Speed Data: The Dangers of Data Poisoning With Avi Yoshi

The Microsoft CTO discusses emerging threats and the challenges of cloud migration.
Megan Garza
2 min read
Last updated October 6, 2024
Megan Garza and Avi Yoshi

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week, we welcome Avi Yoshi, CTO and Solution Sales Leader for Microsoft Israel. With over two decades of experience in IT, Avi’s passion lies in harnessing technology to drive innovation and foster positive change.

Avi discusses the biggest threats on the horizon, including AI-enabled attacks and data poisoning, why migrating to the cloud is more challenging than you’d think, and why mastering the cybersecurity basics can be the biggest weapon in your security arsenal.

 

The challenges of replicating in the cloud

“Probably every day and every hour I’m dealing with security,” Avi said, smiling. “At Microsoft, I enjoy touching a wide, broad aspect of technology, and I find myself investing a lot of time around regulation, compliance, and security.”

Avi’s role involves assisting customers in migrating to the public cloud, and he has noticed a concerning trend during this process.

“Customers are trying to replicate not just the same technologies and solutions, but somewhat the same methodologies from on-prem to the cloud which cannot be mimicked — it’s not the same.”

The key concept SecOps must grasp when transitioning to the cloud is that it operates as a shared responsibility model, Avi said.

“You need to know that you will not control 100 percent of the asset because it’s a shared responsibility with the cloud provider and hyperscaler. I think this is the main gap — not understanding this philosophy.”

Attackers adjust tactics as security landscape evolves

As adversaries continuously develop new ways to breach an organization’s defenses, the most significant threats to be aware of shift daily, Avi said.

“If you ask me in two weeks or months from now what I foresee as the biggest risk to cybersecurity on the horizon, there would be new threats on the list because this domain is evolving.”

One ongoing threat that shows no signs of slowing down is an AI-powered attack.

The biggest threats I see are the AI-enabled attacks. Every CISO, every organization — even organizations that are just thinking about using or implementing AI — should think about what attackers will do with such a weapon in their hands.

Avi Yoshi, CTO, Microsoft Israel

 

Phishing with AI can be much more sophisticated and mimic very smart attacks. So now it has become even more important to be aware of that threat,” Avi said. “The bad guys always find new methods and tools to overcome our defenses.”

Avi also warns about the risk of data poisoning, in which attackers can alter data without needing to extract it.

“By grabbing my training data for AI, the attacker can manipulate the outcome without stealing the data,” he said.

Getting back to cybersecurity basics

Often, the most effective way to safeguard sensitive data is by following foundational cybersecurity principles like patching, regular software updates, and enabling MFA, Avi said.

“At Microsoft, we see a huge number of attacks around identity and passwords.”

Stolen passwords are on the rise, and customers need to consider multifactor authentication for every service and every application.

Avi Yoshi, CTO, Microsoft Israel

 

Ultimately, though, safeguarding your data begins with maintaining proper data hygiene.

“Of course, we understand why hygiene is important in real life,” Avi joked. “But hygiene in cybersecurity is vital. It sounds very common sense — that, of course, I need to patch — but not all organizations excel in that domain.”

Knowledge is key

Avi emphasizes that ongoing learning is crucial for becoming an effective security leader.

“Staying current and adjusting is so important because security is an evolving area. This is not a stagnant area where, ‘I’ve known something for 10 years. This is what I need to know, and that’s it.’ You need to adapt yourself to change,” Avi said.

“If your background is solid but you’re continuously learning and bringing this insight and knowledge, that’s the most important thing.”

We can’t know two or five years from now what the new technology will be, but your knowledge is your power.

Avi Yoshi, CTO, Microsoft Israel

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-film,-foodies,-and-the-future-of-tech-with-david-ulloa
Speed Data: Film, Foodies, and the Future of Tech With David Ulloa
Dr. David Ulloa, Chief Security Information Officer at IMC Companies, shares the best line of defense against a sophisticated threat actor.
speed-data:-ciso-leadership-tips-with-pat-benoit
Speed Data: CISO Leadership Tips With Pat Benoit
Pat shared the four leadership rules he follows, what it takes to succeed in cybersecurity, and why he just might be “The Most Interesting Man in the World.”
straight-from-the-ciso:-top-tips-for-today's-cybersecurity-leaders
Straight From the CISO: Top Tips for Today's Cybersecurity Leaders
We’ve gained massive insight from our conversations with CISOs and other cybersecurity leaders. Now, we're passing along their wisdom to you.
how-the-moveit-vulnerability-impacts-federal-government-agencies
How the MOVEit Vulnerability Impacts Federal Government Agencies
Our latest State of Cybercrime episode examines the MOVEit vulnerability and its impact on victims, including federal government agencies.