To mark Cybersecurity Awareness Month, we sat down with two of our leading experts, Robert Preskar, Business Line Manager, and Maja Šporčić, Product Manager, to discuss three major topics shaping today’s security landscape: social engineering, zero trust architecture, and supply chain attacks.
According to Robert Preskar, the rise of AI-powered scams has taken social engineering to a new level. Cybercriminals now combine multiple communication channels, emails, phone calls, text messages, and even deepfake audio, to manipulate their targets.
“We’re seeing highly sophisticated phishing attacks that go far beyond the inbox,” says Preskar. “Attackers use SMS, messaging apps, QR codes, and phone calls, even voices generated by AI that perfectly mimic real people.”
These attacks are no longer isolated to a single communication channel. Preskar describes them as “omnichannel attacks” - coordinated efforts that combine email, phone, and messaging to build credibility and pressure victims into quick decisions.
“Criminals prepare carefully,” he explains. “They collect data from social networks or buy it on the dark web. Then they launch precisely targeted attacks that use multiple channels. For example, starting with an email and following up with a phone call.”
He recalls a case where an employee nearly transferred tens of thousands of euros after receiving what seemed like a legitimate email and phone call from their director, both fakes generated using AI.
“The attackers knew the director was abroad and even cloned his voice to sound impatient and rushed,” Preskar says. “Thankfully, the employee double-checked with the CFO before making the payment.”
This example illustrates how deepfake technology, combined with available personal data, makes deception incredibly convincing. Attackers can now generate realistic audio in less than two minutes of recorded speech. The most concerning part is that the required data is often already public.
“Balancing business transparency with privacy is getting harder,” Preskar notes. “Every piece of information we share online, for marketing, employer branding, or social media, can later be used against us.”
To fight back, he stresses that companies need a holistic approach. Technology alone isn’t enough. Security must include education, collaboration, and proactive regulation.
“Technology is advancing faster than people,” Preskar warns. “We need to catch up through awareness and cooperation between businesses, regulators, and telecom providers. Criminals don’t wait for compliance, they just act.”
He also points out that while EU regulations like NIS2 and DORA improve transparency by requiring incident reporting, they still don’t fully define how to share information about new types of attacks or AI-driven threats.
“Regulations are improving, but we also need real-time data sharing and a joint effort across the ecosystem. That’s the only way to stay ahead of these rapidly evolving threats,” he concludes.
When it comes to protecting systems and data, Preskar emphasizes the importance of moving beyond traditional security perimeters. The Zero Trust approach operates on a simple principle: never trust, always verify.
Zero Trust is not just a technology framework - it’s a mindset.“It means continuously verifying identities, monitoring access, and encrypting data everywhere, all the time,” says Preskar.
He points out that multi-factor authentication (MFA) is now a baseline standard, combining passwords, biometrics, and behavioral analysis to verify users. However, old methods like SMS-based codes should no longer be relied upon.
“SMS one-time passwords should be avoided whenever possible. They’re too easy to intercept,” he explains. “Modern authentication uses push notifications, QR codes, or biometric checks that are much harder to fake.”
Encryption, Preskar adds, must protect data both in transit and at rest. And as AI-driven attacks grow more complex, security strategies must be proactive rather than reactive.
“If a breach happens, quick detection, isolation, and communication are crucial,” he says. “But ideally, good prevention means the attack never happens in the first place.”
While social engineering targets people, supply chain attacks target trust between businesses. According to Maja Šporčić, these attacks are on the rise globally.
“In recent years, we’ve seen several incidents where attackers exploited vulnerabilities in suppliers’ systems,” she notes. “In one case, a compromised accounting tool led to a fake invoice and a €250,000 loss.”
Šporčić explains that supply chain threats are dangerous because they exploit the interconnected nature of modern business - one weak partner can compromise everyone in the chain.
“Attackers look for the easiest entry point with the biggest impact,” she says. “They often go after smaller service providers, software vendors, or maintenance partners that have trusted access to larger systems.”
Manufacturing companies, she adds, are particularly vulnerable due to older operational technologies (OT) and industrial control systems (SCADA) that weren’t built with cybersecurity in mind.
“Sometimes, an infected USB stick or laptop brought in by a service technician is enough to disrupt production,” says Šporčić. “And in critical infrastructure, that’s not just a financial risk - it can endanger people’s safety.”
To defend against these threats, she advises companies to perform supplier risk assessments, understand what tools and systems partners use, and ensure compliance with regulations such as NIS2, DORA, and the Cyber Resilience Act.
“Transparency is key,” Šporčić emphasizes. “You can’t protect what you don’t fully understand. Companies should also implement technical safeguards like multi-factor authentication and identity and access management systems.”
Both experts agree that cybersecurity is no longer just an IT issue, but a shared responsibility across all departments and partners.
“Criminals don’t follow regulations, and they innovate fast,” Preskar concludes. “That’s why education and collaboration are our strongest tools.”
Šporčić adds: “Technology will keep evolving, but so can we. With awareness, good practices, and the right partnerships, we can make our digital world safer for everyone.”
Cybersecurity Month is the perfect reminder that strong security starts with small, consistent steps, from verifying suspicious email to asking one more question before approving a payment. Because in today’s world, trust is something that must be earned and protected.
Originally published in the leading Croatian business weekly magazine Lider.
