Cyber insights from across the globe

Flutlicht – Germany

• GDPR: GDPR is a perennial topic in Germany, and it is generally taken very seriously by companies. There is still constant reporting on it in the German media landscape. CISOs in Germany are concerned about ensuring that their organizations comply with GDPR regulations, and they are also concerned about the potential for data breaches that could lead to high fines and other penalties. A currently ongoing public debate focusses on GDPR regulations in combination with the usage of AI tools like ChatGPT. From a legal perspective, much is still uncertain. There are no precedent judgments yet, and it poses a significant challenge to accurately document the use of AI tools and ensure their legal compliance. This legal uncertainty is sometimes perceived as a competitive disadvantage compared to the US and other markets.
• Cloud security and architecture: Cloud security is one the German CISCO’s top priorities at the moment because as more companies move their data and applications to the cloud, it becomes increasingly important to ensure that the data is secure and that the cloud architecture is designed in a way that minimizes the risk of data breaches or other security incidents. Businesses report that their organizations – as of now – often remain on a “cloud journey” and are still determining which parts of their applications and processes should be migrated in the cloud. Important and publicly discussed topics in this context are mitigation risks, improving processes and efficiencies and improving resiliency while facing a lack of resources as well as a lack of skilled specialists in these spheres. Large enterprise software vendors like SAP and Salesforce aim to encourage customers to move as many processes as possible to the cloud. On the opposite, there are strong customer voices in the market preferring on-premise solutions
• Cyber attacks and espionage: Especially ransomware attacks have been on the rise in recent years in Germany. Last year, the German government was hit by a major ransomware attack that caused widespread disruption. Businesses are concerned that these attacks will continue to become more common and more sophisticated, and they are working to improve their organizations’ security. This overlaps with the risk of economic espionage from China, which the German foreign intelligence service recently warned German companies about again.”

Gregory FCA – United states

• AI’s impact on cybersecurity (good & bad) – this was a focus for many of the talks/keynotes at Black Hat in Las Vegas.
• Evolving regulation & cybersecurity guidance (such as the SEC’s new rules on cybersecurity disclosure within 4 days for public companies & new guidance on The NIST Cybersecurity Framework (CSF) 2.0)
• Cybersecurity funding freefall (Falling 63% in Q2 from prior year). Requires companies to be more conservative with spending, and more creative with how they market/stand out from the competition.
• Ransomware (big target on hospitals, schools, municipalities here in the USA); critical infrastructure also a concern.

Imfluenciar – Spain

•  Spain is one of the leading countries in the cybersecurity ecosystem worldwide (probably the 4th). There are some 150,000 people working in this area and one of the main concerns of these professionals is to move faster, so new technologies need to be introduced, working models need to be changed and more people need to be hired.
• In a world where technology and information have become essential, cybersecurity has become an issue that companies of all sizes must pay attention to, but it is important to understand that such a vital issue should not depend solely on the IT area. Not having adequate security policies in place affects the entire organization and can lead to bankruptcy, which is why the role of the chief cybersecurity officer, or CISO, takes on greater importance. The CISO must participate in the board of directors of companies so that they can move forward together with the business strategy, beyond the vision, the network, the internet or the GPT.
• The risks facing any organization today are increasingly numerous and sophisticated. One of the biggest challenges organizations face is the complexity of keeping up with the speed at which vulnerabilities evolve and the difficulty of managing all solutions and platforms.

With – united kingdom

There is a woeful lack of skilled workers that every business needs to have to fight modern cyber security threats. In order to address this, organisations need to continue to invest in diversity and training programmes that supplement the traditional routes into these jobs, but also make it more accessible as a profession. This also means, every company needs to market itself to potential recruits and corporate reputation management is as important as ever.

New generative AI tools such as ChatGPT, among others, come with both the incredible potential to help cyber teams, but also present a whole new world of challenges. On the plus side, chatbots and LLMs can identify and neutralise threats quicker, often with little human effort and intervention. But they can also quickly create deep fakes which are almost impossible to spot, create code which hides malware and create first class “spear phishing” emails at scale. Then there is the ongoing conversation around ethics. How do businesses balance the need to use AI to continue at the same pace as the industry and do this in a way people feel is within the ethical boundaries? This conversation is front and centre and businesses need to tread this line carefully.

Across the vendor landscape, we are seeing a consistent theme emerge in communications – security simplification. As organisations grapple with complex cyber threats, the need to streamline security measures has become paramount, both in packaging and in practical use, this has been reflected in the way organisations communicate their offering. Many are saying this is now paramount for companies to survive and thrive.

State actors and the rise in politically fuelled cyber crime is now, more than ever, something which no organisation can ignore. The warnings are starting to come thick and fast. The UK has recently bolstered their cyber focus with the National Protective Security Authority. The introduction of the new agency reflects the UK’s response to increasing geopolitical tensions around the world. But how do you speak about this important but sensitive issue? In a world which is ever more turbulent, this is a tricky one to navigate. Countries and organisations don’t want to isolate important revenue and trading relationships, but equally, these threats are getting increasingly serious.