Exclusive: Cloudera’s Carolyn Duby warns of rising AI-powered cybercrime

The cyber threat landscape is evolving fast. And Carolyn Duby, Field CTO at Cloudera, says most companies "aren't keeping up."

"Cybersecurity incidents cost over $4 million on average," she said. "In the US, that figure is even higher, and the average recovery time is still 100 days. That's just too long."

Speaking exclusively to us during EVOLVE25 in New York, Duby warned that traditional defences are failing in the face of AI-enabled attacks and deepfake-driven scams.

The solution, she said, lies in smarter governance, data-led insights, and a secure-by-design mindset.

"We're seeing a huge uptick in cyber attacks powered by large language models," she said.

"People are now able to ask an LLM to create malware for them. It enables a lot more people to do a lot more damage."

Duby, who previously worked at SecureWorks managing event correlation pipelines, said these new tools are making cybercrime more accessible and effective.

"Cyber is a cat and mouse game. Something works until it doesn't. But with AI, the attackers are just getting better - faster."

Cyber risks go beyond money

The risks extend well beyond financial loss. In sectors like healthcare and government - two of the most targeted industries in the Asia-Pacific region - the consequences can be life-threatening.

"People should not be dying or having adverse medical results because of cyber," Duby said. "It's not acceptable, and it's happening. We had a breach in the U.S. where a prescription provider was taken offline. That's people unable to get their medicine."

The interconnectedness of digital infrastructure, from supermarkets to utilities, makes resilience more than just an IT issue. "Everything needs to be secure by design. Electricity, water, fuel - these are basic services. They must be built with recovery in mind."

Governance isn't a checkbox

As AI continues to drive transformation, Duby stressed the need to see data governance as more than a compliance requirement.

"The fact that you protect and govern your data properly is a huge accelerator for your entire organisation," she explained. "You can't have AI without data - and you can't have useful AI without governed data."

She pointed to a common issue: organisations collecting vast amounts of data without knowing how to apply permissions or controls.

"They either give access too broadly, or lock it down so tightly no one can use it. Until you solve those problems, you can't become an AI-driven enterprise. And that's what everyone wants to be."

How Cloudera is building resilience

Cloudera's response, according to Duby, is an end-to-end data platform that embeds security and governance from the outset.

But beyond that, the company is investing in capabilities that stretch across hybrid and multi-cloud environments - recognising that customers now operate across AWS, Azure, Google Cloud, and on-premise systems.

"We're evolving," she said. "You need to be able to interoperate. That's why we've embraced concepts like data fabric and federation."

Key to this approach is Trino, an open source project enabling secure, federated querying, and Octopai, a data lineage tool. Cloudera's recent acquisition of the SaaS platform Taikun adds another layer of governance capability across cloud environments.

"Every cloud platform has its own security and governance model. What Cloudera offers is a way to apply consistent policies across all of them. That's unique."

She added: "You can move data between environments, and the policies travel with it. That means it stays secure, governed, and under control."

Deepfakes, fraud, and the human element

While technical solutions are essential, Duby said organisations must also invest in training and processes that account for human vulnerabilities.

"Humans are the weak link. We all have that lizard brain that kicks in - 'My kid's in jail, I need to send money.' Scammers exploit that."

She cited a recent experience: "I got a call that looked like it came from Wells Fargo. I don't even have an account there. But a lot of people do. It was convincing."

Deepfakes, she warned, are becoming impossible to detect.

"People are focusing on detection - but they're just getting better and better. You can't rely on spotting them."

Instead, she called for more friction in sensitive processes. "A bank sent $25 million after a deepfake. Maybe if someone's going to wire $10 million, it should involve more steps. More people. More checks."

Even personal banking apps are adapting. "I like that some banks limit how much you can move in a day. It's a small thing, but it adds protection."

What works across industries

Duby believes some cyber strategies are universally applicable, regardless of sector.

"Zero trust helps everyone. So does log analytics. And data - data is key to monitoring, defence, and response."

But threat modelling must be industry-specific. "Financial firms worry about money. Governments worry about espionage. You've got to know what your crown jewels are."

And too often, organisations don't make full use of their data. "We've got so many tools in cyber. But none give a complete view. You can't just store data - you need to analyse it. That's where the value is."

Ultimately, Duby said, resilience requires more than technology. It's about community.

"We won't beat the attackers with just one company's tools," she said. "We need open source. We need collaboration. This problem is too big for any one vendor to solve."