Cybersecurity for Data Centers in the Age of AI

Introduction - Data Centers as the Backbone of the Digital World

In recent years, data centers have shifted from being a quiet technological component operating in the background to becoming a true strategic powerhouse. Digital economies, healthcare systems, government services, payments, communications, and defense systems all rely on centralized compute infrastructures that sustain modern life.

For this article, I had the privilege of hosting two leading experts: Jonathan Fishbein, Global CISO at Check Point, with over 25 years of cybersecurity experience, global advisory work, and recognized leadership in security innovation; and Liron Ner, VP of Engineering at DV PLAN, with 25 years of experience in system engineering, ICT infrastructure design, data-center construction and operations, OT/IT security, and national-level cybersecurity management.

Liron stresses that data centers are no longer just technology assets-they are “strategic national and global assets, and that is exactly how both nations and attackers perceive them.”

At the same time, as Jonathan explains, the digital world is entering a new era shaped by AI and hyper-connectivity. Cloud, edge, data centers, OT, and IT networks are increasingly woven into a single fabric-creating an environment where cyber threats grow faster than organizations can chase them using traditional tools.

This article connects these two worlds: the physical-logical security strategy of data centers, and the AI-driven cyber revolution that both attackers and defenders are leveraging. It then offers a practical protection framework for data centers in this new era.

1. Data Centers as Strategic Targets in Modern Cyber Warfare

Liron outlines four core reasons why data centers have become prime targets:

1.1 Critical Centralization

A physical or logical disruption in one site can trigger a domino effect across thousands of organizations-government, health, payments, communications, and even national defense.

1.2 From Monitored to Exposed Infrastructure

The drive for real-time visibility across every system increases transparency but also dramatically expands the attack surface.

Cybersecurity for Data Centers in the Age of AI - From an Invisible Threat to a Protected Strategic Asset

1.3 High-Value Strategic Information

Sensitive business, governmental, and medical data are concentrated in these facilities, making them valuable “vaults” for nation-state actors, organized crime groups, and ransomware attackers.

1.4 High Attacker Cost-Efficiency

A focused attack on a single data center is relatively cheap compared to the massive potential damage-from service disruption to national-level instability.

Global statistics reinforce this reality: in 2024, approximately 70% of major cyberattacks targeted critical infrastructure sectors such as energy, water, health, government, and telecommunications-sectors that rely heavily on centralized data centers.

2. The New Threat Landscape: AI, Hyper-Connectivity, and “AI Sprawl”

Jonathan emphasizes that AI is reshaping the threat landscape:

“AI is a double-edged sword-it empowers defenders but also makes attackers more efficient than ever”.

2.1 AI-Enhanced Phishing and Deepfakes

Studies show that AI-generated phishing emails achieve click-through rates of up to 54%, compared to just 12% for human-crafted attempts. This means that employees, technicians, NOC/SOC operators, and contractors are 4.5 times more likely to fall for AI-enhanced deception.

Deepfake video calls now enable attackers to impersonate senior executives or security officers, sometimes in real time, to authorize access, financial transactions, or configuration changes.

2.2 Vulnerability Exploitation and the “Breach Economy”

Research from Check Point and others shows:

• Zero-day and day-one exploits can be purchased for a few dollars thanks to AI-based automation.
• The average global cost of a data breach is $4.4M–$4.9M (IBM).
• In critical-infrastructure environments, Liron notes that average costs reach $8.5M with approximately 23 days of downtime.

2.3 Shadow AI and GenAI as Attack Vectors

IBM reports that 20% of organizations experienced breaches linked to Shadow AI-unauthorized AI tools, plugins, and browser extensions. These incidents increase breach costs by an average of $670,000.

Jonathan asks: “Do you even see all the AI being used inside your organization?”

Unregulated AI usage-AI sprawl-creates a weak link, especially when used from data-center management systems or automation workflows.

3. A Multi-Layered Defense Model for Data Centers in the CNI Era

Liron frames data-center defense around five pillars: people, technology, management, processes, and collaboration.

3.1 Zero Trust and Smart IT/OT Segmentation

• Strict network segmentation between management, customer, OT/SCADA, and office networks
• Zero Trust authentication and authorization for every user, device, or service
• Role-based access control without “super admin” accounts

3.2 Backups, Recovery, and Resilience by Design

Best practices include:

• Air-gapped backups
• Pre-defined DR and ransomware recovery priorities
• Identifying systems that must be restored first to maintain operational continuity

3.3 Advanced Monitoring: 24/7 SOC, AI Analytics, and OT Security

Serious defense requires continuous investment:

• 24/7 SOC monitoring logs and events across all layers
• AI/ML-based anomaly detection
• Dedicated OT/SCADA monitoring systems for cooling, electrical, and generator controls

3.4 Executive Ownership and Global Collaboration

Security is first and foremost a leadership responsibility. This includes:

• Organization-level policies
• Critical-infrastructure regulation and standards
• Regular drills, red-team exercises, and intelligence sharing
• International cooperation frameworks

4. From “Silos” to “Mesh”: Modern Data-Center Security Architecture

Jonathan describes the shift toward a unified Security Mesh for perimeter, data center, cloud, remote work, and OT environments.

4.1 Hybrid Mesh Security

• NGFW, DDoS protection, deep network segmentation
• SASE, FWaaS, and ZTNA for secure remote access
• Cloud workload protection, API security, WAF, and full end-to-end visibility across hybrid environments

4.2 “Security for AI” and “AI for Security”

Security for AI

• Data classification and isolation
• WAF and API security for AI-based applications
• Monitoring of model interfaces (MCP, APIs)

AI for Security

• Automated privilege analysis and least-privilege recommendations
• Multi-dimensional attack detection (e.g., BEC combined with identity takeover)
• Faster triage and mitigation recommendations

4.3 The Agentic CISO: Managing Security Through Natural Language

Jonathan envisions a near future where CISOs and SOC analysts interact with security tools via simple prompts: “Show me abnormal access attempts to the cooling systems in the last 24 hours”. “Are we exposed to CVE-2024-XXXX?”

AI correlates data across systems and provides actionable mitigation steps.

5.Implications for Data Centers-Especially in Israel

For Israeli data-center operators, these threats are not theoretical:

• Israel is a global hotspot for cyberattacks on critical infrastructure
• Ransomware on water, energy, and government systems is rising worldwide
• Israel’s AI ecosystem relies heavily on centralized, high-density compute facilities

A successful attack on a major data center could impact entire sectors and ecosystems, not just individual organizations.

Securing data centers is therefore a national and economic imperative.

Conclusion: Shifting the DC from a Weak Point into a Resilient Asset

Liron concludes: “Data centers are not just technological assets—they are strategic national and global assets. Their protection must be strategic.”

Jonathan adds: “AI and hyper-connectivity disrupt security, but they are also our strongest tools to build next-generation defense.” To build truly resilient AI-era data centers, organizations must:

1. Adopt a Strategic Mindset
Treat data centers as critical-infrastructure defense assets.

2. Implement Multi-Layered Protection

Zero Trust, segmentation, OT security, isolated backups, and AI-enhanced SOC operations.

3. Collaborate and Train Continuously

Operators, customers, regulators, and cyber communities must work together and drill regularly.

Organizations that succeed in integrating strategy, resilient design, and AI-enhanced defense will transform their data centers from potential weak points into strong, hardened assets that support innovation, growth, and operational continuity—even under attack.