks, the vulnerabilities of different demographics, the slow adoption of secure practices, and the role of cutting-edge tools like AI and hardware-based security in safeguarding our digital lives.
Can you walk us through the alarming trends in phishing attacks and how prevalent they’ve become recently?
Absolutely. Recent surveys, like the one from Yubico, paint a concerning picture. Nearly half of the people surveyed—44% to be exact—interacted with a phishing email in the past year, whether by clicking a link or opening an attachment. What’s even more striking is that over half of those individuals either thought the message was legitimate or weren’t sure. This shows just how sophisticated phishing has become, relying heavily on psychological manipulation rather than just exploiting technical vulnerabilities. It’s a clear sign that attackers are getting better at crafting messages that blend into our daily digital interactions.
What do you think is driving the difficulty in spotting these phishing emails nowadays?
The main driver is the shift toward social engineering. Attackers are focusing on human behavior, crafting emails that mimic trusted sources with uncanny accuracy—think urgent messages from your bank or a colleague. Over the years, phishing tactics have evolved from poorly written spam with obvious red flags to highly personalized messages using stolen data or public information. They’ve also started leveraging current events or crises to create a sense of urgency, making it harder for even tech-savvy folks to pause and question the legitimacy of a message.
The data points to Gen Z as being particularly vulnerable to phishing scams. What’s behind this trend?
That’s an interesting finding. About 62% of Gen Z users engaged with phishing scams in the past year, a much higher rate than other age groups. I think it comes down to a combination of digital overexposure and trust in technology. Gen Z grew up online, so they’re more likely to interact with content quickly without second-guessing it. They’re also targeted with scams tailored to their interests—like gaming or social media offers—which makes these attacks feel more relevant and less suspicious. Interestingly, the ability to recognize phishing doesn’t vary much across generations; it’s more about the frequency of interaction that puts younger users at risk.
Let’s talk about the broader security practices for individuals and organizations. Why do so many still rely on passwords despite knowing they’re insecure?
Passwords persist because they’re familiar and easy to implement. Despite widespread awareness of their weaknesses—think data breaches exposing credentials—they remain the default for both personal and work accounts. Changing systems to more secure methods like multi-factor authentication (MFA) requires time, resources, and user education, which many individuals and organizations just haven’t prioritized. There’s also a complacency factor; people often think, ‘It won’t happen to me,’ until it’s too late. Unfortunately, this leaves a huge gap for attackers to exploit.
On the topic of multi-factor authentication, why haven’t more companies adopted it across all their applications?
It’s a mix of logistical and cultural challenges. Less than half of companies have rolled out MFA universally, often because of budget constraints or the complexity of integrating it into legacy systems. There’s also pushback from employees who find MFA inconvenient—think having to pull out a phone for a code every time they log in. On top of that, about 40% of employees report receiving no cybersecurity training, so there’s a lack of awareness about why MFA is critical. Companies need to bridge that gap with better education and streamlined solutions to make adoption seamless.
Shifting to personal security, why do so many people skip MFA for their email accounts, even when they’re linked to sensitive services?
It’s largely about convenience over security. Nearly a third of users don’t use MFA for personal email, even though these accounts are often tied to banking or other critical services. People underestimate the risk, assuming their email isn’t a target, or they find the extra step of authentication annoying. There’s also a knowledge gap—many don’t even know MFA is an option or how to set it up. We’ve seen progress in places like France, where MFA adoption for personal accounts surged from 29% in 2024 to 71% in 2025, likely due to public campaigns and regulatory nudges. That’s a model others could follow.
There’s growing unease about artificial intelligence in some regions. Can you shed light on why this concern is spiking?
In countries like Japan and Sweden, concern about AI has more than doubled in just a year, and it’s not hard to see why. AI is a double-edged sword in cybersecurity. On one hand, it can enhance defenses through threat detection; on the other, attackers are using it to craft hyper-realistic phishing emails or deepfake content that’s incredibly deceptive. People are starting to worry about losing control over what’s real online. There’s also a broader fear of AI’s societal impact—job displacement, privacy erosion—that’s fueling this apprehension. It’s a valid concern as we see these tools scale rapidly.
Hardware-based security options like security keys and passkeys are gaining traction. What’s driving this shift toward more tangible solutions?
There’s a growing recognition that traditional methods like passwords or even SMS-based MFA aren’t foolproof. Hardware-based options, such as security keys and passkeys, offer phishing-resistant authentication because they require a physical device or biometric input that can’t be easily replicated. In places like the UK and the US, more people are viewing these as the gold standard for security. It’s driven by high-profile breaches and a push from tech giants to support these standards. While adoption is still gradual, the confidence in these tools is building as they become more user-friendly and accessible.
Looking ahead, what is your forecast for the future of phishing attacks and cybersecurity defenses?
I think phishing attacks will only get more sophisticated, especially with AI and machine learning enabling attackers to personalize their tactics at scale. We might see more attacks blending multiple channels—like email, SMS, and voice—to trick users. On the defense side, I’m optimistic about the rise of phishing-resistant technologies like passkeys becoming mainstream, but only if adoption accelerates. Education will be key; both individuals and organizations need to prioritize awareness and training to close the gap between knowing the risks and acting on them. If we don’t, the attackers will always stay a step ahead.