AI agents to play key role in ANZ IT security, report finds
The survey reveals that all respondents see a role for AI agents in assisting with IT security, with 36 per cent of IT security teams in the region currently using such agents in their daily operations.
The proportion of security teams using AI agents is expected to grow rapidly, with predictions it will reach 68 per cent within the next two years.
According to the findings, 71 per cent of organisations in Australia and New Zealand are planning to increase their security budgets during the year ahead, just below the global average of 75 per cent.
AI agents were highlighted as being capable of supporting various tasks, including faster threat detection, more efficient investigations, and comprehensive auditing of AI model performance.
The global survey, which included more than 2,000 enterprise IT security leaders—with 100 respondents from Australia and New Zealand—also pointed to several challenges associated with adopting AI in security practices.
Despite widespread recognition that practices need to evolve, with 75 per cent of respondents acknowledging the need for transformation, 58 per cent expressed concern that their organisations' data infrastructure was not yet ready to maximise the potential of AI agents.
"Trusted AI agents are built on trusted data," said Alice Steinglass, EVP & GM, Salesforce Platform, Integration, and Automation. "IT security teams that prioritise data governance will be able to augment their security capabilities with agents while protecting data and staying compliant."
The report noted that while both IT professionals and malicious actors are integrating AI into their operations, autonomous AI agents offer an opportunity for security teams to reduce manual workloads and focus on more complex challenges. However, deploying agentic AI successfully requires a strong foundation in data infrastructure and governance.
In addition to familiar threats such as cloud security vulnerabilities, malware, and phishing, the report found that IT leaders now also rank data poisoning within their top three concerns. Data poisoning involves the manipulation of AI training data sets by malicious actors. This concern is cited alongside cloud security threats and insider or internal threats.
Follow us on:
Share on:
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 hours ago
- Techday NZ
ShinyHunters & Scattered Spider escalate attacks on Salesforce
Security firm ReliaQuest has reported a resurgence in activity from the cybercriminal group ShinyHunters, which has launched attacks against Salesforce and targeted major organisations including Google. ReliaQuest's recent assessment has analysed domain registration patterns and infrastructure related to ShinyHunters, suggesting a potential collaborative relationship with the threat group Scattered Spider that may have started as early as July 2024. High-profile campaigns ShinyHunters has re-emerged following a year of relative inactivity, during which most operations had subsided after the arrest of several alleged members. The group, previously known for high-profile data breaches and credential theft campaigns, is now targeting high-profile companies across various sectors, including technology, finance, and retail. Their primary method of monetisation remains the sale of stolen data on underground forums. The recent campaign is marked by the use of phishing domains and Salesforce credential harvesting pages, which indicate a refined approach compared to previous efforts. Reported evidence includes the emergence of a BreachForums user under the alias "Sp1d3rhunters" linked to both ShinyHunters and historical breaches, as well as overlapping characteristics in domain registrations. Potential collaboration ReliaQuest's analysis highlights significant similarities between ShinyHunters' recent tactics and those attributed to Scattered Spider. These include coordinated domain registrations themed around phishing campaigns, particularly relating to ticketing and Salesforce, and employing vishing and credential harvesting attacks mimicking IT support staff. These developments have prompted speculation about collaboration or sharing of resources and infrastructure between the two groups. "This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group's previous credential theft and database exploitation. These campaigns have included hallmark Scattered Spider techniques: Highly targeted vishing campaigns, impersonating IT support staff to trick employees into authorising access to malicious 'connected apps'; Apps that often masquerade as legitimate tools (in this case, Salesforce), allowing attackers to steal sensitive business data; Okta-themed phishing pages to trick victims into entering credentials during vishing calls; VPN obfuscation using Mullvad VPN to perform data exfiltration (here, on victims' Salesforce instances). These tactics align closely with Scattered Spider's trademark methods and those of the broader collective, The Com, fuelling speculation about active collaboration between the groups." The assessment further points out circumstantial evidence of an alliance, such as the overlapping presence of both groups in similar attack sectors and timeframes, and online cybercriminal forum activity that combine their names and tactics. Additional support for the collaboration theory comes from reports by DataBreaches, which described a Telegram threat actor under the alias "Sp1d3rhunters," claiming that the groups "are the same" and "have always been the same." The same alias surfaced on BreachForums in May 2024, shortly before data from a significant breach was leaked, previously attributed to ShinyHunters. Targeted sectors and methods The investigation identified a series of phishing domains registered between June and July 2025, designed to impersonate well-known brands. Examples include domains such as ticket-lvmh[.]com, ticket-dior[.]com, and ticket-louisvuitton[.]com, which were registered just before reported breaches in the luxury sector. ReliaQuest highlighted that the format and registration details of these domains closely matched those used in Scattered Spider campaigns, including the use of keywords like "okta," "helpdesk," and "sso" with specific formatting conventions and privacy services masking registrant identity. Many of these domains led to Okta-branded phishing pages or were associated with vishing campaigns leveraging fake Salesforce applications to facilitate data exfiltration. Further investigation revealed more than 700 domains registered in 2025 matching these phishing patterns, with a notable shift since July 2025 from targeting professional and technical service organisations to a 12% increase in domains aimed at financial services, while targeting of technology firms fell by 5%. The