In the age of artificial intelligence, data security is more of a priority than ever.

As enterprise AI adoption rapidly grows, so do security risks. The consequences could be dire for companies that do not have all their data in order when faced with AI-powered phishing and cyberattacks.

Varonis’ Brian Vecci (left) and CNA’s Rizwan Jan (center) talk with theCUBE about protecting data assets in advance of attacks.

“Nobody breaks into a bank to steal the pens,” said Brian Vecci (pictured, left), field chief technical officer of Varonis Systems Inc. “Data is what a threat actor is after. … of all the digital assets that enterprises have, data is what’s most important. It’s also what they have the most of and they know the least about. It’s very difficult to protect something when you don’t know what you have and where it is.”

Vecci and Rizwan Jan (pictured, right), vice president and chief information officer of CNA Corp., spoke with theCUBE’s Jackie McGuire at the RSAC 2025 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed data security and the perils of Shadow AI. (* Disclosure below.)

Ensuring data security as shadow AI grows

Poor data management has become a central issue of AI adoption, but its effects go beyond siloed data and unreliable models. Companies that don’t understand the location of their “crown jewels” can end up paying millions to fix their mistake, according to CNA’s Jan — CNA is an independent, nonprofit organization that conducts research and analysis to support national safety and security.

“In 2024, when [UnitedHealthcare] got hit by that ransomware attack and they ended up paying $22 million just to get their data back and then $2-plus billion for reputational harm and to help their subsidiaries out, and [they] crushed 142 million Americans with their healthcare data,” he said. “Understand what your data sets are, take the AI out of that first, get your classification, your data classification in order [and] then you understand what you’re protecting.”

Research shows that employees are giving large volumes of data to AI in a phenomenon called shadow AI, which poses an additional risk to company security. Varonis enables employees to use generative AI tools while minimizing data exposure.

“Almost every company has a giant data swamp, and they have no idea what they have and where it is,” Vecci said. “It’s the unknown unknowns that are going to kill you, especially when you give people the greatest information retrieval tool ever.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2025 Conference event:

(* Disclosure: Varonis Systems Inc. sponsored this segment of theCUBE. Neither Varonis nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE