Tech Leaders Weigh In On Bad Actors In Cybersecurity And How To Mitigate Risks

Addressing the talent gap is essential to mitigating cybersecurity risks effectively.

The United States has seen a wave of cybersecurity attacks over the years. In 2024, The Guardian reported that Volt Typhoon, a Chinese hacking group, infiltrated the networks of critical infrastructure organizations, including aviation, rail, mass transit, highways, maritime, pipelines, water, and sewage systems. U.S. intelligence revealed that the group had maintained access to some victim IT environments for over five years.

Among the high-profile incidents, MGM Resorts faced a staggering $100 million loss. They were hit with cybersecurity attacks, leading them to shut down their systems in September 2023 “to mitigate risk to customer information,” according to NBC News. This meant workers could not access company emails, slot machines were inaccessible, and some customers could no longer enter their hotel rooms. Despite these measures, the hackers were still able to retrieve sensitive information.

“We do understand that the criminal actors obtained certain personal information belonging to some customers who transacted with us prior to March 2019. This includes name, contact information, gender, date of birth, and driver’s license number,” said MGM Resorts CEO and President Bill Hornbuckle in a letter. The type of information impacted varied by individual. We also believe a more limited number of Social Security numbers and passport numbers were obtained. We have no evidence that the criminal actors have used this data to commit identity theft or account fraud.”

MGM Resorts resolved the matter in October 2023, and the company stated that it had restored and enhanced its IT department.

As cyber threats grow more complex, attackers have begun to adopt a business-oriented approach to their operations. Vishal Chawla, founder and CEO of BluOcean Cyber, with over 30 years of experience in the sector, expounded upon this during CES 2025 during a panel titled “The Cybersecurity Talent Gap.”

“What we’ve seen is the cybercriminals are not anymore. I joke two men in a truck, door wranglers, just try to come in.They have become organized. These companies have HR department,” Chawla told the audience. “You get paid. You come in 9 to 6. You’re done all day. You go home. So they are businesses. They are not just two people just trying to see you sitting in a basement. So that shift, bringing the professionalism to hacking companies and holding their muscles, that is a big shift we are seeing.”

How To Mitigate Cybersecurity Risks

Advancements in technology are also emboldening hackers. A report released by Keeper Security in 2024 highlighted that 800 IT leaders identify AI-powered attacks as the most challenging to mitigate. The survey reveals that over half of all cyber attacks are now AI-related. Among these, specific threats include:

• Deepfake technology and supply chain attacks – both 36%
• Cloud jacking – 35%
• Internet of Things (IoT) Attacks and 5G network exploits – both 34%
• Fileless attacks – 24%

Several suggestions were made to combat ba

d actors, including continuous upskilling to avoid becoming overly reliant on AI, greater awareness of digital footprints, investing in the workforce through security programs and training, and cross-collaboration.

Additionally, the need for talent and diversity will be crucial in the cybersecurity space. A 2022 research poll from the Aspen Digital Tech Policy revealed that just 9% of cybersecurity experts were Black. Additionally, 8% were Asian, and 4% were Hispanic. A lack of diversity leads to fewer perspectives when considering cybersecurity solutions.

According to Torrell Funderburk, chief information security officer of Sealed Air and panelist, the sector’s lack of diversity is not due to a lack of talent.

“I don’t think it’s a lack of talent because I think the talent is there. Just bringing in the right people that can focus on the right problems in the right way.  I think if you try to sort search for unicorns, you happen to find them,” he told AFROTECH™ during CES 2025. “It’s like Oxymoron. I think the talent is there. I met incredibly talent talented individuals who would do well in cyber who aren’t in cyber now. They just don’t know that they would thrive in cyber. So, whenever I do meet these people, I do encourage them to consider cyber.”

He added, “It takes a special type of curiosity and grit in cyber, and I think that will naturally align with a lot of African Americans. I think African American individuals that are in the tech space should be more confident in their ability to solve larger scale problems. I think naturally, especially in the U.S., we tend to be a lot more risk averse than kind of our peers. So I think that natural thinking of being able to assess a situation and make a decision actually enables you to be pretty successful in this field. So I would encourage, especially any diverse candidates, but especially African Americans to consider cybersecurity and trust themselves in their gut and kinda enter this field. I think there’s a lot of opportunity there.”