report also notes that the United States remains the most targeted country by substance and volume of impersonating domains, despite recent campaigns against UK-based organisations. In Q2 2025, ReliaQuest observed that 67% of all organisations named on ransomware leak sites were US companies, a trend mirrored in domain impersonation activity. Recommendations for defence ReliaQuest recommends organisations focus on mitigating tactics, techniques and procedures (TTPs) rather than attribution to specific groups. It suggests prioritising defences against phishing, vishing, and credential harvesting, while monitoring for newly registered domains that imitate company or SaaS provider branding. "The most important takeaway is the clear effectiveness and adaptability of these tactics. Whether targeting luxury brands, financial institutions, or other high-profile organisations, these campaigns illustrate that no sector is immune to the risk of highly targeted social engineering attacks." Additional best practices include hardening social engineering defences, restricting administrator permissions on services such as Salesforce, conducting regular staff awareness training, and mandating multi-factor authentication (MFA) for all users. The report advises routine scans for endpoints following MFA attacks and immediate disabling of compromised user accounts if suspicious activity is detected. Ongoing risk and vigilance Looking forward, domain registration patterns indicate that banks, financial services organisations, and technology service providers are most at risk, given the attackers' focus on high-value, monetisable data and access to large client ecosystems. "Ultimately, the collaboration between ShinyHunters and Scattered Spider represents a high and evolving threat. Organisations should take immediate action to strengthen their defences, as the speed, scale, and adaptability of these campaigns continue to test the limits of traditional security operations." The report concludes that as cyber threat actors continue to rotate infrastructure, adapt their behavioural patterns, and leverage social engineering, organisations across all sectors should enhance detection capabilities and maintain heightened awareness of impersonation threats, particularly those geared towards widely used cloud-based applications and services.
Techday NZ
2 hours ago
- Techday NZ
Google breach exposes major risks in Salesforce cloud security
Google has confirmed that the threat group ShinyHunters managed to access customer data stored in one of its Salesforce databases, highlighting ongoing vulnerabilities in popular cloud-based software-as-a-service (SaaS) solutions. The incident is the latest in a series of high-profile breaches targeting companies reliant on platforms such as Salesforce, with similar attacks having previously impacted Cisco, Qantas, and Pandora. According to Google's Threat Intelligence team, the attackers notoriously relied on advanced voice phishing - or "vishing" - strategies to deceive employees into granting access credentials. ShinyHunters, which has grown in prominence within the cybersecurity community, reportedly utilised a malicious version of Salesforce's Data Loader application in this instance to further its aims. Commenting on the implications of the breach, David Stuart, cybersecurity evangelist at Sentra, said, "This breach is the latest in a string of attacks targeting Salesforce environments, from Qantas to Pandora and now Google. It's a clear signal that attackers are focusing on where data is most concentrated, and often least visible - within cloud SaaS applications. Voice phishing tactics and other forms of social engineering are proving effective because the security model for SaaS platforms like Salesforce typically relies too heavily on perimeter controls and user authentication." He continued, "Organisations need to shift their mindset: it's not just about securing systems, but understanding where sensitive data originates and lives, how it moves, and who touches it, and being proactive about ensuring its security posture. Without that baseline of visibility and control, even the most trusted cloud platforms can become data vulnerabilities." The incident involving Google and Salesforce has underscored key weaknesses in the way businesses manage data and defend digital assets. While cloud adoption accelerates for efficiency and scalability, security oversight within these environments has yet to keep pace. Rather than exploiting software flaws, attackers are increasingly capitalising on the human factor, manipulating staff through deceptive lures such as fake support calls, emails, and malicious third-party applications. Richard Taylor, managing director of marketing technology consultancy Digital Balance, remarked, "Another day, another data breach. This time revealed by Google with Salesforce once again at the centre. The attackers, known as the ShinyHunters group, leveraged a malicious version of Salesforce's Data Loader application, tricking employees into granting access. This incident follows a pattern where threat actors are not exploiting technical flaws in platforms but are instead using social engineering tactics to compromise systems." He added, "This highlights that even with robust security measures, the human element can be the weakest link, leaving sensitive data vulnerable. This pattern suggests a need for stricter security protocols and training around third-party application usage." Industry experts have long cautioned that existing security models for SaaS platforms can create a false sense of safety. Perimeter defences and even multi-factor authentication can be sidestepped if users can be convinced to hand over credentials or authorise malicious applications. This reality is leading to calls for more granular monitoring of where sensitive data resides, continuous auditing of data movements, and more aggressive training of staff to identify and resist sophisticated phishing attempts. As businesses continue to invest in cloud services, the burden falls on both the vendors and their customers to ensure adequate defence measures. Enhanced monitoring tools, tighter controls over third-party integrations, and fostering a culture of scepticism regarding external communications are all recommended as next steps. The rise in such attacks reflects the evolving threat landscape in which traditional security endpoints are no longer the only battleground - increasingly, the user base itself is in the crosshairs. The breach serves as a reminder that while SaaS platforms can offer significant operational benefits, they are not immune from novel and persistent cyber threats. Ongoing vigilance, education, and robust internal controls remain essential to defend against both technical and social vectors of attack.
