This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

How AI Is Supercharging the Same Old-School Attacks with Ryan Witt

[00:00:00]

Drex DeFord: Hey everyone. Uh, glad you're here. We're at HIMSS 2026, the big conference. I've got Ryan with me from Proofpoint. How you doing? How's everything going?

Ryan Witt: It's great. That's hims. How many HIMMS have we done together here?

Drex DeFord: We been a lot. I know. We're just thinking about that. IWI came to my first hims in 1997, so I think this is like 28 Hess for me.

How about you?

Ryan Witt: I think I'm over 20. I'm not at 28, but I'm over 20. Well,

Drex DeFord: you know, I got a couple of years on you. You do. So that's right. The white beard. The white beard guys. Uh, tell me what you're doing at Proofpoint. Tell me what you're up to. Tell me what the company's up to.

Ryan Witt: So Proofpoint is all about protecting the human layer.

Uh, you know, about how humans are, are, are interacting in this case within the healthcare system and the tools they use, how they collaborate, and making sure those interactions are all protected and safeguarded. My job at Proofpoint is really straightforward. I try to connect the dots to what we do [00:01:00] as a company to go solve for healthcare industry use cases.

I guess in a HIMSS context, it's all around making sure that cyber risk does not inhibit clinical interactions and having a clinical disruption because of some sort of cyber event.

Drex DeFord: You spend a lot of time with customers and, uh, a lot of conversations, you see a lot of real world stuff happening right now.

What's kind of piqued your interest? What's the thing that you think everybody's kind of talking about or worried about right now?

Ryan Witt: I think from what I see is I think healthcare has done a great job of.

Significantly improving overall security hygiene. Mm-hmm. Uh, where the attack surface is today are where it's mostly acute, it's all around identity information. Like that's, people are not necessarily abusing, uh, a compromised firewall, whatever. They're really abusing, trusted relationship.

Drex DeFord: And so

Ryan Witt: particularly on collaboration tools.

So it is still the nirvana state for a threat actor to [00:02:00] get credentials. You get credentials, you can do all sorts of things. So. And, and that that's what they're trying to, trying to max trying to do still. So how do they get credentials? They're attacking people, they're attacking people and how they work, uh, and where are they working most, most, most prevalently.

So it's gonna be obviously email tools, messaging systems, et cetera. So I think that's what we still see very, very much top of mind. People are talking about that from a cyber standpoint, but also really around how is AI changing. Healthcare, health tech changing the world. But how's it changing healthcare?

I mean, we're seeing healthcare is not normally a faf adopter for anything, technology wise, right? Right. Well, I think the ai, they're actually yeah, doing pretty well. So ambient ai, I don't know. I mean, I haven't had a engagement with a clinician, none of my loved ones or family where it's not being, there's not an ambient AI tool now recording that engagement.

So we are absolutely, um. And doing a [00:03:00] lot from a productivity sort of standpoint, but we are also opening the threat sector from a how much, how is that data being stored? What's happening with that data? How are those tools being utilized?

Drex DeFord: Yeah, I'll I'll ask you one last question 'cause it's kind of the flip of that.

AI for the good guys. That's all the stuff that we see here are the conference folks using AI to, uh, make healthcare better for patients and families. Um, the bad guys are using AI though, and a lot of it is to social engineer through email and other com platforms to, to get those credentials to go and do the bad things.

What are you seeing out there? What would you recommend to folks?

Ryan Witt: I mean, a hundred percent. I mean, that's, AI has just made, and so I, I guess my concern would be, if I wanna go back a second, my concern would be is not so much get overly fixated on all these AI use cases. Not that they're not important as they are, but.

All of the old school attack methods still work. They're the ones that are most impactful. Those are the ones where they make the most, um, have the most success. And how are they using them? They're using them [00:04:00] in a social engineering way. Um, that's where they're trying to compromise trust. They're trying to compromise permissions and, and, and take over identities.

And so they're using AI in a way that. Uh, what, what yesteryear's attack used to look like is just way more compelling now. Way more, it's super

Drex DeFord: power.

Ryan Witt: It is power, but it's really, really hard now to discern about the type of email or type of traffic type of message that you should not interact with. Like that.

If I'm a security team than a hospital, I know that the two list is like, you know, yay long. Yeah. But like, that's where the lion's share of activity is happening. When we see any sort of cyber event. Hit the news or ransomware event or whatever. You can almost always, not always, but very frequently trace it back to some sort of compromised credential.

Drex DeFord: Yeah.

Ryan Witt: So how they doing that, doing that, and social engineering, ai. So,

Drex DeFord: hey, I'm really glad you stopped by today. Thanks

Ryan Witt: for being in

Drex DeFord: here.

Ryan Witt: Good to see you.

Drex DeFord: Thanks a lot.