X

Easy Prey Podcast

Their Loss is Another's Gain

Hidden Dangers of AI in Cybersecurity

“Small businesses don’t need massive teams. They need the right tools and trusted partners.” - Aviad Hasnis Share on X

Everyone’s talking about AI these days, especially in cybersecurity. Sure, artificial intelligence can boost your defenses, but cybercriminals have noticed too. Now they're crafting phishing emails so believable it’s scary and finding clever paths around spam filters while zeroing in on vulnerabilities you didn’t even realize were there. 

Today, Aviad Hasnis joins the show. He's the CTO of Cynet Security and spent years running cybersecurity missions for the Israeli Defense Forces. Aviad’s here to help us figure out what the changing threat landscape really means, whether you're leading a corporate giant or just trying to keep your small business safe.

From passwords getting scooped up to VPN setups from a decade ago that no one updated, Aviad’s seen just about everything go wrong. He also explains why copy-pasting AI-generated code might open you up to attacks you never saw coming. He’s big on education, common sense, and making sure you’re using multiple security layers. These days even one slip-up can give attackers exactly what they're looking for. Aviad also walks us through supply chain vulnerabilities and why they should keep you up at night.

Whether you're the CISO of a Fortune 500 company or you’re running a small team with Bob, the go-to tech person juggling 18 other tasks, this episode is packed with practical insights to help you avoid the next big cybersecurity headache. While AI might be reshaping the cybersecurity landscape, staying secure still comes down to thoughtful planning, human judgment, and making sure someone you trust has your back.

“Copying and pasting AI-generated code without understanding it is like walking blindfolded into traffic.” - Aviad Hasnis Share on X

Show Notes:

  • [01:08] Aviad has been Cynet's Chief Technology Officer for the past five years. Prior to that, he worked in cyber security for the Israeli Army.
  • [02:18] He was always fascinated with computers and technology. When Iran had a technology problem, he realized that cybersecurity was what he wanted to do for the rest of his life.
  • [03:19] Aviad shares a story about his friend's mother being exposed to a scam. She received a phone call from someone pretending to be a police officer. She even installed different executables on her laptop. She didn't realize she was being victimized until she transferred over five grand.
  • [06:07] Social engineering is one of the most dominant ways to gain access.
  • [08:39] The security implications of using AI.
  • [09:30] It's important to have guardrails with how you use AI.
  • [10:28] If you're just copying and pasting code you may copy something that could be vulnerable to exploits.
  • [11:16] People need to be aware of the types of risk and educate themselves.
  • [12:49] Conversations at the C-suite level for implementing AI.
  • [13:43] The challenge is to harness AI the right way without replacing people.
  • [15:18] It's important to use critical thinking when creating with AI.
  • [16:04]  AI is helping security by allowing people to consult and get information. You can also introduce vulnerabilities into your application if you just copy and paste from chat GPT without knowing the context.
  • [17:05] The bad guys can also use AI.
  • [17:56] AI has improved the quality of phishing scams.
  • [21:36] Where organizations are missing out when it comes to sniffing out threats. This includes VPNs and SaaS or cloud. 
  • [22:52] Employees could be using their home computers to connect to the company VPN and then their kids might download some malware or trojan. Companies need to use two-factor authentication when it comes to VPNs.
  • [24:11] Email phishing can be another way to steal credentials.
  • [27:54] The most effective approach is security layers.
  • [30:40]  Another security measure is creating profiles where we know where you're logging in from.
  • [33:35] Is this doom and gloom for small businesses?
  • [34:48] The best solution for small businesses would be to find a company with an all-in-one solution.
  • [37:11] The importance of being proactive, so you can act quickly if you see something suspicious.
  • [38:24] How the move to the cloud affects security.
  • [39:08] Shifting to the cloud is safer.
  • [44:20] New threats on the horizon include threat actors utilizing AI. They love to get control of remote applications.
“Being proactive is the only way to stay ahead. Waiting for something to go wrong is not a strategy.” - Aviad Hasnis Share on X

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Transcript:

Aviad, thank you so much for coming on the podcast today.

