Malik Haidar has spent years in the trenches of multinational corporations, navigating the complex intersection of high-level business strategy and technical cybersecurity. His approach isn’t just about firewalls and encryption; it’s about understanding the human and economic machinery that keeps a global enterprise running. In this discussion, we explore the alarming acceleration of cyber threats fueled by artificial intelligence and how IT professionals must pivot from a purely defensive stance to one of comprehensive resilience. We delve into the shrinking timelines of modern attacks, the staggering financial toll of email-based fraud, and the necessity of unifying security and recovery workflows. Malik also outlines why the traditional security stack is buckling under the weight of AI-generated phishing and how organizations can reclaim the advantage through automation and immutable data protection.
The landscape of cyberattacks seems to be shifting at a dizzying pace. How is artificial intelligence fundamentally changing the way attackers approach their initial reconnaissance and the crafting of phishing campaigns?
The speed at which we are seeing attacks evolve is truly breathtaking, and frankly, it’s a bit unsettling for those of us on the front lines. In the past, a sophisticated phishing campaign required a team of humans to research targets, scrape data from LinkedIn or company websites, and meticulously craft a message that sounded legitimate. According to the 2025 Cost of a Data Breach Report, this process used to take roughly sixteen hours of manual labor to get just right. Now, with the help of AI, that entire workflow has been compressed into a mere five minutes, allowing attackers to launch polished, personalized strikes at a scale we’ve never seen. You can feel the shift in the air; it’s no longer about a clumsy hacker making typos, but a machine-driven precision that makes these emails indistinguishable from a legitimate project update. This efficiency allows bad actors to hit hundreds of targets simultaneously, turning what was once a artisanal craft into a high-speed assembly line of deception.
With attackers moving so much faster, many organizations are realizing their legacy security systems are struggling. What are the specific bottlenecks in the traditional security stack that make it difficult to counter AI-driven threats?
The hard truth is that most of our security infrastructure was built for a much slower world, and now those systems are starting to creak under the pressure. One of the most painful issues we see is alert fatigue, where security tools scream at analysts in an endless, deafening roar of notifications. When a human analyst has to manually sift through a mountain of noise to find one genuine threat, they are already losing the race against an attack that can move from an inbox to a compromised account in minutes. We also see a massive problem with disconnected tools that don’t talk to each other, forcing IT teams into a frantic scavenger hunt across different platforms just to figure out what’s happening. This manual investigation process is slow and exhausting, creating a dangerous gap between the moment an intruder enters and the moment someone actually stops them. By the time a human finishes validating an alert, the attacker has often already escalated their privileges and mapped out the entire network.
Business Email Compromise remains a massive financial drain on global commerce. Based on recent data, what is the actual scale of this damage, and why is it so difficult to prevent?
Business Email Compromise, or BEC, is a quiet killer because it relies on social engineering rather than just malicious code, making it incredibly lucrative for criminals. The 2026 Kaseya Email Security Report highlights a staggering $2.8 billion in reported losses, with the average incident draining $129,193 from a company’s coffers. You can imagine the gut-punch a CFO feels when they realize a “convincing” email from a partner led to a massive fraudulent payment that simply vanished. These attacks are harder than ever to spot because AI can reference real projects, use the correct corporate jargon, and mimic the tone of specific executives perfectly. Your employees are being tested by machines that don’t sleep and don’t make mistakes, meaning the financial and emotional toll on a business can be devastating before anyone even realizes a crime has occurred. It’s no longer enough to tell people to look for bad grammar; the tools themselves have to become smart enough to recognize a behavioral shift in how an account is acting.
If the traditional methods of spotting phishing are becoming obsolete, what should modern email security look like to effectively serve as a first line of defense?
