CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Mandy andress headshot
#
Data Analytics
#
SIEM
#
IoT

The rise of the creative cybercriminal: Leveraging data visibility to combat them

Thu, 21st Aug 2025
By Mandy Andress, Chief Information Security Officer, Elastic

In 2023, Australian investors lost $8 million to investment trading scams that used deepfake videos of celebrities endorsing fraudulent schemes. Since then, deepfake threats have escalated to target Australian businesses as well. A MasterCard-commissioned research found that 20% of Australian businesses were targeted by deepfakes in the past year, with 12% falling victim to manipulated content - often posing as clients, suppliers, or even senior executives.

The Australian Taxation Office (ATO) has also sounded the alarm, reporting a more than 300% surge in impersonation scams, frequently timed around tax season to exploit business distractions.. These scams can impersonate customers, clients, suppliers, or even senior executives to trick employees into authorising fraudulent transactions.


Human Element and AI

Cybercriminals are increasingly using sophisticated digital tactics to exploit the weakest link in any security system: people. Social engineering attacks, where attackers manipulate victims using personal information gathered from social media or other sources, remain a common tactic.

With AI having gained mainstream adoption, it's no surprise that these bad actors have also turned to this technology for their nefarious purposes. This includes using deepfakes, or images, videos and audio that have been edited or generated using AI, into their social engineering attacks.


Increasing sophistication and scale

Outside of social engineering, hackers have also utilised AI to create malware that is adaptive and scalable. This advanced form of malware can change its code to evade detection or find and exploit vulnerabilities in software and systems.

Cybercriminals have also demonstrated remarkable creativity in getting "unwitting" machines to siphon off money, gather sensitive information or sabotage services in the form of botnets. The term botnet combines "robot" and "network", referring to a collection of compromised devices that work together to carry out malicious activities including reading system data, accessing and extracting files or data, and exposing vulnerabilities in other devices.

Virtually any device connected to the internet is susceptible to being incorporated into a botnet, including computers, laptops, mobile devices, and Internet of Things (IoT) devices. Recent warnings from cybersecurity researchers have indicated an emergence of a new botnet specifically designed to target digital video recorders and routers.

The increasing scale, sophistication, and frequency of cyberattacks have led many experts to believe that they are not just conducted by individuals or small groups looking for financial gain, but possibly by larger groups or state-sponsored entities. Launching these Advanced Persistent Threats (APTs) requires a level of resources that only cybercrime organisations with substantial funds possess.

Combating the Modern Cybercriminal

In response to the evolving cyber threats faced by organisations and governments, a comprehensive approach that addresses both the human factor and their IT systems is essential.

Employee training in cybersecurity best practices, such as adopting a zero-trust approach and maintaining heightened vigilance against potential threats, like social engineering attacks, are crucial.

Similarly, cybersecurity analysts and Security Operations Centres (SOCs) play a pivotal role by utilising Security Information and Event Management (SIEM) solutions to continuously monitor IT systems, identifying potential threats, and accelerating their investigation and response times. Given that these tasks can be labor-intensive, integrating a modern SIEM solution that harnesses generative AI (GenAI) is essential. This approach not only automates routine and time-consuming tasks, but also significantly improves visibility, analytics, and response speed.

The foundation of a sound cybersecurity approach

For GenAI-driven SIEM solutions to effectively showcase their capabilities, it is essential to incorporate proprietary data that provides business-specific context. This means investing in advanced search solutions capable of retrieving data from any source through retrieval augmented generation (RAG).

Among the various types of data, unstructured data, such as audio, video, or textual data, emails and text messages, constitutes the largest portion but is also the most challenging for organisations to leverage and transform into actionable insights. When combined with AI, advanced search platforms can locate, manage, and analyse unstructured data to not only decrease costs, drive efficiency, and identify market opportunities, but also bolster security.

By integrating GenAI's data processing capabilities with an advanced search platform, cybersecurity teams can search at scale across vast amounts of data, including unstructured data. This approach supports critical functions such as monitoring, compliance, threat detection, prevention, and incident response.

With full-stack observability, or in other words, complete visibility across every layer of their technology stack, security teams can gain access to content-aware insights, and the platform can swiftly flag any suspicious activity.

For example, Network for Learning (N4L), a Crown-owned (government-affiliated), deployed a comprehensive enterprise SIEM solution to provide safer digital environments for more than 2,450 New Zealand schools, and help protect approximately 900,000 users. The SIEM solution brings data in from multiple log sources, handling multiple terabytes of data every day and more than 300,000 events per second.

This has led to massively accelerated search and detection times, with N4L identifying and resolving a cyber-attack within a few hours instead of taking a few days before the deployment of the SIEM solution.

Companies should not overlook the fact that GenAI also brings conversational search capabilities to SIEM applications. This allows cybersecurity professionals to interact with SIEM solutions using natural language, rather than relying solely on code. This makes SIEM solutions more accessible to junior security analysts who may not have extensive domain knowledge, greatly lowering the barriers to adoption for many organisations.

While many companies have already begun using their data for business intelligence, the same set of data can also serve other purposes. With an advanced search platform in place, organisations can incorporate AI in their cyber defenses to proactively detect and prevent threats and improve response times. By fully utilising proprietary and unstructured data, organisations can continuously innovate, adapt and strengthen their security posture.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Castles opens Melbourne hub to drive Pacific growth
Enterprises race to modernise asset management as digital demands rise
Driving the future of Australia’s fleet management in 2026 and beyond
Sage named leader in IDC ranking for AI PSA & ERP
Accenture & Snowflake launch joint AI data unit

Top stories

AI reshapes supply chains as disruption becomes the norm
Ecommpay gains full DAC approval for accessible site
National AI plan to turbocharge Australia’s AI uptake
Tenable hack of Copilot AI agent exposes fraud risks
Networking as a financial catalyst: Unlocking true cost efficiency