Hey, Chris. Thank you so much for having me here.

You're welcome. Can you give myself and the audience a little bit of background about who you are and what you do?

Of course, Chris. I'm Aviad. I have been Cynet’s Chief Technology Officer for the past five years. Prior to that, I was in the Israeli SIG International Unit in the Israeli cyber national unit. I served in a bunch of different roles for about 10 years. Unfortunately, not something that I can detail and share exactly what I did with our audience, but I was managing extensive research, cybersecurity research, that I think really shaped the way I understand and deal with cybersecurity, and that really helped me harness and make sure that the customers and the companies that I work with today as part of my job in Cynet really helped me make sure we provide the best security possible for them.

Awesome. Was cybersecurity kind of what you went to school for, or was that just kind of your role that you were moved into?

Well, I was always fascinated with computers, technology, but I think at some point, there was that big incident, remember that in Iran where the centrifuges stopped working and everyone talked about it? I think ever since then, I was extremely fascinated with cybersecurity and realized that that's what I want to do for the rest of my life.

Yeah. I  haven't heard of a Struts Next Reference in a long time, but it was a very interesting cybersecurity scenario. One of the things I do want to ask, particularly my guests that are in cybersecurity, because they're really trying to destigmatize people that are victims of scam fraud and cybersecurity incidents. Have you ever been a victim of such an incident? And do you have a story that you'd like to tell?

Well, of course. Naturally, as part of working for Cynet and working with many companies and providing instrument response services as well then, obviously, I get exposed to many stories. However, I do have a story that is a bit more personal that actually happened to one of my closest friends, actually to his mother, that I think is really impactful in the sense that this can basically happen to everyone. It’s important to make sure that everyone is well-educated because everyone can be a victim. Specifically, what happened to her is that she got a phone call. I don't know how and why someone targeted her specifically, but she received a phone call from someone pretending to be a police officer and asking her to help in an investigation.

It’s important to make sure that everyone is well-educated because everyone can be a victim. -Aviad Hasnis Share on X

As part of the call, that person got her to install different executables on her laptop, which obviously turned out to be Trojan horses, malware, stuff like that. At some point, they asked her to basically do a finance transaction, go through her bank account website. She was super convinced she was helping the police. She transferred, like, five grand and called her son to be proud of the fact that she helped the police, only then she realized that she was victimized by  threat actors. That’s a sad story. Luckily, she was able to retrieve the money, but it's a lesson for everyone to learn, right? Even if you're tech savvy, you're not tech savvy. That can happen to everyone.

I wonder, are you seeing that more happening, targeting cybersecurity firms and the cybersecurity people within firms? “Hey, if we can compromise the core people that are running security, that is a way to get access to things.”

Well, definitely, that's a great question. In the entire threat landscape, there are tons of ways to basically gain initial access. But obviously one of the most dominant would be through social engineering, especially if you are talking about not the greatest nation state threat actors, but some that are less powerful. That would be one of the best ways for them to get in. We typically see threat actors starting chatting over Teams, over Zoom, over email. Obviously, that's the most  common one. But we are seeing more dominantly phone calls, stuff like that pretending to be someone legitimate, but ending up sending files, asking to execute them. We thought it was more in the past, but we are seeing it very dominantly even today.

I would not want to be working for a cybersecurity firm these days, feeling that everybody is targeting me.

Naturally, being a cybersecurity or being an MSP or being an IT company providing services to other companies, that's a great way in, right? If you take as an example, like what happened with SolarWinds back in 2020 or [inaudible 00:07:22], having that access to more organizations by compromising only a single organization, like a supply chain, that's the holy grail for threat actors. They can definitely monetize on that. Who’s watching the watchers, right?

Yeah.

If you compromise a security company, naturally, it's at least [inaudible 00:07:53] would think it's easier to gain access to more companies following that. It is something that we  see.

