Specialty Podcast: Preparing for the Future of Cyber Risk - AI, Vendors and Incident Response

Intro (00:00):
You are listening to the Alliant Specialty Podcast, dedicated to insurance and risk management solutions and trends shaping the market today.

CJ Dietzman (00:09):
Welcome everyone to another episode of the Alliant Specialty Podcast. CJ Dietzman here from Alliant Cyber. So thrilled to be speaking with you all today. Thanks for joining us, and I am super excited about today's episode. I have a good friend and former colleague and certainly an ongoing colleague as a cyber risk and security practitioner, Daniel Tobok, who is CEO of CYPFER. This man is a specialist, a leader, a practitioner in digital forensics recovery, incident response. He's an impressive guy, and every time I talk to Daniel, I continue to learn so much. Daniel, welcome, and thank you for joining the Alliant Cyber Specialty Podcast.

Daniel Tobok (00:53):
Thank you, CJ. Pleasure to be on.

CJ Dietzman (00:55):
Great. By way of background, Daniel, if you wouldn't mind, give our audience a quick intro. I gave a bit of background on you, Daniel, but in your own words, tell us about you and what you bring to the podcast today, please.

Daniel Tobok (01:07):
Of course. Thank you. Very kind of you. I've spent the last 27 years, what I call, chasing ghosts in forensics and cyber and security. Currently I'm the CEO of CYPFER, a global organization that deals with ransomware advisory, incident response and of course post-breach recovery.

CJ Dietzman (01:27):
Excellent. Thank you for that, Daniel. Let's get right into it because I know our listeners are eager to hear what you have to say and are going to benefit from this. First things first, here we are, Q2 2025. Daniel, with all the work that you do serving clients and organizations around the globe, what are some of the key trends around cyber threats, cyber incidents and cyber threat actor activity that you've observed, particularly coming out of Q1?

Daniel Tobok (01:54):
That's a great question. I have about 4,800 forensic investigations under my belt, and the interesting part is as we continue growing in this industry, you're consistently seeing the evolution of the threat actors. It's always a cat and mouse game of who is able to actually take the lead. One of the biggest, I would say, trends that are out there is really the rise, the sharp rise of generative AI in usage of the threat actors to actually compromise systems, extract data, hold for ransom and have access into corporate environments. There's been an overwhelming increase in those type of attacks that, again, AI is the back-ending supporting all this. We all remember the days of bots and automation, and this is basically the next level.

CJ Dietzman (02:50):
Interesting, interesting. Now I have to ask you this. With so much buzz on AI and all the things you just mentioned and dare I say, the ongoing evolution and innovation of these threat actor approaches, what about ransomware? Ransomware is still a big thing. Go ahead please, Daniel.

Daniel Tobok (03:08):
Yes, ransomware, again, unfortunately is still one of the biggest forms of attacks today in our industry. When you take a look at the landscape of the compromise of various organizations and the actual damages, ransomware is hovering around the 64% mark followed by a very close 30% of business email compromises. But ransomware extortion is still the biggest problem, the biggest epidemic we have in our cybersecurity industry.

CJ Dietzman (03:41):
Got it. What about the role of third-parties, vendors, service providers? When our clients are experiencing incidents, are you still seeing that there's frequently, maybe how often would be the question, a service provider or a third-party that plays a part in the incident?

Daniel Tobok (04:01):
Yes, a hundred percent. Over the last 18 months, based on our data and our stats, there has been a staggering increase of 260% of what we call a tax to third-parties. You're looking, irrelevant of your organization's security and maturity, which is really the number one thing everybody should be thinking about. Unfortunately, corporations are being attacked by a jumping board from their vendors and again, third-party vendors who are not as mature in their security, have not invested in the proper strategy to battle incidents in cybersecurity. So, definitely a very sharp incline over the last 18 months on that front.

CJ Dietzman (04:44):
That's an important message. Daniel, here we are. Blink your eyes, Q2, we're looking at summer 2025 right around the corner. What are the things that are on Daniel's radar and the CYPFER team's radar right now as you look out, either key threats or things that you say, CJ, these are some of the things that we strongly recommend clients focus on right now. What do you think?

