According to Ben Young, Field CTO at Veeam's APJ, Artificial Intelligence (AI) is adopted by local businesses, there are both opportunities and risks.
He also believes that companies are under pressure to not only adopt new technologies but also strengthen their defenses as hostile groups increasingly utilize the same innovation for malicious purposes.
“All verticals can benefit from some form of AI adoption,” Young argues. “But it's a double-edged sword. Just as we're trying to innovate, the enemies of threat groups are also leveraging AI.” He points to the increasing accessibility of AI-powered toolkits that lower the bar to launch attacks. “We have a tool that can be purchased as a subscription for hundreds of US dollars a month, allowing non-experts to launch highly compelling phishing campaigns.
This sharp escalation of sophisticated threats and volumes is coming at a critical time when organizations are also accelerating their AI strategies.
Originally founded the brand with backup and disaster recovery, Veeam is rapidly expanding its portfolio to deal with evolving landscapes, protecting hybrid environments, SaaS platforms and providing storage for backup workloads. Young said that Azure's partnership with Microsoft in particular has now enabled it to provide backup as a service, leveraging the global economy of scale with “no exit and API transaction fees.” But he quickly adds that adaptability is part of its core. “The other clouds are on the roadmap for doing these things.
An expanded definition of business resilience brings the area of backup and security closer together. 90% of cyberattacks focus on backup repositories, resulting in a tangled disaster recovery and cybersecurity. “Backups are a last resort and threat actors know that. If they take out your backup, your only option is to pay the ransom and want the best,” explains Young. The acquisition of Coveware from incident response company Veeam allows real-world telemetry and threat intelligence to be integrated directly into Veeam's product development and customer education initiatives.
Regulation changes also play an important role. The recently enacted Japanese CyberDefense Bill requires ransomware incident reporting and regular response plans to develop. Young praised this direction, saying, “It's important to talk about the incident. Among these, these are not board-level discussions, but security teams struggle for the budget.”
He points out that cyber forcedness is no longer a niche risk. In particular, financial institutions and public sector organizations are fighting increasingly sophisticated AI response attacks, balancing diverse cross-border compliance, governance and privacy regulations.
“Shadow It” surge – there, SaaS, AI applications, or cloud projects whose departments are not approved will launch new blind spots. “We see a lot of small shadow projects, especially when we're rushing to experiment with AI. When it reaches production, who is taking care of that system? That's the same shadow we've seen for many years.
This requires a step change in visibility. Veeam responds by mapping and analyzing customer data footprints and building automated support, monitoring and reporting capabilities through its observability platform. The company's AI-powered Veeam Intelligence Engine is designed to propose repairs, generate code samples, and flag natural language risks.
The complexity of new architecture exacerbates the challenges of AI adoption. “I'm really good at securing databases and web servers because I know what they are and how to back them up. But with the introduction of vector databases, AI agents and model training checkpoints, we need new strategies,” explains Young. The potential costs and risks of AI project failure, including losing weeks of model training due to corrupted data, are urging businesses to consider backing up and restoring their infrastructure before IT remittance. “Agents will be the centre of the future, especially using reliable, reflective AI systems. The good news is that most of these platforms run in the environment.
Young identifies security lapses as a permanent monitoring of the current rush to implement AI. “It's a shiny new thing, and the basics are forgotten. If people can make people think about security as part of their DNA while deploying AI, they'll be better.” He warns that most SaaS providers run a shared responsibility model. “Microsoft or Salesforce takes care of the platform, not the data. If it is removed from the cloud, GONE-VENDORS will not provide a complete backup. Data is your responsibility.”
Against this background, organization-wide preparation is required to respond to threats. Veeam's customer workshops and regular incident simulations demonstrate their commitment to education as an active defense. “Preparation is key. Practice and planning. You use tools, test backups, scan for vulnerabilities, and have response plans. For example, Yarra's signature rules can be imported to scan specific attack stocks in the backup archive,” says Young.
Young notes that Veeam's AI and Resilience roadmap is fixed on five pillars: infrastructure resilience, intelligence, pre-security and post-attack, and business value extraction from archival data. For example, the company's long-standing data integration API allows the surface of unstructured data, from images to documents, for AI applications, analytics, or compliance. “AI applications need fuel, and that fuel is data. Devaluation from our organization means thinking beyond expensive, monolithic data lakes, instead focusing on our ability to extract insights from all data sources, whether structured or not.”
“Our role is to help expand compliance, governance and regulatory requirements, but to bring responsible opt-in AI capabilities to our customers, helping them prioritize data protection, cybersecurity and digital transformation at the board level,” concludes Young.
“It's important to talk about the incident. It raises awareness among all organizations. Otherwise it won't become a board-level discussion and the team will have a hard time getting a budget for something like this.”