This is probably not our sweet spot of growing up, but I think you're starting to see a lot of people coming out of high school and out of college having a lot of exposure to AI. With the AI market having developed over the last couple of years, maybe you and I are a little bit more skeptical, a little bit less trusting of AI and the work product. Are you starting to see kind of junior-level people coming into organizations just, “Oh, hey. I just typed it into the local AI generator and here's some new code.” Here's a new way of doing things without even kind of thinking through the security implications of it.

Yeah. As you said, I think generative AI has brought a very great announcement in the past two years. I think everyone should harness it. Everyone should use it. I usually joke about the fact that even before I'm texting my wife, I consult with ChatGPT or any other tool. But it's really important that people still consider the guardrails of how they use AI because, again, definitely when you're speaking about junior developers, it's quite easy for them to just enter a prompt and get a program running. Looking forward, it will only increase. We have now and we will see more dominantly what is called MCP and infrastructure that will basically inject new code directly to what you're working on.

The problem that I think most people don't understand is that, at least at the moment, AI is not really aware when it's making decisions. It is not aware of the context. -Aviad Hasnis Share on X

Not just copy and paste, but also working very integratively with the code. The problem that I think most people don't understand is that, at least at the moment, AI is not really aware when it's making decisions. It is not aware of the context. It is quite easy to copy a code that would be vulnerable to different exploits or won't necessarily understand all of the different aspects or the entire context. If you're just vibe coding, simply entering prompt and copy-pasting code that can potentially create security problems, security gaps within an organization's code and software.

What are the kind of guardrails, teams, or managing people that are managing junior developers should be putting in place to keep that sort of thing from happening?

Yeah. That’s a great question. I think first and foremost, it's a round education. People need to realize that they need to be aware of that type of risk. They need to understand that just incorporating code without understanding the context, that could be a risk. I think that's the first step.

They need to understand that just incorporating code without understanding the context, that could be a risk. -Aviad Hasnis Share on X

On top of that, there are tons of automations, vulnerability management, vulnerability scans, a lot of different solutions, that you can incorporate into what you call the CI process, or the continuous integration process, that validates software. Obviously, we haven't even—we even have a manual layer of a code review conducted by probably developers who are more senior. We can have different levels of security testing, whether manual or automatic as well. But that's definitely some of the key aspects that one should realize.

I know lots of boardrooms are starting to have conversations on, “How are we going to implement AI in our organization? How are we going to utilize AI?” On the maybe more evil side, “How can we reduce our workforce by implementing AI?” What are some of the conversations that need to be happening at the C-suite level in order to make sure that those at the C-suite aren't just throwing out the good in order to save a few bucks by using AI?

I definitely agree, and I think we're getting it more and more dominantly, and occasionally people talk about different professions that might not exist in a few years’ time, right? Because of AI, I'm not sure what's going to happen in the future, but definitely it's really dangerous today. I don't think that AI can come on the expense of having someone who is more senior and harnessing AI. I think that's the right terminology. We need to understand how do we harness AI in the right way, but not replacing people. In parallel, we need to make sure that people understand how they can use AI in the right sense, have critical thinking. Not just copy-pasting, understand what the code does, what the cons, what is the context.

But even if we're not talking about developments, let's say I use AI because I want to formalize a better response email to my customers, or I want to prepare some work or paper or stuff like that. It's still very important that I go for everything, understand the context try to criticize or give feedback to the AI until I realize that it's perfect. Because naturally, I think AI, right, it’s going to change the world. No doubt about it.

I think we are just at the starting point. We just tipped the iceberg in that sense, right? But definitely there's a lot of good coming out of it, and there's going to be a lot of evil coming out of it as well, right, if we have threat actors using that. But again, to your question, I think what is really important is that people who use AI, whether it's for code, whether it's for creating articles or whatnot, it's really important they will have critical thinking and work with AI, OK. Not have AI work for them or replace them.

Yeah. We’re not going to replace highly, highly trained intelligent producers of what, whether it's code or content, with someone who just knows how to write ChatGPT prompts.

Exactly. Exactly. At least not know, yeah.

Not at the moment. Maybe next week.

Yeah.

Do you think AI is hurting security, or do you think it's helping?

