Ramping up AI investment to bolster security

The financial and reputational costs of a breach, attack or cyber incident can be enormous. Worldwide, cybercrime cost companies an estimated $8 trillion in 2023, a staggering number that is expected to rise to nearly $24 trillion by 2027. To prevent cyber threats, AI technology can have a significant impact in improving cyber security practices. From advanced threat detection and minimising human error to automated incident response, the return on investment for businesses looking to bolster their security efforts and ward off malicious activity using AI is undeniable.

As the use of AI grows, threat actors too are increasingly leveraging it to cause harm on businesses. In fact, Gartner predicts that by 2028, 25% of enterprise breaches will be traced back to AI agent abuse from both external and malicious internal actors. To keep pace with sophisticated AI threats, businesses must fight fire with fire and arm their defences with AI tools to protect against malicious attacks. AI does this by using advanced algorithms which detect, predict and tackle threats in real time at much greater speed than traditional methods.
 
As attacks on enterprises continue to grow in prevalence and sophistication, investing in AI to improve security processes, operations and defence will always be a worthy investment. - Ravi Bindra, CISO, SoftwareOne
 

    Quantum attack vectors on the rise

Despite the benefits quantum computing will bring to businesses, it will also enable a wave of new attack vectors. Current cryptography methodology will inevitably be "debunked" as quantum becomes available at scale and "quantum-capable" threats will start to rise as the technology becomes more accessible. We are already seeing evidence of nation-states and threat actors adopting "store it now, crack it later" strategies, gathering sensitive encrypted data passed across the internet to be decrypted once quantum technology becomes viable in the next five to ten years. So, although quantum computing sounds like a problem for the future, it needs to be a security concern now. As such, organisations must make data quantum-resistant and cloud providers have a big role to play here. Over the next one to two years cloud providers must begin offering post-quantum services to customers in high-security industries, future-proofing data today that will be difficult to crack in five years' time.  

Additionally, organisations will need flexible, crypto-agile infrastructure for a system to adapt its mechanisms and algorithms in line with technology advancement as new post-quantum algorithms and protocols emerge. However, cloud organisations can't help to protect industries alone. To combat the rise in actors using quantum computing to pose a threat themselves, we need to see greater collaboration between different industries across cloud and cyber as well as the involvement of government to share knowledge and deal with threats efficiently. - Ravi Bindra, CISO, SoftwareOne
 

    The evolution of the CISO role in the age of uncertainty

The role of the Chief Information Security Officer (CISO) has been rewritten in the past years. CISOs once worked in a siloed fashion without a seat at the boardroom table. Today, however, they are the bridge between the C-Suite and the entire company, charged with delivering cybersecurity resilience.

In 2025, CISOS can expect their role and responsibilities to keep expanding as enterprise risks grow in both numbers and complexity. Next year, cybercrime is expected to cost $10.5 trillion a year globally, a staggering figure which explains why the CISO's role has shifted from tactical to strategic with a need to firmly align cybersecurity solutions with business goals. Furthermore, with Gartner forecasts showing that by 2026, over 50% of C-Suite executives will have cyber risk performance requirements included in their contracts, it's clear that the CISO's role will shift again to accommodate new levels of collaboration to ensure accurate business wide reporting. In addition to hands-on security duties, regulatory changes such as those from the Securities and Exchange Commission in the US and others globally will occupy even more of the CISO's time.

Balancing daily security operational demands with heftier reporting requirements will be an added burden, meaning CISOs will need to think strategically in order to collaborate effectively with business leaders; while ensuring they have invested in the best detection and response capabilities to keep pace with threats. 2025 will see CISOs work even more strategically, to ensure their time, investments and effort are keeping pace with endless developments. - Ravi Bindra, CISO, SoftwareOne
 

    Minimising cyber risk via upskilling

 
If 2023 was a year companies started to experiment with AI in earnest and 2024 the year it became embedded in the workplace, 2025 will be a year defined by using and implementing AI at speed but doing so safely and securely.
 
In addition, Agentic AI, a type of AI that is capable of autonomous action with little to no human involvement, is on the horizon and change seems set to remain a constant. This can only mean businesses need an approach that ensures digital transformation advances their goals securely. Data and infrastructure security can be both an enabler or a blocker, leaving companies exposed to real-world risk.  
 
Any approach must be underpinned with a business's biggest frontline defence tool: its people. To date, the speed of technology evolution is outpacing the development and implementation of data governance frameworks and security protocols for businesses to rollout.  We've seen workers flock to unapproved GenAI tools in droves as a way to boost productivity. But in the process employees have, sometimes inadvertently, been feeding in sensitive corporate data including legal documentation, HR and privacy related data, having left IT and Security teams with a growing problem over which they have no direct control. With employees increasingly experimenting with AI, secure AI integration demands a structured approach that encompasses security protocols baked into all processes and clear direction on accepted AI use. To achieve this, companies need full oversight of AI use cases and an effective training plan, so employees understand their key role in keeping organisational data secure.
 
In addition, companies need to make communications clear, simple, creative - in short, personalised. This needs to be updated often to ensure that employers and employees get the most from this emerging technology in the safest and most secure way. There is no one-size fits all approach and every business is different, but if businesses are to navigate digital transformation successfully, we need to have everyone on board for the journey. - Martin Roskelly, Product Manager, Security, SoftwareOne

Ravi Bindra.