Charting Security's Evolution: 2025 Horizons
“Monolithic security is going to be on the top of a CISO’s mind in 2025.” Discover how technology leaders are maintaining digital business security and learn from their strategic approach towards hygiene and preparedness.
An overview: the evolution of cybersecurity
From the advent of distributed computing the shift from CAPEX to OPEX investments, the introduction of AI, and the emergence of the hybrid workplace are transforming the IT function. As a result, this is influencing the cybersecurity threat landscape.
Small wonder then that almost three-in-four (72 percent) IT business leaders have said that the changing working world exposes their organisation to even greater risk, with separate reports indicating that data breaches continue to rise. Leading CIOs and CISOs debate how to keep up with the evolving threat landscape, adapt to a changing working world and modernise security at the speed of digital business.
Charting security's evolution: meet the panellists
With HotTopics’ Editor Peter Stojanovic moderating this roundtable debate, the speakers included:
- Ronald Martey, CISO, GCB Bank PLC
- Richard Frost, CISO, esure Group
- Richard Bennett, Head of Industry Solutions & Strategy - Europe, Middle East and Africa, VMware
- Paul Brook, EMEA Director, Data Centric Workloads Specialists, Dell Technologies
Key takeaways: charting security's evolution
Quantum computers and AI–a hacker’s best friend?
“Different industries have different sets of maturity.”
Richard Bennett, VMware's Head of Industry Solutions & Strategy - Europe, Middle East and Africa, believes that this is one of the biggest challenges for the cybersecurity function. Not only this, but “we see security as a one-time gig or a build at the start and forget about it.”
For Richard, “data is magic” and “information is valuable”. Running a variety of groups such as hackathons and cloud-native development groups, he believes that cybersecurity professionals should no longer rely on “legacy monolith approaches”.
Cyber hygiene should be top of mind for CISOs in 2025.
Richard argued: “What COVID has taught us, if nothing else, is that we need to get particularly effective at hygiene.” This includes becoming more aware of risks to the cybersecurity function.
Quantum computing was listed as one of the top three risks for 2025: “If I'm running any cybercrime organisation, I'm going to be really focused on how I can use a qubit model to attack.” As if this was not concerning enough, Richard explained how easy it is to access the equipment needed to be used for “nefarious purposes”.
Combine this with the looming threat of augmented AI–this leaves cybersecurity leaders with what he calls a “serious hygiene problem”.
Insider threats are on Ronald Martey’s radar, with a focus on AI-developed social engineering attacks that employees are becoming increasingly susceptible to. His message is this: “If you have AI, things like deepfake and the role they are playing, then you need to improve your awareness.”
Gone are the days where it was easy to spot a mistake in a phishing email. With AI generating these new and improved traps, they are becoming more sophisticated and more complicated to identify, making this an ever-growing issue.
Cybersecurity tips and predictions for 2025
Moderator Peter Stojanovic asked the panellists what their thoughts and priorities are for their cybersecurity functions further ahead, to 2025.
For GCB Bank’s CISO Ronald Martey, the future holds “alignment with the new frameworks and standards,” such as ISO27001. The key focus here is aligning GCB Bank’s current cybersecurity program with these new standards and security strategies.
One other trend Ronald has picked up on is what he calls “API abuse”. Internet company Akmai revealed that as a result of 83 percent of all internet traffic being based on APIs, this has led to an increase in data breaches and fraudulent transactions. In the future, he noted that having a security strategy around APIs is key.
“At e-sure Group we’re going through a complete digital transformation,” e-sure’s CISO Robert Frost explained that by the end of next year the organisation’s insurance platform will be fully cloud-native, running on a microservice architecture.
With a proactive security program in the works, Robert commented that e-sure will have the right measures in place to “allow the business to innovate and have the freedom to explore and disrupt the marketplace but be secure at the same time.”
Discussing the transformation agenda, EMEA Director, Data Centric Workloads Specialists at Dell Technologies, Paul Brook, emphasised the importance of taking a more proactive stance. “Bake security in because you can't layer it on cheaply afterwards.”
On top of this, Paul wants cybersecurity leaders to “assume something will go wrong and you will need to recover from that.” This means re-evaluating your zero trust policy and recovery position – his advice would be to identify the worst-case scenario, then protect against that.
Join the community
To join the HotTopics Community and gain access to our exclusive content, events and networking opportunities simply fill in the form below.