Our panel of experts shares their insights on recent data breach trends and what organizations must learn to bolster their cybersecurity defense strategies.
Joseph Steinberg
Cybersecurity Expert Witness and Advisor
With advancements in technologies like AI and machine learning, how can companies leverage these tools to improve their cybersecurity defenses against sophisticated attacks?
AI and machine learning are double-edged swords vis-à-vis cybersecurity. On the one hand, they can help defenders — for example, by allowing defenders to prioritize alerts far more effectively than was possible before the AI era and by helping security systems to identify potentially dangerous, anomalous activity. On the flip side, AI also improves the capabilities of attackers — for example, by allowing technologically unsophisticated criminals to generate attack code by feeding the AI a vulnerability report.
What are your thoughts on the Zero Trust security model? How can enterprises effectively implement it?
Adopting a Zero Trust model (which mandates that every request for a resource must be properly authorized regardless of where the request originated) requires many changes beneath the hood of how organizational systems interact. As such, achieving Zero Trust requires a major technological transformation that involves a significant investment of time, energy, and money, as well as robust planning in advance of implementation. From a practical standpoint, therefore, achieving Zero Trust is a process or a journey, not an overnight change or a binary “have or have-not” destination.
That said, investing in migrating toward a Zero Trust model can be well worth it. The industry-standard “castle-and-moat” approach was never ideal, and today, it is, at best, obsolete, if not downright impotent. Consider, for example, the effects on the “castle perimeter” of modern cyberattack techniques, including leveraging social engineering to compromise the internal accounts of authorized users, the use of cloud applications and storage, the widespread proliferation of Internet of Things devices, today’s remote and hybrid workforces commonly using smartphones and other technology devices not under organizational control, and the sourcing of software and hardware components from developers around the world.
What trends have you observed in data breaches over the past few years, and what can organizations learn from these incidents?
I serve as an expert witness on many cases involving data breaches. One observation that I have made that may surprise many people who are not regularly exposed to the details of how breaches actually occur is that so many costly breaches were easily preventable if only the teams that designed and implemented security had taken into account the realities of the modern world. In the modern era, for example, it is common knowledge that user credentials are regularly compromised and that multi-factor authentication suffers from all sorts of vulnerabilities — security models that do not account for such realities are deficient — and organizations that adopt such models are effectively “asking for problems.”
Ricardo Amper
Founder & CEO, Incode Technologies
With advancements in technologies like AI and machine learning, how can companies leverage these tools to improve their cybersecurity defenses against sophisticated attacks?
To remain competitive, companies must employ AI-driven models capable of learning and adapting in real-time. This enables swift anomaly detection, proactive fraud prevention, and precise targeting of emerging threats. Beyond traditional static measures, advanced identity verification systems –-such as biometric and liveness detection– are becoming indispensable. These technologies ensure highly accurate identity verification while preserving a seamless user experience, which is crucial for combating sophisticated threats like deepfakes and credential theft.
What are your thoughts on the Zero Trust security model? How can enterprises effectively implement it?
The Zero Trust model is grounded in the principle of continuous verification, requiring all users and devices to be authenticated, regardless of location. However, its effectiveness depends on implementing robust and adaptable identity verification systems. Traditional multi-factor authentication alone falls short in addressing advance threats like AI-driven fraud, deepfakes, and social engineering attacks. To meet these challenges, companies must integrate advanced biometric technologies, ensuring higher levels of security.
In this space, simplicity and user experience are just as critical as security strength. The best systems seamlessly blend into daily workflows, making them intuitive and widely adopted by users. Incode’s advanced liveness detection exemplifies this, providing a familiar selfie experience using a smartphone’s camera while running extensive behind-the-scenes checks to validate user authenticity with precision. This approach not only strengthens Zero Trust implementations but also ensures widespread user adoption by balancing security with ease of use.
With remote work on the rise, secure authentication has become even more critical for managing access to corporate systems. What are the most effective solutions for ensuring secure identity verification in remote and hybrid work environments?
The shift to remote and hybrid work has amplified the demand for secure, scalable identity verification. Traditional static credentials, such as passwords, are insufficient for safeguarding decentralized workplaces, where security threats have significantly increased.. Effective solutions must combine rigorous security measures with a seamless user experience to prevent unauthorized access. Layered biometric authentication offers a superior solution by establishing a secure and reliable baseline for identity verification.
Incode’s AI-driven solutions, including passive liveness detection and continuous verification, ensure that only legitimate users gain access to corporate systems while blocking deepfake and phishing attempts. Our technology makes verification as simple as using a phone’s camera, while sophisticated machine learning models operate invisibly to validate user identity in real time. For remote and hybrid teams, this approach delivers both strong security and a seamless user experience, supporting productivity without compromising on protection. Companies can maintain flexible work models while mitigating security risks through advanced biometric solutions tailored to meet today’s evolving demands.
Tony Anscombe
Chief Security Evangelist, ESET
Ransomware continues to be a significant threat. What are the most effective strategies for defending against such attacks?
The majority of ransomware attacks involve social engineering, the exploitation of vulnerabilities, or a mix of both, providing cybercriminals access to business assets prior to any malware infection. Detecting this unauthorized access requires advanced technologies, such as Endpoint Detection and Response (EDR).
As cyberattacks have become more sophisticated, businesses need to understand their attack surface and implement technologies designed to detect unauthorized incursions and zero-day threats. Advanced technologies, such as EDR, vulnerability and patch management, cybersecurity awareness training, and backup and restore systems, are essential to protect a business from cyber threats.
With advancements in technologies like AI and machine learning, how can companies leverage these tools to improve their cybersecurity defenses against sophisticated attacks?
This is less about companies using AI directly and more about ensuring that AI is layered into the technologies businesses deploy to counter incoming threats. For example, endpoint protection strategies should include both anti-malware and EDR. It’s equally as important to proactively stop a malware infection as it is to identify anomalies and indicators of compromise, which are based on threat intelligence that utilizes AI to detect and respond to threats (either automatically or with human oversight). While it’s the current buzzword in cybersecurity, companies such as ESET have a long history — 20+ years — of utilizing AI technology in their products. AI is integrated into many of the layers of protection and is used to automate responses to advanced threats, prioritize alerts that need further investigation, and contextualize threat intelligence for human consumption. The challenge for companies seeking protection is working out which solutions have marketing buzz AI and which truly utilize it.
What trends have you observed in data breaches over the past few years, and what can organizations learn from these incidents?
Data breaches are, unfortunately, a common occurrence as cybercriminals understand that exfiltrated personal data has value and can either be exploited directly or used as part of a broader extortion threat. It’s important that companies continually secure data. For example, regular assessments should be carried out to determine who has access and whether they need access.
Another consideration, which is addressed in some locations by privacy legislation, is to limit the retention of data only to what the business requires to operate. Deleting personal data that is no longer used or required reduces the risk of it being included in a data breach. It’s also important to treat any third party that is storing data as if they are internal, subjecting them to the same strict security policy as if the data were held by the company itself.
