Adversaries in the cyberworld are becoming increasingly sophisticated in their methods to deceive and steal from us. So far in 2025 alone more than 90,000 scams have been reported to Australia’s ScamWatch and with hundreds of millions of dollars lost to scams, it’s crucial to stay informed and vigilant.
Shannon Murphy has spent nearly a decade in the high-technology field working with brands in unified communications, developer tooling, devices, financial technology, biotechnology, cybersecurity and more. In 2021 she joined Trend Micro to bring a new security operations technology to market that made it possible for security teams to detect and respond to cyberattacks in real-time and eventually expanded her platform scope to include an early version of their risk management offering that Trend Micro now refer to as Cyber Risk Exposure Management.
Today, as the Senior Manager, Global Security and Risk Strategy, Ms Murphy helps bridge the gap between field sales, product marketing, executive leadership, research, and more. Playing a key role in shaping Trend Micro’s positioning in emerging markets like AI and modern security operations, but more importantly, spending time with cybersecurity leaders and practitioners to help evolve their defence approach.
Working across Trend Micro’s global business, Ms Murphy aligns 7,000+ field sellers with Trend Micro’s strategy and marketing teams. Part of this role sees Ms Murphy helping organisations stay ahead of evolving threats by shaping scalable security strategies rooted in innovation and business relevance. To achieve this, she works with cybersecurity leaders and partners to design solutions tailored to unique and emerging threat models, while also championing a security-first culture that empowers business leaders to understand and validate the value of a strong, resilient risk posture. For Ms Murphy, staying “out of the lab, and in the field”, being with the security community is where the greatest learning and growth happens.
Alongside this, Ms Murphy also serves as one of the company’s official spokespeople and has had the privilege to lead initiatives like their global sales kick-offs and the Trend World Tour, bringing their story to life on a global scale. It was at the Trend Micro’s World Tour 2025 Sydney event held in May that I had the privilege of learning from Ms Murphy’s insights into cybersecurity threats companies are facing today.
Phishing or social engineering is one of the key risks to cybersecurity and for a convincing attack to occur, the attacker needs data. Non-discrimination and non-bias are key characteristics of attackers. They don’t care if you’re a woman, if you’re a man, if you’re young or old, they don’t even care what you do for work.
“Adversaries do not discriminate, and in this way, phishing and social engineering attacks are not at all gendered. Anyone active on social media, whether they’re sharing travel adventures, professional updates, or family moments, faces a higher risk of phishing and social engineering attacks. Now with artificial intelligence supported reconnaissance and campaign creation, these tactics are becoming even more convincing, often impersonating brands, colleagues, or industry influencers to steal sensitive personal or financial information,” Ms Murphy shared with Driven Women Magazine.
Cybercriminals exploit publicly available data like location, routines, or workplace details to craft highly personalised scams. According to Ms Murphy, women, and all people active online, can protect themselves by making their accounts more secure – using multi-factor authentication (she emphasised the importance of this a number of times during her World Tour presentation), strong unique passwords, and being wary of friend requests or messages from unfamiliar profiles.
“Limiting the amount of personal and professional detail shared publicly and verifying unexpected messages through trusted channels are also key defences that can significantly reduce the risk of falling victim to phishing and social engineering attacks. Even the type of information shared in an Instagram handle (i.e. birth year) could provide helpful clues to an attacker when it comes to identity verification,” said Ms Murphy.
Small to medium enterprises, common in Australia’s automotive sector, often have less robust training and cybersecurity practices in place, which increases human risk within the organisation. Additionally, Trend Micro has seen employees who post work-related details online (e.g. LinkedIn posts about projects or company events) providing cybercriminals with data for AI-generated spear-phishing emails.
Trend Micro’s own research reported that 91% of advanced persistent threats (APTs) start with spear phishing emails. Furthermore, state actors have placed insiders within targeted businesses to influence operations, underscoring the need for thorough background checks for critical roles, a particular concern if this employee is considered ‘vulnerable’.
“A vulnerable employee is anyone whose role, access, or behaviour makes them a prime target. This includes individuals who have privileged access (e.g. IT admins or executives), junior or new employees who aren’t comfortable questioning authority figures, those in non-technical roles with limited cybersecurity training, or those who frequently share workplace details on public platforms. These behaviours make it easier for attackers to craft successful phishing or social engineering campaigns,” continued Ms Murphy.
Cybercriminals thrive on exploiting human nature – trust, fear, urgency, and curiosity – through tactics like phishing, social engineering, and deepfakes. These attacks often rely on cognitive biases, such as the authority bias (trusting perceived experts) or scarcity bias (fear of missing out), to bypass rational defences. As such, a diversity in experience and background will always bring a valuable and often overlooked perspectives to understanding threat motivation. A heightened awareness of social cues and risk earned through lived experience, certainly can help anticipate how attackers rely on emotion and trust dynamics to manipulate individuals into making mistakes.
“At Trend Micro I draw on that lens, alongside my education and expertise in cybersecurity, to inform strategies that account for both technical risk and human behaviour. It’s a perspective that adds important depth to how we think about building more resilient security cultures.
Instead of blaming employees for falling victim to phishing emails or deepfake scams, the focus needs to shift to building stronger, smarter security systems that account for human error. Cybercriminals are evolving rapidly, using AI-powered tools to manipulate individuals and exploit weak points in legacy systems – so organisations need to stay one step ahead,” said Ms Murphy.