Techday NZ
13 hours ago
- Techday NZ
MiQ integrates Lifesight data to boost Sigma ad platform insights
MiQ and Lifesight have announced a partnership that will see Lifesight's location-based data integrated into MiQ's Sigma platform for use in cross-channel media planning, audience targeting, and measurement. The collaboration allows Sigma users to benefit from Lifesight's movement data, thereby supporting more granular audience segmentation and enhancing understanding of shopper behaviour. Sigma, which was launched as an AI-powered programmatic advertising platform, combines data from over 300 sources and analyses some 700 trillion consumer signals, ranging from television viewing and online browsing behaviours to in-store purchasing activity. According to MiQ, the new data flows will enable technology users to derive deeper insights into both in-store and online behaviours. The Sigma platform is designed to unify and activate data across the programmatic ecosystem, supporting multiple advertising channels within a single environment. Sigma aims to aid media planners and traders in harnessing complex datasets and optimising campaign outcomes for advertisers and agencies. Fiona Roberts, MiQ's Managing Director for ANZ, said the partnership with Lifesight would advance the company's ambition for its Sigma platform within the JAPAC region. "Our partnership with Lifesight is a major step in enhancing our Sigma platform across JAPAC - bringing together context, commerce, and audience intelligence under one roof. With this integration, we're unlocking deeper visibility into both browsing and buying behaviours, enabling more precise and actionable insights for brands." The combined dataset promises to deliver new capabilities in analytics, segmentation, and campaign measurement. Vishal Shah, Head of Product JAPAC at MiQ, outlined some of the practical advances made possible by the agreement. "We're now able to unify browsing and buying signals to power commerce analytics, behavioural segmentation, and offline attribution across key channels like display, CTV, YouTube, social, and DOOH. I am especially excited about the operational control this partnership with Lifesight gives us across the region - enabling proprietary IP development, faster troubleshooting, and addressable audience activation across all major DSPs. It gives MiQ a measurable edge in precision, agility, and campaign intelligence." Lifesight's approach comprises consent-based data collection, supported by advanced AI modelling for measurement and attribution. The company's platform centralises diverse data sources and provides tools for marketing mix modelling, incrementality testing, and attribution analysis. This provides marketers with real-time insights for evidence-based decision making. Peter Madani, Director of Sales and Partnerships APAC at Lifesight, commented on the value of the partnership for clients seeking to merge online and offline behaviours in their marketing analytics. "Our strategic partnership with MiQ connects Lifesight's high-quality, software development kit-sourced location data directly into Sigma - unlocking access to over 300 million monthly consented devices across the region. It's a powerful step forward in unifying online and offline behaviours, while also solving for data fragmentation. Together, we're enabling more cohesive planning, precise targeting, and outcome-based measurement across every major channel, including CTV." The arrangement follows MiQ's recent data partnership with OzTAM, which saw OzTAM's VOZ television viewership data incorporated into another MiQ tool, TVi, to provide cross-platform measurement capability spanning linear TV, BVOD, streaming services, and YouTube. Lifesight provides marketing measurement tools to brands, integrating predictive analytics and real-time optimisation, while MiQ offers programmatic media and data-driven services to agencies and advertisers across several international markets. Follow us on: Share on:
