05-07-2025
Building resilience in the age of AI
Since going mainstream less than three years ago, artificial intelligence (AI) has already proven a valuable tool. Unfortunately, it has been valuable not only to businesses, but also to cyber criminals. Consequently, the cybersecurity landscape has undergone a seismic shift as traditional approaches are no longer sufficient.
This means change is needed, said Dana Simberkoff, AvePoint's chief risk, privacy, and information security officer.
'AI-driven cyberattacks require a proactive and data-centric defence, moving beyond traditional perimeter security,' Simberkoff said.
This fundamental change in approach reflects the reality that sophisticated, AI-powered threats can exploit vulnerabilities at unprecedented speed and scale. Meanwhile, the widespread adoption of hybrid work models has dramatically expanded attack surfaces, creating new challenges that demand innovative solutions.
'The AvePoint Confidence Platform builds cyber resilience by understanding and fortifying data, mitigating risks within your digital workspace before they become breaches,' Simberkoff said.
The key to this transformation lies in gaining deep insights into organisational data. Rather than focusing solely on network boundaries, modern cyber defence must centre on understanding data's fundamental characteristics.
'We provide deep insights into user activities and configurations, applying automated policies and intelligent data classification to prevent AI from exploiting vulnerabilities and ensure good cyber hygiene against insider risks,' she said.
This data-centric approach addresses a critical gap that many organisations face: data governance can be a real struggle due to a lack of practical integration and understanding of that data.
The solution involves a fundamental shift in methodology, Simberkoff said: 'AvePoint bridges these gaps by shifting to data-driven governance, automating discovery, mapping, and classification of information.'
A crucial element of this new paradigm is embedding security considerations from the outset. 'We integrate security and privacy by design, helping organisations create policies and IT controls that make it easier for end-users to do the right thing with data.'
Such an active stance moves beyond reactive security measures to create an environment where good security practices become inherent rather than imposed.
Addressing modern workplace challenges
The hybrid work revolution has fundamentally altered the security equation. Simberkoff identifies the core challenge as being that hybrid work expands attack surfaces, with sensitive data accessed from various networks and devices.
Such a distributed environment requires a comprehensive approach that provides continuous visibility and control. The solution involves implementing granular oversight capabilities.
'Our platform provides comprehensive visibility into your digital footprint, enabling granular access control and continuous monitoring of permissions and data,' Simberkoff said.
This visibility is coupled with automated response mechanisms: 'We apply automated policies to roll back unauthorised changes and address the human element by fostering a culture where security is a shared responsibility.'
The emphasis on shared responsibility reflects a broader understanding that technology alone cannot solve modern security challenges. The human element remains paramount, requiring organisations to cultivate a culture where every employee understands their role in maintaining security.
AI-driven cyberattacks require a proactive and data-centric defence
Artificial intelligence adoption presents both opportunities and challenges for organisations.
'Accelerating AI adoption securely means a proactive, layered approach prioritising data security and governance from the start,' Simberkoff said.
This recognises that AI tools are only as secure and reliable as the data they process.
'We help clients build a strong data foundation, assessing and securing their digital workspace to ensure AI tools safely leverage clean data,' Simberkoff said.
'Automated policies continuously monitor for configuration drift, coupled with clear AI-acceptable use policies, demonstrate that secure AI adoption is achievable."
The regulatory landscape adds another layer of complexity, with evolving requirements, such as DORA and NIS2, demanding integrated solutions.
The response involves centralised risk management: 'The AvePoint Confidence Platform offers centralised risk management, automated data classification, and real-time policy enforcement across your digital estate.'
This comprehensive approach extends to incident management and audit capabilities: 'This enables efficient incident management, provides essential audit trails, including continuous data protection with multi-SaaS cloud backup which helps organisations prove conformance to meet specific legal obligations,' Simberkoff said.
The path forward requires organisations to embrace a holistic strategy that combines technological solutions with cultural change. By understanding and fortifying data at its core, organisations can move from reactive defence to proactive resilience, ensuring business continuity while maintaining stakeholder trust in an increasingly interconnected and data-driven world.