At the World Tour Sydney event presenters talked about understanding all of the assets in a company that may be vulnerable to an attack, and this includes motor vehicles. In 2024, cyberattacks cost the automotive sector an estimated $22.5 billion, with most incidents targeting onboard systems like infotainment and vehicle operating software according to the VicOne 2025 Automotive Cybersecurity Report.
But it’s not just the vehicles themselves under threat – the infrastructure around them is proving vulnerable too. Insecure charging stations, outdated communication protocols and exposed cloud services now pose risks not only to cars, but to entire fleets and power grids. What’s more, cybercriminals are exploiting weaknesses across the supply chain, targeting everything from diagnostic software providers to component suppliers – an approach that led to a ransomware attack in 2024 which disrupted over 15,000 dealerships. To mitigate these threats, car manufacturers need to prioritise cybersecurity as a core design principle rather than treating it as a bolt-on feature according to Ms Murphy.
“Most drivers aren’t aware of how their cars fit into today’s threat landscape. As vehicles evolve into computers on wheels, their ability to access network resources and transmit telemetry data makes them prime targets for cyberattacks. These risks include potential exploitation of in-vehicle systems, payment systems, or even critical functions like braking, steering, or navigation. We’ve identified EV charging stations as being especially at risk, since they connect to both payment data and the power grid,” explained Ms Murphy.
With today’s vehicles collecting everything from GPS location and speed to voice commands and infotainment habits. Much of this data is often shared with third parties like data brokers, often without drivers fully realising what they’re consenting to. Ms Murphy describes this data as a “goldmine” for cybercriminals, especially for highly targeted social engineering attacks.
“Think phishing emails that reference your usual route, favourite podcast, or recent charging spot. The cybercriminal underground is already showing an interest in car data, especially as car modding (e.g. manipulating mileage or unlocking paid features) becomes more widespread in underground forums. To protect themselves, drivers should treat their car like any other connected device: review their car’s privacy settings, ensure software is up to date and stay alert on how their information could be used against them,” added Ms Murphy.
At Trend Micro, they’re securing the future of mobility through VicOne, their dedicated automotive cybersecurity arm, which builds on more than three decades of cyber defence expertise. As vehicles become software-defined and deeply connected, they provide multilayered protection across the entire automotive ecosystem. From securing in-vehicle networks and AI-powered cockpits to protecting EV charging infrastructure and backend cloud systems, their solutions are designed for real-time threat detection, rapid response, and long-term resilience.
Their xNexus platform enables car manufacturers to detect threats in real-time, while our Vehicle Security Operations Centres (VSOCs) integrated with Microsoft Azure IoT, help meet global standards like UN Regulation No. 155. They also work closely with partners like Panasonic, Luxoft, and SOAFEE to strengthen everything from embedded system security to cloud-native architecture.
Behind the scenes, Trend Micro’s global threat research identifies critical risks – from telematics vulnerabilities and DDoS threats to the emerging dangers of AI-driven attacks and 5G-enabled exploits. With tools like intrusion detection systems, encryption, machine learning, and firewalls, they’re ensuring end-to-end protection and helping the automotive industry build cybersecurity into its DNA.
Trend Micro is dedicated to making the digital and connected world safer through innovative tools and actionable insights. Technologies like AI, social media, and connected cars bring exciting possibilities but they also introduce real risks, from data breaches to sophisticated scams.
“To stay secure, use multi-factor authentication, limit sensitive information shared online, and for connected cars, check privacy settings, update software, and verify manufacturers’ cybersecurity measures. Our Trend Vision One platform leverages AI to block threats like phishing, while VicOne secures vehicles, from infotainment systems to EV charging stations. By providing cutting-edge solutions and fostering cybersecurity awareness, Trend Micro empowers everyone to confidently embrace innovation while protecting their digital and physical journeys,” said Ms Murphy.
Alongside its automotive security arm VicOne, Trend Micro is helping organisations do just that with solutions designed to support users of all technical levels and harden defences across environments prone to advanced threats. These include:
- Trend Vision One: an agentic AI cybersecurity platform, which uses AI-driven behavioural analysis and global threat intelligence to detect social engineering campaigns, including those leveraging deepfakes and phishing techniques. It monitors email, identity, cloud, network, and endpoint activity to block malicious links and investigate anomalous behaviours, reducing risks from social engineering.
- VicOne Intrusion Detection and Prevention Systems (IDPS): developed with partners like Panasonic, these systems protect in-vehicle networks from unauthorised commands, safeguarding critical functions like braking or steering.
- Voice Assistant Security: prompt injection defences ensure in-car AI, such as voice assistants, can’t be manipulated, keeping your interactions secure.
- eKYC Fraud Protection: multi-layered defences stop deepfake-driven identity theft, protecting your personal and financial data during vehicle service registrations.
“Of course, true cyber resilience is more than just tools. It also means empowering people through training, encouraging strong password hygiene, using multi-factor authentication and limiting the sharing of personal information online. Crucially, it’s also about deploying the right technologies to detect, block and adapt to evolving threats, because even the most cyber-savvy people can be deceived,” concluded Ms Murphy.
Photographs by Driven Women Magazine.