Well, on the one hand, it's definitely helping security in the sense that even if I run an organization, it doesn't have to be security organization. I can consult with ChatGPT or the likes of it just to understand what are my gaps? What should I be aware of? What should be my biggest concern? If I have five alerts, what is the most prioritized task I should be doing? There’s  a lot of good coming out of AI in terms of security. But we talked earlier, and again, doesn't have to be a security company. Let’s say I'm just developing. I don't know a software for keyboards or a document application and stuff like that. I can easily introduce vulnerabilities into my application if I just copy-paste the code from ChatGPT, not understanding the full context. But then on the other hand, AI is not saved only for the good guys. It can also be used or abused by evil guys, right? Definitely it's much easier for threat actors to utilize AI to harness AI to create more sophisticated phishing campaigns, phishing game emails, scams, and whatnot. It does, in that sense, it does both good and evil.

I can easily introduce vulnerabilities into my application if I just copy-paste the code from ChatGPT, not understanding the full context. -Aviad Hasnis Share on X

Are you seeing a rise in what sometimes it's kinda hard to tell the after effects, but are you seeing a rise in the quality of phishing scams that you believe is the result of AI?

Yes. We’re definitely seeing a rise in that sense. I think when we're using, when we're seeing phishing emails written in different languages and understanding that the grammar and the syntax and everything about that email looks really legitimate, looks really well. And it really helps threat actors to evade defenses, to evade detections. We just understand that after the fact, that it was phishing or that it was AI-driven because the quality is that much better and everything about it, not just the text, but also some metadata that around the email and the context and who is the victim and how does the context and how does the text of the email really matches the victim. In that sense, I think it definitely upgrades by some levels the quality of the scam.

Are they getting through the spam filters better? Because occasionally I'll look through my spam and all the phishing stuff, historic, let's say historically, pre-AI was very easy to tell, really bad grammar. They kind of replace O’s with zeros, things that they're actively trying to thwart the spam filters, which look at attempts to thwart as even more of a sign that it's spam. But I can imagine that the more grammatically proper, the more targeted, the better the context, the easier it's going to be to get through just even large spam filters, even other Google or the major email providers.

Yeah, exactly. That’s what we're seeing. We're seeing emails that are written very well or, alternatively, they look really legitimate. They don't have to contain a lot of text but they do look really well in terms of images, texts, and so on. And they actually pass very good providers like Microsoft and Google.

Sometimes, the only way for us to detect them is either using LLM ourselves. I use AI ourselves. Basically have AI combat AI, or alternatively, in some cases, what really helps us is understanding like, what's the age of the domain. More likely than not, that email would contain a link that's about like 40–50% of email phishing or even more than that. But in these specific cases, we would be able to, let's say, understand that the domain is not active for an extensive amount of time. It’s not perfect, but it's getting there.

And it's always going to be that cat and mouse game. There's always going to be some scammers that have like, “Hey, we started our operation 10 years ago. We still haven't touched these five or 10 domains yet. Let's intentionally let them sit around and age specifically for that reason.”

Exactly.

When it comes to people running organizations for CISOs and people running security departments, where do you think they are missing out on seeing emerging threats?

When it comes to AI or in general?

In general.

In general, I think what we're seeing more dominantly in terms of where companies don't necessarily protect their assets as well is twofold. When it comes to the internal environment, like what usually have like the offices or the on-premise environment then everything that has to do with VPNs and everything that has to do with credentials and especially exposed credentials. The other part is everything that has to do with SaaS or cloud.

Yeah.

But it also tightly links very tightly into exposed credentials. We would see on more than one occasion, or more occasionally, we would see people who are either using their home computers to connect to their company's VPN even if they are using SSO or they're not using SSO and then they would have, like, their boys would download the, let's say, a hacked or a correct computer game that will install, like, Trojan or malware that would exfiltrate their credentials.

It's quite astonishing, it's quite outstanding to learn that many companies have not really implemented MFA or multi-factor authentication when it comes to VPNs. That’s one of the biggest cases where we actually see threat actors connecting to a compromised environment with exposed credentials and not having to go for MFA, which is basically the most successful way of preventing initial access if, assuming that threat actors do have compromised credentials, whether it's the VPN or it's a SaaS or cloud applications, that's one of the most dominant vectors we see.

Another vector we are seeing is that, again, threat actors would send very good-looking emails, email phishing and they would be able to successfully steal credentials. In cases where they won't be able to connect to VPNs because of, as an example, we still see them logging into Microsoft 365 Cloud and send emails, exfiltrate emails. One of the things we're seeing is that they would install malicious forwarding rule.

They would basically add a rule saying that every mail that the CEO gets, I want it to forward it to my Gmail address or to another email address. They would be getting very substantial discreet emails in a very stealthy way. That’s some of the things that we're seeing more dominantly taking place. A lot of companies are using Microsoft 365, all companies are using VPNs, more dominantly Fornet or Checkpoint or Palo Alto.

We’re seeing that quite extensively, in many cases, that can potentially evolve into a full-blown ransomware. I think we're kind of seeing a shift when it comes to ransomware, I think like two, three, four years ago, we would see ransomware taking a more active part when it comes to encrypting user data and files. However, you would see a ransomware infiltrating a network usually, obviously human-operated.

One of the things that they would do is obviously gain superiority over the network, but then once they get enough hold of the different computers, they would quite immediately unleash the ransomware, encrypting as many files as possible, as many machine as possible, then having a note, “Please send us the money.” Now what we're seeing more dominantly is that prior to actually encrypting files, they would just exfiltrate or try to exfiltrate files and encrypting the files would be a secondary attempt, a secondary thing.

They would blackmail the company saying they would sell the information, they would sell the data, they would publish it online unless they pay us. Encrypting is just a cherry on top for that, unfortunately. But these are some of the stuff that we are seeing quite dominantly over the, let's say, the past few six months.

Gotcha. I, wondering, having not worked on the inside of security in terms of monitoring attacks and whatnot, do most of the security platforms report back to those that are running them? “Hey, we're seeing credential-stuffing attacks.” Or, “Hey, someone's credential actually has been compromised; they're trying to get into the VPN, but because of the 2FA, we were able to keep them out.” But because we know that credential has been compromised, are the platforms getting better, alerting people of compromised credentials?

Yeah, definitely. That's a great question. I would say that, in terms of security, the approach that we're seeing that is most effective is security in layers. Let’s assume we're talking about credentials. Then I would say that the first layer is obviously how do we block credentials from being stolen, right? That would be the first step.

I would say that, in terms of security, the approach that we're seeing that is most effective is security in layers. -Aviad Hasnis Share on X

Let's assume that credentials were stolen, were exposed, then we have threat intelligence layer. We can say, “Hey, we've spotted these credentials on the dark net on an exfiltration of a different tool.” We can alert on that. We can basically tell you, “Listen, that's a good time to replace or to change your password. That's a good time to enable 2FA or multi-factor indication.”

But then there is also—and I think it's more dominant over the past three or four years. We're talking about XDR as an evolution to EDR, which is EDR stands for endpoint detection response. XDR stands for extended detection response. It’s leaping from just endpoint to what else you got. What else do you get, do you have in your environment? Basically XDR and sign is a great example of it, but there are more companies doing that.

But what it would do is that it would basically integrate to different appliances, SaaS, applications, cloud infrastructure, and more to get logs from them. We basically take all of these logs and put it in a SIM solution. OK. And we have detection logic and correlation working on all of this data. Which by the way, we can include AI or machine learning on top of that, linking back to the start of our conversation, but then we can basically understand.

And if there's someone who's trying to brute force into the VPN or has already breached the VPN and is now trying to brute force into other machines on the network if they've done it successfully, or if they have yet to do it successfully, but now is a good time to block their IP addresses, we can understand if someone is doing what is called impossible travel. One of the things that security companies do is that they can try to create a profile, let's say, increase euro.

You are usually logging in from the West Coast. If your credentials have been exposed, then maybe we would see someone trying to log in from Germany. OK, as an example. Now, let's say you logged in on May 28th at 8:00 AM your time, but then we’re seeing someone trying to log in from Germany, which is let's say probably a 13, 12-hours flight, right?

