Raluca Saceanu discusses evolving security threats in the age of sophisticated AI technology.
With current conflicts, disruptive politics and the rapid advancement of technologies, the global cybersecurity sector is facing many challenges.
As companies grow, leveraging data and technology to achieve organisational goals, threat actors are evolving right alongside them, waiting to strike. For Raluca Saceanu, the CEO of cybersecurity company Smarttech247, the cyber landscape is ever-changing and organisations have a job on their hands to tackle the often complex problems that arise every single day.
“What is particularly exciting for us now is that we’re working on something that’s helping bridge the gap between data security and broader cybersecurity,” she told SiliconRepublic.com, explaining that it is a challenge that many organisations are facing today.
“Data is at the heart of everything, and it’s also one of the biggest targets for cyberattacks. Yet, many businesses struggle to keep track of where their data is, how it’s being used or whether it’s properly secured.”
Rather than approaching the topic of data and wider cybersecurity as if they were two separate entities, Saceanu is of the opinion that a unified solution that works across different environments is key to building and maintaining a safer digital ecosystem.
Knowledge is power
As ransomware attacks, phishing campaigns and data exfiltration events become more sophisticated, everyone, not just the larger, more established organisations, has a target on their back. In 2023 alone, worldwide cybercrime costs were projected to be roughly €7.6trn, a figure that is expected to triple by 2027.
“The value of data has skyrocketed in recent years, transforming it into one of the most sought-after commodities in the digital age. The rise of AI and machine learning has only amplified the threat to data, as attackers can now automate their efforts and create more sophisticated and targeted campaigns.”
Saceanu noted that Irish organisations, like those globally, are struggling to secure their systems and private information, with industries that typically hold sensitive data, such as those in healthcare, finance and education, being particularly vulnerable.
“We have seen a massive focus on targeting organisations that operate in critical infrastructure for various motivations – financially oriented or to disrupt operations. This means that there are more and more ransomware attacks on manufacturing, energy and healthcare that are not only encrypting data, but also exfiltrating this data to ask for enormous ransom payments because they know that these organisations cannot afford any disruption.”
For Saceanu, this shift to an environment driven by data and under near constant threat has led organisations to experiment with advanced technologies such as AI in order to improve efficiency and spearhead innovation, however, it can be a double-edged sword as these technologies depend on large amounts of data.
“The risk of exposing sensitive or proprietary information during the adoption of such tools has become a significant barrier, which is becoming a key challenge for numerous organisations that are looking to advance their innovation,” she said. And on the other hand, barriers to entry for cyberattacks are lower than ever as cybercriminals leverage AI tools to develop highly sophisticated scams.
Mythbusters
Because the industry involves complex technology, advanced security and highly skilled professionals to oversee it all, there are numerous myths around cybersecurity, malicious behaviours and the steps needed to protect your devices, private data and organisations.
According to Saceanu, one of the more common and critical misconceptions is the idea that only large, multinational companies are at risk, likely due to the fact that they receive a disproportionate level of coverage when affected by scams and attacks.
However, she is eager to remind people that cybercriminals cast wide nets, and often smaller and medium sized organisations lack the robust infrastructure to protect sensitive data or detect when their systems have been breached in a timely fashion.
“Cyberthreats can affect everyone. Phishing scams, ransomware attacks and credential theft are no longer rare occurrences, they’re persistent and evolving. Hackers don’t only target high-value organisations, they often target individuals who might unknowingly reuse passwords, fall for social engineering tactics or connect to unsecured networks.”
Advanced deepfake technologies have even evolved to a point where cybercriminals can mimic CEOs and other known acquaintances, creating video and audio to request large sums of money or highly sensitive information.
“These attacks underscore the deeply invasive and harmful nature of modern cybercrime and they highlight how no one is truly immune to these evolving threats.”
It’s a team effort
Saceanu finds it to be a particularly damaging myth that cybersecurity is considered purely the responsibility of IT teams. Building and maintaining a secure, safe and informed cybersecurity framework, she explained, is a “shared responsibility that requires engagement across the organisation, from the boardroom to the frontline”.
“We are now witnessing a significant shift in regulations and frameworks, such as NIS2 and SEC requirements, which place direct responsibility and accountability for cybersecurity on senior management and boards of directors.”
To better protect themselves, organisations should ensure that they have perfected the basics, as no system, regardless of how advanced it may be, can stand strong atop a weak foundation. Continuous education, upskilling and the utilisation of technical tools can fortify companies and the individual against malicious behaviours, Saceanu advised.
“Organisations should prioritise accessible and engaging training programmes that equip employees with the knowledge and confidence to navigate today’s complex threat landscape. Awareness initiatives should be seen as a key investment, not a tick-box exercise, ensuring employees feel supported and valued in their role as part of the organisation’s defence.
“At the same time, businesses must implement layered security measures, so that even if a threat exploits human nature, it is contained and cannot spread throughout the organisation. By combining employee awareness with good technical safeguards, organisations can foster a culture where employees are empowered partners in cybersecurity, not viewed as risks.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.