Experian’s Chief Product Officer for Identity and Fraud in the UK and Ireland, Paul Weathersby, joins me to unpack how criminals are using generative tools to fabricate documents, clone voices, perfect phishing at scale, and stitch together synthetic identities. We dig into the sharp rise in SIM swap attacks, why eSIM provisioning can accelerate takeovers, and how coordinated crews now treat fraud like a business with playbooks and orchestration.

Paul explains what works on the defensive side right now. Think adaptive, multilayered authentication that reacts to real risk signals, mobile network checks to identify recent SIM changes, behavioral biometrics, enhanced document and liveness detection, and AI that accelerates investigations while reducing false positives and compliance costs. We also look at more innovative data use, graph analytics to expose fraud rings, cross-industry intelligence sharing, and the FCA’s supersized sandbox that helps teams test models at high volume.

If you care about stopping account takeovers without breaking customer experience, this conversation is a practical blueprint for 2026 and beyond.

SIM swapping increased by over 1,000%

How to protect yourself from SIM swapping

*********

Visit the Sponsor of Tech Talks Network:

Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careerist

https://crst.co/OGCLA

Qualys CEO Sumedh Thakar joins me to unpack what cyber risk management really looks like when budgets are tight, signals are noisy, and AI is changing the game. Sumedh’s journey started in Pune with parents who prized education above everything. He arrived in the US with one hundred dollars, joined Qualys as one of its first software engineers, and two decades later is leading a global platform that helps banks, governments, and enterprises protect their digital infrastructure.

We dig into why compliance keeps tripping companies up, why the impact of digital crime now dwarfs many physical crimes, and how leaders can talk about cyber in a language boards actually understand. Sumedh explains the shift from counting exposures to quantifying business risk, and why the Security Operations Center is giving way to a Risk Operations Center that prioritizes what truly matters, accepts what must be accepted, and transfers the rest through insurance.

We also explore the cloud security market’s next phase as AI workloads pour into public and private clouds, why “attack surface” is not the same as “risk surface,” and how to weigh AI opportunity against model and data uncertainty. Sumedh closes with hard-won leadership lessons on time, teams, and defining success, and recommends Marshall Rosenberg’s Nonviolent Communication for anyone who wants to communicate beyond the words and lead with clarity.

Visit the Sponsor of Tech Talks Network:

Land your first job in tech in 6 months as a Software QA Engineering Bootcamp with Careerist

https://crst.co/OGCLA

What happens when there are 100 machine identities for every human one in your organisation? This is not a prediction for the future. It is the world we are already operating in, and the implications are profound.

In this episode of Business of Cybersecurity, I speak with David Higgins, Senior Director at CyberArk, about how AI agents, autonomous systems, and the sheer scale of machine credentials in the enterprise are reshaping identity security. We discuss why password reuse, unsecured personal devices, and skipped updates remain stubbornly common even though awareness training has been around for decades. David explains that the issue is rarely laziness. Instead, it is often a lack of secure and practical alternatives that still fit the way people work.

We dig into how phishing and social engineering tactics have evolved, with AI enabling deepfake audio and video that can pass casual inspection, and how attackers are increasingly bypassing tech-savvy users entirely by targeting helpdesks and third-party support teams. We also look at the commoditisation of stolen credentials and why buying access on the dark web can now be easier than running a phishing campaign.

A major theme in our conversation is the role of culture in security. David challenges the outdated idea that humans are always the weakest link, arguing instead for a more collaborative approach that blends security objectives with user experience. We explore strategies like adaptive authentication, behavioural context analysis, and just-in-time privilege models that reduce risk without slowing down legitimate work.

The discussion then turns to the identity challenges created by agentic AI. These are AI-driven systems that can interpret goals, adapt, and communicate directly with other AI agents and human colleagues. Unlike traditional machine identities, their behaviour changes over time, creating an entirely new category of security risk. David outlines how organisations can begin to secure these identities now, rather than deferring the problem until it becomes unmanageable.

By the end of this episode, you will have a clear view of why identity-first security is essential in a machine-dominated environment, what practical steps can be taken to close gaps without adding unnecessary friction, and why aligning identity strategy with your organisation’s digital roadmap is no longer optional.