Yep.

We would see them logging in at 10:00 AM. Now, it could be a VPN, right? And we need to make sure that we're not generating false positives, but it can also be an account takeover. That is some of the stuff that we can do based on correlating with different infrastructure, different appliances, different set applications that the company is using to understand that breach has occurred or not, didn't necessarily occur, but might occur very soon. There’s a lot of noise, there's a lot of data that is being ingested, being pulled into all of these systems.

And if we're talking about big organizations that have 24/7 SOC teams, they might be fine. They might be good at addressing these concerns, addressing these threats, but we are talking about small to medium businesses or companies that don't necessarily have a 24/7 SOC team or an MDR or an extensive security team, OK?

Maybe they have one or two IT people on their IT team. They would need a lot of automation to automatically address that or they would need to work with an MDR that would provide them these types of services. I know I said a lot, but I think bottom line is there's a lot of new technology in that sense that tries to combat a lot of what threat actors are doing to infiltrate organizations, and I think that's on the one end. But on the other end, I think organizations today have a plethora of different tools they can harness, whether it's service-based, whether it's product-based, to make sure they are in the best shape possible to combat these type of threats.

What we've talked a lot about things that are going to serve or in the context of large or even mid-sized organizations, and started to talk a little bit towards the smaller organizations here in the last couple minutes, is this kind of spelled doom and gloom for small businesses who can't afford—they’re lucky if they have Bob in the corner who's good at, “Hey, when I can't get into something, Bob can help us out.” They can't afford tens of thousands, hundreds of thousands of dollars for security platforms for their business. They're just trying to meet payroll for the next week. How is there a light? Is there a light at the end of the tunnel for small businesses?

That’s a very good question. If  you're talking about big organizations, they can buy best-of-breed solutions for every part of the threat vector, right? They can buy the best-of-breed solutions for their email pro to protect their email. They can buy another solution to protect their endpoints, another solution to protect their network and so on and so on. Other than just purchasing these technologies, these solutions could have teams of people who are managing the solutions and integrating the different solutions. Obviously that's not the case when we're talking about smaller size organizations. I would say that the best solution for them is to find a company that does an all-in-one solution, which basically consists of both the technology.

One solution that would protect their email, that would protect their endpoints, that would protect their mobile devices, their network, their cloud and SA applications and so on. By the way, as we go forward, technology just keeps evolving. And probably in the next one or two or three years, it won't be just around endpoint or clouds or everything I mentioned earlier, but there would be more stuff that we would need to protect, right? That’s an old one, but no one thought about it years ago, right? That's on the technology side, but another key aspect is having the right personnel.

Candidly, they won't be able to have or record their own personnel. One of the key things that usually comes with an all-in-one solution is also an MDR, a 24/7 stock team that can take a proactive action.I think if you look a few years ago then even working with an all-in-one solution that would still require some resources from organizations that have approached this solution. In case there is an event, there is an active incident response that would still require resources from the organization side. Frankly, being a small organization means that you usually don't have resources on Saturday nights, right? Sundays, Friday nights, or just in off hours.

And that's usually when factor love to operate, especially if it's 4th of July or long weekends. Having  a solution, that's one thing. Having MDR is the second thing, which is great, but if you still need your employees to take an active part, if something is going on, that's usually way too late.

Sometimes you might have like five minutes or 10 minutes once you've seen something suspicious until it's game over. You need to be really fast. I think the revolution or the involvement that MDRs have been doing for the past few years is a lot around being proactive. Usually MDRs would offer companies and organizations that have purchased their services to pre-define what happens in case of  an emergency in case of an incident response, and companies can offload it to MDRs or SOC teams.

SOC teams can be independent with isolating hosts, isolating users, whether it's on-premise, whether it's cloud. Companies can still enjoy their weekends; it's going to be an awful Monday. But they can still enjoy the weekends and still have the confidence that someone is looking over and making sure that their environment is well protected.