Daniel Tobok (05:06):
Okay, great question. I got about probably about five or six items for that. First of all, again, AI powered cyber-attacks. It's here to stay. Leveraging artificial intelligence to conduct attacks have become more sophisticated. I would say the second one is adversarial attacks. They target actual AI models, and they manipulate the input data. They're trying to trick the system to make incorrect decisions or in a way provide a certain level of harmful outputs. The third one which we are seeing and it's really evolving, is data manipulation and data poisoning. This is all about compromising the integrity of the training data used by AI models, so the threat actors are going right to the core of what organizations are trying to use in order to have better security.

They actually want to alter, compromise the integrity of the data. The fourth one is model theft, and this is where threat actors attempt to replicate and steal proprietary AI models. The fifth one, and this is going to be a big one, it's model supply chain attacks. We all heard about various supply chain attacks and so on, but this is really all related to AI. As corporations are embracing and in a way implementing AI projects, which again has been a very sharp upline over the last 12 months, this is where the threat actors are going. They're basically going to the waterhole. They know you're going to have various AI installations, implementations and relying on that. They want to go right to the source. Last but not least is, I would say surveillance and privacy because there will be misuse of AI technologies, and the threat actors are going to use that to monitor individuals without their consent. They might even be able to have access into passwords and facial recognition and various data analytics, so these are some of my predictions coming on.

CJ Dietzman (07:08):
Very powerful message there, Daniel. Fantastic stuff. Let me ask you this, looking out on the horizon and as a message, dare I say, a recommendation from you, Daniel, based on all of your digital forensics incident response and recovery experience beyond just AI, which super important and disruptive. But in the broader sense, if there were three things that you would suggest our Alliant cyber clients think about by way of improving their cybersecurity program and their vigilance, if there were just three asks or three key considerations that Daniel, you would strongly recommend our clients consider as we enter Q2 here and beyond in 2025, what would those be?

Daniel Tobok (07:55):
CJ, you always have the best questions. It only comes with experience. I would say number one is definitely cyber awareness, which is a must today. It's critical to have everybody aligned and educated and on a certain maturity level to understand that each person plays a role in their organization's security stance. I'm referring to the phishing emails, the business email compromise, password strategies and so on, so cyber awareness training and education to me is a must today. Number two is obviously consistent assessments of what data you have, who has access to what. So, you really need to know your family jewels. Most of the companies that I speak with, either pre or unfortunately post-breach is, and you ask a very simple question, where is your data? Where is your most confidential, most precious data? Today’s organizations on every different level from small to medium to enterprise, still the highest score we've ever seen is 78%. Nobody has a hundred percent full understanding of their actual data. Knowing your data, assessing where your data is, is a must. Number three is have a plan. I don't want to sound cliché, we all heard this before from many people. It's not a matter of if, it's a matter of when. What is it that you're going to do to prepare when you have an incident, irrelevant if it's a small or a large incident, what are you going to do? Who's going to do what? What are the protocols? You've really got to be able to respond quick, respond hard because that is actually what is going to make the difference between a major impact to your organization or just an incident, and there's a very big difference.

CJ Dietzman (09:56):
Daniel, I think your messaging there was spot on. It has depth and weight, and it's also quite sobering, candidly, I think to hear it from you given your experience. Thank you so much for that, Daniel. Really fantastic stuff. For the benefit of our Alliant Specialty Podcast audience members, how can we get in touch with you, Daniel Tobok, at CYPFER?

Daniel Tobok (10:17):
Thank you, CJ. Cypfer is C-Y-P-F-E R.com and again, we always welcome any questions, any matters, anything that you need assistance with, even just to speak with an expert, contact us at any time.

CJ Dietzman (10:33):
Thanks for that. Folks out there, I have worked with Daniel on response matters over the years and some very tough days for some mutual clients, and Daniel and his team are a great team to have on your side when it matters most if you have a really bad day. Daniel, I want to thank you so much once again for joining us on the Alliant Specialty Podcast. You've been a great partner, colleague and friend all these years, and I think you raised some incredible points that hopefully clients will appreciate as well. Thank you so much, Daniel.

Daniel Tobok (11:03):
Thank you very much. Thank you for having me on.