Andre Troskie

Ahmed Fessi

Ganesh Narayanan

Andre Troskie , CISO EMEA , Veeam

It almost goes without saying that leaders will continue to wrestle with regulation in 2025 , especially with the arrival of DORA for the finance sector . However , next year ’ s biggest regulation story will be the first major NIS2 penalty . National regulators will give organisations time to become compliant – many countries have even extended their deadline – but expect to see the first big statement fine for noncompliance towards the end of next year .

We saw this with Google in 2019 , a year after the GDPR came into effect . National regulators will want to set a precedent and show they mean business . If geopolitical tensions continue on the same course next year , the EU will want to ensure Critical National Infrastructure is as resilient to cyberthreats as possible . They ’ ve got the regulation in place , so they will want to show they ’ re not afraid to swing the hammer for noncompliance .

Ahmed Fessi , Chief Transformation & Information Officer , Medius

Arup ’ s £ 20m loss to a deepfake-related scam will be the norm in 2025 and beyond , as attackers use AI to improve their scam attempts . With research this year showing that 87 % of finance professionals would make a payment if they were ‘ called ’ by their CEO or CFO , companies will find the risk of falling to a deepfake increasing as the accessibility of AI rises .

With 57 % of financial professionals currently able to independently make financial transactions without additional approval , organisations will need to rethink their validation process . Companies will increasingly implement multi-layered payment authentication systems to combat the risks posed by deepfakes . Diversifying the approval process and requiring multiple verifications for transactions will become standard practice , ensuring that fraudulent attempts are intercepted at various checkpoints .

Ganesh Narayanan , Global Head of Cybersecurity , Telstra International

With the World Economic Forum predicting global digital jobs to grow by 25 % by 2030 , remote working is only set to grow . As a result , we can expect to see an even greater emphasis placed on adaptive security strategies . In particular , identity-first security strategies , which prioritise user identities as the core of their framework , will replace traditional perimeter defenses . This is because these defences , such as firewalls and antivirus software , have become inadequate in the face of expanding attack surfaces created by cloud-based resources and home working environments . Companies are already starting to recognise this with significant investment in MFA implementation over the past year .

As the adoption of these strategies increases , Zero Trust principles and layered security approaches will be essential for effective implementation . Advanced frameworks , such as the Security Service Framework ( SSF ), will enable secure data sharing across multi-cloud and hybrid environments and will be crucial for maintaining security in remote work settings . The next stage of identity-first

We can expect to see an even greater emphasis placed on adaptive security strategies .

70 WWW . INTELLIGENTCISO . COM