Do you think that the move to the cloud at this point has security benefits for smaller organizations in that, if they're offloading services to companies that are maintaining them and they have the security teams, and it's just a matter of, “Well, we've got usernames, passwords, and MFA. The perimeter’s a little bit better. We don't have to deal with the infrastructure anymore.” Whereas it used to be a cloud. It's just your computer to someone else's platform.

Exactly. That's a great point. As companies shift from on-premise infrastructure and tomorrow that everything that is cloud is definitely much more safe. Definitely, again, if you take a look at four years ago we had different vulnerabilities, wreaking havoc like proxy log on and stuff that were usually targeting exchange server.

Naturally, when a company has more public-facing infrastructure, public-facing servers that have remote desktop enabled or anything that is internet-facing, public-facing, that is going to be a valid initial access for threat actors. It's much easier to update, upgrade everything that is around security, not necessarily security, but obviously everything that is around security that is much easier with doing it in the cloud than installing Windows updates or something that can be a critical infrastructure on the one hand, but susceptible to threat actions on the other end, right?

You want to install a new patch on your exchange server, but you don't want to not get emails while you do that. That's the conflict when you're doing SaaS—there’s a lot of load-balancing, quality-of-service stuff that makes sure that you're still operational while things get updated. Naturally, the move from on-prem to SaaS makes companies much more secure. And then having all of the different benefits of SSO, MFA, DDoS protection and whatnot that definitely really makes a tremendous jump in terms of security.

I know for me it was the bane of my existence to manage a self-hosted exchange server right. It was just never something I enjoyed having to deal with. I think it's one thing if that's all you do every day that, “Hey, my job is to maintain exchange servers.” You know what to do, you know how to do it, when it needs to be done, but when it's not your primary job responsibility, it’s never fun to maintain stuff when it's not your job.

Exactly. You’d be amazed by the fact that you can see companies are being attacked and they realize, they understand the root cause, but then you see they don't actually take any corrective measure. They get attacked once and twice and more than that via the same way. And it looks like they don't learn from it. But it's just because that effort is really substantial.

You’d be amazed by the fact that you can see companies are being attacked and they realize, they understand the root cause, but then you see they don't actually take any corrective measure. They get attacked once and twice and more… Share on X

Yeah. I think that has always been the challenge for smaller organizations is just don't have the human resources, the human capital to have the right people in the right roles, or that exactly the job responsibility is big enough to have one person dedicated to it. It's easy if you've got a 500-person organization that, hey, yeah, one person's job might be to manage the, you know, manage updates on the servers. That might be their sole thing, but when you've got a 20-person company, they're not spending. That one person has got 18 other responsibilities that they've got to deal with.

Exactly. Exactly.

As we wrap up our conversation here, what do you see as kind of the—what do you anticipate as the next thing that people need to watch out for, the next attack surface, the next methodology, the next way to try to exploit humans? What do you see as oncoming on the horizon?

Wow, that's  an amazing question. I think we kind of touched on that earlier but what organizations would need to probably face in over the horizon? Again, everything that has to do with, oh, sorry. Sorry about that.

I'll insert the wonders of editors who can take out these little bits and pieces for us.

Yeah. Hopefully, I didn't give you a lot of job when it comes to editing.

It's good so far.

Just need to make sure that I formalize it in my head. Please go ahead and ask the question again.

Yeah. What do you see as coming on the horizon of new threats and things that you're kind of concerned about for the future that haven't started to happen that we're going to start to see happen?

Yeah. That’s a great question. I think first of all, we're going to see threat actors capitalizing more and more and more on AI. I think we've just scratched the surface when it comes to it. One of the things that we talked about briefly earlier but one of the things that we saw is that threat actors really love to get ahold of remote management applications. If you can hack a company like ConnectWise or SolarWinds or any of these types of companies, you would have tons of what we call total addressable market, usually in a positive way. But indeed in this sense, obviously in an evil way. And we've just barely started noticing it, right?

Again, very just scratch the surface, but I definitely see it getting much more dominant. Many companies, especially MSPs, are using RMM PSA, so everything that has to do around IT management, remote management, professional services, automation, and it just usually VA defenses and people sometimes use it the wrong way.