Modern email security has to move beyond the old “blacklist” mentality of just looking for known bad links or suspicious attachments. We need tools that can perform deep behavioral analysis, essentially learning what “normal” looks like so they can instantly flag when an account starts acting in an unexpected way. It’s about catching impersonation attempts even when the message looks like it’s coming from a trusted, legitimate source by analyzing the metadata and sender patterns. I’m a big believer in providing real-time guidance to users—think of it as a digital shoulder-tap that warns them a message is risky before they click that link or share their credentials. The goal is to catch the unknown threats, the “zero-day” social engineering scripts that have never been seen before, rather than just reacting to the attacks of yesterday. If your security doesn’t use AI to fight AI, you’re essentially bringing a knife to a high-speed rail gun fight.
You’ve spoken about the shift toward “cyber resilience” rather than just focusing on prevention. How does this philosophy change the way a business operates during a crisis?
Cyber resilience is a fundamental shift in mindset because it accepts the reality that no defense is perfect and some attacks will eventually break through. Instead of just trying to build a taller wall, we focus on limiting the “blast radius” and ensuring that the business can keep breathing even while it’s under fire. This means that recovery time is no longer just a technical detail—it becomes a critical business metric that determines whether a company survives or goes under. We have to define clear Recovery Time Objectives (RTO) upfront so that everyone knows exactly how long it will take to get back to normal operations. When you prioritize resilience, you’re building a system that can absorb a hit, isolate the damage, and restore service with such speed that the interruption feels like a minor hiccup rather than a catastrophic failure. It’s about turning what could be a business-ending crisis into a manageable incident through smart architecture and prepared response plans.
In an era where attackers are known to target the very systems meant to save a company, how has the strategy around backups evolved?
Attackers are smart; they know that your backups are your “get out of jail free” card, so they go after them with a vengeance to ensure you have no choice but to pay the ransom. This is why immutable backups—data that cannot be altered, deleted, or encrypted even if an attacker gains administrative credentials—have moved from being a luxury to an absolute necessity. But having the data isn’t enough; you have to prove you can actually use it by testing the recovery process under pressure. I’ve seen too many organizations realize too late that a backup they never tested was corrupted or incomplete, which is a heartbreaking way to lose a business. Security and recovery teams can no longer work in silos; they must be unified in a single workflow so that the moment a threat is detected, the path to restoration is already being cleared. A backup that hasn’t been restored in a test environment is nothing more than a collection of hope, and hope is not a viable security strategy.
For MSPs and internal IT teams who are currently feeling overwhelmed by the speed of these new threats, what is the most effective way to simplify their defense strategy?
The best thing any team can do right now is to aggressively simplify their security stack to eliminate the blind spots created by having too many disconnected tools. You want a clear, unified picture of your environment so that when an incident hits, you aren’t wasting precious seconds logging into five different dashboards. Automation is your best friend here—use it for the repetitive stuff like alert triage, initial threat investigation, and containment, so your human experts can focus on high-level decision-making. We also need to build layered defenses where email security, endpoint protection, and backup systems are all communicating and compensating for each other’s gaps. Finally, never underestimate the power of security awareness training; when your users are well-informed, they stop being a liability and start acting as a human early-warning system. By connecting security and recovery into a single, cohesive engine, you take away the attacker’s biggest advantage: the time they spend in the shadows.
What is your forecast for the evolution of ransomware over the next few years as AI continues to mature?
I expect we will see ransomware become even more automated, moving toward “autonomous” attacks that can pivot and change tactics in real-time based on the defenses they encounter. We are entering an era where the “dwell time”—the period an attacker stays hidden in a network—will shrink as AI-driven tools rapidly escalate privileges and exfiltrate data before a human can even finish their morning coffee. However, this also means our defensive AI will become more predictive, shifting from reacting to incidents to actually anticipating them based on subtle patterns in network traffic. The “who can move faster” race will only intensify, making the integration of security and data recovery the single most important factor in business survival. Ultimately, the winners will be the organizations that stop viewing security as a series of barriers and start viewing it as a continuous, automated cycle of protection, detection, and near-instant recovery.
