Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Defending Against AI-Driven Social Engineering Attacks

Okta
04/21/2026
19
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • AI has dramatically increased the sophistication of social engineering attacks, with threat actors using deepfakes, voice cloning, and CEO impersonations across multiple communication channels.
  • Employees are the first line of defense and require ongoing training, phishing simulations, and awareness programs to recognize and report suspicious activity.
  • Organizations must deploy phishing-resistant MFA, passwordless authentication, enhanced email security, and Zero Trust architecture to combat advanced attacks like those from Scattered Spider.
  • Strong threat detection and response capabilities are essential because preventive controls alone cannot stop all attacks—organizations must detect and triage threats quickly.

Summary

In this Okta Executive Exchange interview, Thoughtworks CISO Nitin Raina discusses the rapidly evolving landscape of AI-powered social engineering attacks and deepfakes. Raina explains how threat actors are leveraging artificial intelligence to create sophisticated deception campaigns, including CEO impersonations, fake interviews, and voice cloning attacks delivered across multiple channels like email, WhatsApp, and SMS. He emphasizes that employees serve as the first line of defense and outlines a comprehensive security strategy that combines employee training, phishing-resistant MFA, email security tools, and Zero Trust architecture. Raina also addresses how advanced cybercrime groups like Scattered Spider are bypassing traditional MFA through SIM swapping and man-in-the-middle attacks, requiring organizations to deploy passwordless solutions and strengthen threat detection capabilities. The conversation concludes with Raina's advice for CISOs to position themselves as business enablers who partner closely with functional leaders to balance security with organizational agility.

Chapters

0:00 - Introduction
0:31 - The Rise of Sophisticated Social Engineering
1:21 - AI-Powered Deepfakes and Attacks
2:53 - Employee Training as First Line of Defense
3:45 - Technical Controls and Zero Trust
5:32 - Bypassing MFA and Advanced Threats
6:41 - Advice for CISOs

Key Quotes

0:51 "We're seeing a lot of very intelligent, smart attacks happen. A lot of deception, fake attempts happening. It has become so sophisticated. AI has played a very crucial role in assisting both the attackers and the folks on defending it."
1:55 "We are seeing a deep fake from a CEO impersonation. We are also seeing a lot of fake interviews. We are seeing a lot of these happen through multiple channels. So you could see it from an email, you could see it from non-official collaboration channels like WhatsApp, SMS."
3:10 "People, employees, they are the first line of defense. So you have to spend time and effort to train them."
5:01 "The attacker is getting advanced, they are leveraging AI, and other automation and other tech to actually penetrate some of the controls that the organizations are putting. So can you detect things sooner? Can you flag things sooner? ..."
7:15 "Are you clearly a business team player? So when you are working with your business, do they understand what security initiatives that you are trying to do? Are there things that if you do well, you can actually enable the organization to go fast."

Categories:
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Security Operations
  • AI & Machine Learning
  • Zero Trust
  • Executive Briefing
  • AI-driven social engineering
  • deepfakes and voice cloning
  • phishing-resistant MFA
  • employee security training
  • Zero Trust architecture
  • business email compromise
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Defending Against AI-Driven Social Engineering Attacks

              Upcoming Webinar Calendar

              • 06/10/2026
                11:00 AM
                06/10/2026
                Action1: Vulnerability Digest--Patch Tuesday & Other Updates
                https://www.truthinit.com/index.php/channel/1997/action1-vulnerability-digest-patch-tuesday-other-updates/
              • 06/10/2026
                02:00 PM
                06/10/2026
                Understanding the True Costs of DIY Data Classification vs. Buying Solutions
                https://www.truthinit.com/index.php/channel/1985/understanding-the-true-costs-of-diy-data-classification-vs-buying-solutions/
              • 06/23/2026
                10:00 AM
                06/23/2026
                Stay Informed on the Latest Keepit Partner Developments – June 23
                https://www.truthinit.com/index.php/channel/1990/stay-informed-on-the-latest-keepit-partner-developments-–-june-23/
              • 06/25/2026
                01:00 PM
                06/25/2026
                Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier
                https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/

              Upcoming Events

              • Jun
                10

                Action1: Vulnerability Digest--Patch Tuesday & Other Updates

                06/10/202611:00 AM ET
                • Jun
                  10

                  Understanding the True Costs of DIY Data Classification vs. Buying Solutions

                  06/10/202602:00 PM ET
                  • Jun
                    23

                    Stay Informed on the Latest Keepit Partner Developments – June 23

                    06/23/202610:00 AM ET
                    • Jun
                      25

                      Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

                      06/25/202601:00 PM ET
                      More events
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version