I think it's going to be very lucrative for threat actors to go ahead and compromise these types of companies that would basically give them access to a whole lot of organizations to follow. We’ve  seen some evidence of that so can say that no, it's not without zero evidence up until now, but definitely we are going to see a very high increase in these types of attempts.

OK. Are we going to start to see the rise of cybersecurity companies who protect against rogue cybersecurity assets?

I'll tell you what, even when CrowdStrike had their issue with the blue screen of death, we started seeing companies, right? We started seeing other security vendors saying, “OK, in the meanwhile, we can protect you. We can replace CrowdStrike with our agents, and we'll give you better protection in the meantime.” We’ve seen companies go to market with that as well. Not sure if we're going to see companies or security vendors saying, “OK, we can protect you against other security companies.” But I think more dominantly around supply chain, whenever there's a supply chain attack, right, it gets much more media coverage than almost every other, just because of the magnitude. The magnitude of impact that can be occurred due to it. It's a very tough job to protect against. That's what makes it so, so lucrative for threat actors, I would say.

Great. Thank you. If people want to be able to connect with you and Cynet, where can they find you guys online?

First of all, they can reach out to us via our website; it’s cynet.com. There's a bunch of different ways where they can contact us via the website. That's a great place to check out Cynet, see our demo, connect with our people. I'd be happy if someone wants to reach out to me directly, can find me on LinkedIn.

Awesome. Aviad, thank you so much for coming on the podcast today.

Of course. Thank you so much for having me. I had a great time. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Notified When We Release New EpisodesALERT ME

X

Logo

Get Notified

When we release
new episodes

We will only send you awesome stuff!

Privacy Policy

×

 
×

Easy Prey Self Assessment Cover

Are you safe or at risk? Find out.

We’ll send you instructions to download the self-assessment right away. It takes only a few minutes to complete.

We hate spam and promise not to spam you.
Unsubscribe at any time.

Privacy Policy

×

Hire Me To Speak

Privacy Policy

×

Privacy Policy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on every page of our site.

The Way We Use Information

We use email addresses to confirm registration upon the creation of a new account.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

On occasion, we may send email to addresses of registered users to inform them about changes or new features added to our site.

We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Affiliated sites, linked sites, and advertisements

CGP Holdings, Inc. expects its partners, advertisers, and third-party affiliates to respect the privacy of our users. However, third parties, including our partners, advertisers, affiliates and other content providers accessible through our site, may have their own privacy and data collection policies and practices. For example, during your visit to our site you may link to, or view as part of a frame on a CGP Holdings, Inc. page, certain content that is actually created or hosted by a third party. Also, through CGP Holdings, Inc. you may be introduced to, or be able to access, information, Web sites, advertisements, features, contests or sweepstakes offered by other parties. CGP Holdings, Inc. is not responsible for the actions or policies of such third parties. You should check the applicable privacy policies of those third parties when providing information on a feature or page operated by a third party.

While on our site, our advertisers, promotional partners or other third parties may use cookies or other technology to attempt to identify some of your preferences or retrieve information about you. For example, some of our advertising is served by third parties and may include cookies that enable the advertiser to determine whether you have seen a particular advertisement before. Through features available on our site, third parties may use cookies or other technology to gather information. CGP Holdings, Inc. does not control the use of this technology or the resulting information and is not responsible for any actions or policies of such third parties.

We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. For information about their specific privacy policies please contact the advertisers directly.

Please be careful and responsible whenever you are online. Should you choose to voluntarily disclose Personally Identifiable Information on our site, such as in message boards, chat areas or in advertising or notices you post, that information can be viewed publicly and can be collected and used by third parties without our knowledge and may result in unsolicited messages from other individuals or third parties. Such activities are beyond the control of CGP Holdings, Inc. and this policy.

Changes to this policy

CGP Holdings, Inc. reserves the right to change this policy at any time. Please check this page periodically for changes. Your continued use of our site following the posting of changes to these terms will mean you accept those changes. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.

 

×
close
Embed this image

Copy and paste this code to display the image on your site