Thank you to everyone who joined us for Instinct vs AI: The Human Firewall in an AI World and don’t worry if you couldn’t attend – we’ve recapped it for you here.
Our latest webinar reunited ITC Service and our partners at Sophos to explore how artificial intelligence is shaping the world of cyber security – and why human instinct still matters.
Sophos is a global security partner, providing services like endpoint protection, managed detection and response (MDR), and email threat protection. We’ve worked with Sophos for years, proudly achieving “gold partner” status.
Marketing Manager Connor Thomas was joined by Senior Technology Evangelist Jon Hope from Sophos to explore the growing role of AI in cyber defence.
Introducing our SecurePackages
The session opened with a quick introduction from Connor and welcome to Jon, setting the scene for the webinar.
Connor re-introduced our new package-model approach to cyber security, emphasising the importance of Sophos products within each stack – with robust MDR support baked into every package, from SecureStart through to SecureComplete.
Hype vs reality: how criminals actually use AI
There’s plenty of noise about AI writing unstoppable malware. The real, right‑now shift is speed and believability:
- Fake websites in seconds. What took ~40 minutes a few months ago can now be spun up in -40 seconds – good‑looking, on‑brand, and purpose‑built to harvest logins or payment details.
- Phishing that sounds like you. AI systems can mimic fluent English, your brand’s tone, and visual style. Old training tips (“look for bad spelling”) no longer cut it. We need to update how we coach teams to spot phishing in 2025.
- Deep‑faked voices (and soon video). Verifying a request by “just calling” may not be bulletproof forever; consider a shared verification word for high‑risk approvals.
The attacker is human. So is the defence.
Most successful attacks are human‑led, not just “set‑and‑forget” malware. We see multi‑stage intrusions, supply‑chain pivots, credential theft, “living off the land” with legitimate tools (e.g., PowerShell, RDP), and exploited unpatched systems – still the most common entry point.
Crucially, in 83% of incident response cases, there were warning signs days before the big hit. The typical pattern spans about five days: illicit logins, privilege escalation, data exfiltration, backdoors – then encryption. Technology alone can miss the build‑up; trained analysts connect the dots.
AI for good: what modern defences look like
AI isn’t only a threat – it’s also how we keep up:
- Pattern spotting at scale. Sophos has long used ML/AI (e.g., in Intercept X) to spot “new but similar” attacks among hundreds of thousands of unique threats daily – work no human team could do manually.
- Smarter email & web checks. AI can read an email like a savvy analyst: weird sending domains, urgency wording, mismatched links and imagery, even on-the-fly website classification when a user lands on a brand‑new site.
Why MDR belongs in every SecurePackage
MDR (Managed Detection & Response) adds the missing human layer – 24×7 analysts who hunt, verify, and act.
From alert to action fast. AI triage moves an event to a staffed case in -1 minute; analysts then investigate (25 minutes) and either wake you for decisions or take authorised action, achieving a 38‑minute mean time to respond. For context, internal teams’ median response is 16 hours – an eternity during an active attack.
Sees beyond one product. MDR ingests telemetry from Sophos plus third‑party tools you already own (e.g., Microsoft 365, firewalls, backup platforms). That means better early‑warning signals and more value from existing investments.
We’re dedicated to giving our clients the very best in modern cyber security solutions, which is why MDR plays a core role across all of our packages.
5 Key Takeaways from the session
1) Refresh phishing training for the AI era.
Move beyond “spot the typo.” Teach staff to question unexpected requests – even when they “sound right” – and to pause before clicking.
2) Add a human verification step for payments/changes.
Use a pre‑shared, offline verification word for high‑risk approvals. Don’t rely on voice alone.
3) Patch like your business depends on it.
Because it does. Unpatched systems remain attackers’ favourite door in.
4) Test your backups the attacker’s way.
Check scope, access, and restore – not just “backup completed” emails. Consider immutable/offline options.
5) Don’t go it alone.
24×7 threat hunting is a big ask for most teams. That’s why MDR is included across our security packages – so expertise is on‑tap when it matters.
Thank you for attending
We build these sessions on your feedback. If there’s a topic you’d like us to cover next why not get in touch and let us know? We’d love to hear from you.
You can still watch Instinct vs AI, and all of our other webinars, here.
