Global cybersecurity leaders gathered at CyberTech Tokyo 2025 to explore the shifting digital threat landscape.
CyberTech is a premier international conference that examines emerging technological challenges and uncovers new business opportunities in cybersecurity — especially in a world shaped by rapid AI advancement and shifting geopolitical dynamics.
The growing risk of generative AI
One notable panel at the conference featured Justin Wilkins, Regional Vice President of Sales Engineering at Varonis; Toshi Namiki, Country Manager for Japan at Varonis; and Asaf Kochan, former Commander of Israel’s elite Unit 8200. Mr. Maruyama from the Graduate School of Information Security moderated the discussion.
The panel tackled the growing risks posed by generative AI, especially when sensitive data is used to prompt large language models (LLMs). While AI offers efficiency and monetization, the panelists agreed that it also introduces serious vulnerabilities.
Asaf emphasized, "scanning and classifying data to determine what should not be trained on AI is a core fundamental element". Justin reinforced this point, stating, "The greatest risk in AI adoption is data security," and cautioned that many organizations lack visibility into the location and exposure of their sensitive data.
The rise of tools like Microsoft Copilot has further complicated the landscape. These platforms can inadvertently expose confidential information to unauthorized users. In fact, Varonis' research recently revealed that 99% of organizations have sensitive information exposed to AI.
Toshi outlined three key risks Japanese companies associate with AI utilization:
- External Attacks: Hackers exploit AI-powered chatbots to extract confidential data within seconds — a process that previously required months.
- Accidental Breaches: Employees unintentionally access sensitive information (such as salary details or M&A plans) when interacting with tools like Copilot, without malicious intent.
- Internal Threats: A growing number of cases involve employees deliberately using AI to collect proprietary data before transitioning to competing organizations.
How to strengthen your data security
The panelists emphasized that "data is the foundation of AI; without data, AI cannot exist." They outlined key strategies to protect sensitive information:
Data discovery and classification
Before data can be protected, organizations must identify and classify structured and unstructured data. Often, organizations focus strictly on structured data such as customer names, credit card numbers, or transaction records, when in reality, unstructured data can hold sensitive information. This could include passwords sent via email, internal communications, and pieces of intellectual property.
Data visualization
Companies need to visualize who has access to what data and whether any of it is publicly exposed. Labeling confidential data and enforcing permission controls helps prevent tools like Copilot from accessing sensitive content.
Optimizing access models (right-sizing)
The principle of least privilege is essential to data security in the age of AI. This means users should only have access to the data necessary for their specific roles, thereby minimizing accidental exposure. To do this, organizations can conduct regular audits, remove outdated or unnecessary access rights, or implement identity tools to automate enforcement.
Executive awareness: a critical gap
The panel also explored challenges unique to Japanese companies, particularly at the executive level.
"A unique challenge for Japanese companies is the absence of a clearly defined role responsible for overall data security," Toshi stated. "In particular, some departments outside of IT directly contract and manage SaaS applications, leading to fragmented oversight.There is limited awareness that corporate intellectual property is generated daily within these platforms, creating serious governance concerns".
He stressed the need for executives to recognize these risks accurately and establish a company-wide accountability framework. Justin and Asaf noted that overseas executives are more attuned to adversarial AI threats.
Justin added that traditional perimeter-based defenses, such as firewalls, are "no longer sufficient in the era of remote work and cloud adoption... these trends "have eroded the perimeter." He cited the U.S. federal government’s requirement for each agency to appoint a Chief Data Officer (CDO) as a clear example of the growing emphasis on data-centric security leadership.
The challenges of data protection
The panelists discussed both cultural and technical obstacles to effective data protection.
Asaf emphasized that the primary obstacle lies in “people and culture”. He noted that security teams often perceive data protection as “outside their scope of responsibility, leading to a lack of ownership and accountability.".
On the technical side, Justin pointed out that resistance to automation remains a significant challenge — particularly when implementing the least privilege model. He stressed that “manually securing petabyte-scale information is impossible, and automation is the only viable solution."
Toshi offered a forward-looking perspective: "While Japanese companies are often said to be five years behind Europe and the U.S. in responding to new technological waves, this actually presents a valuable opportunity to take shortcuts by learning from successful overseas examples and lessons".
Staying secure in the age of AI
Successful organizations distinguish between cybersecurity and data security and adapt to cloud-based environments and AI-driven operations. They understand that in the event of a breach, it's essential to know what data was impacted—not just that a breach occurred.
With mounting pressure to accelerate AI adoption, panelists emphasized that responsible implementation is key. Companies must prioritize governance and risk management over speed.
"CISOs and security leaders underscored the importance of quantifying the risks associated with AI adoption and communicating them clearly to executive leadership to foster informed decision-making and organizational alignment."
Varonis Data Risk Assessment (DRA)
Varonis Sales Engineer Kazuo Narisawa and Japan Country Manager Toshihiro Namiki introduced the Varonis Data Risk Assessment (DRA), a free service that helps organizations evaluate and visualize their data security posture.
The DRA identifies critical risks by detecting and classifying sensitive data, assessing access permissions, and automating access controls—especially in preparation for AI utilization.
It pinpoints:
- Where sensitive data resides
- Who has access to it
- What permissions are in place
This information is compiled into a clear, actionable report that helps prevent corporate data leaks and supports informed decision-making.
The DRA requires only one Windows server from the customer and delivers a comprehensive dashboard and management-ready reports within 2–3 weeks.
Toshi emphasized the value of the DRA, advising that it enables organizations to accurately assess risks, such as which files violate corporate policies or global regulations, relative to the total number of files.
Data stewards will gain visibility into the overall state of the data, confidential information, and the provisioning of access rights and permissions. This clarity allows organizations to establish an environment where AI can be utilized with confidence before moving forward with implementation.
Learn more and request your free Varonis DRA today.
-1.png)
