Preparing for tomorrow’s threats today: 3 human-centric cybersecurity trends every CIO needs to know
In the fight to remain cyber secure, we humans are our own worst enemy. Cybersecurity may be everyone's job, but unfortunately, the human element continues to be a top reason why most organisations experience a cyber event. With the Australian Cyber Security Centre (ACSC) fielding a new report every 6 minutes on average, it's mission-critical that leaders ensure their strategies and cyber culture empowers their team to support this complex, dynamic digital landscape, protecting organisations from themselves and also malicious outside actors.
According to PwC's Cyber Report, 2024 saw a "dramatic escalation" in cyber threat activity globally, with a spike in 31 per cent more vulnerabilities disclosed than the previous year. Locally, the Office of the Australian Information Commissioner (OAIC) reports that the country has suffered a record number of data breaches, increasing 15 per cent in just six months. These worrying reports highlight that the cyber landscape is rapidly weakening and that leaders must continue to stay vigilant, supported by their cyber-aware teams.
It's now or never, and on the cusp of Cybersecurity Awareness Month themed "Secure Our World," the annual October event serves as a powerful reminder for private and public sectors alike that cybersecurity must be prioritised and strengthened. As part of this critical mission, three people-centric trends have emerged that CIOs should take note of and use to refine their strategy, ensuring their cyber foundation is solid and ready for whatever comes next.
Laying the right foundations – from reactive to proactive cyber strategy
To get your organisation's cyber foundation right and remain secure, CIOs and technology leaders will need to leverage modern solutions, like advanced AI-driven threat detection and automation. Additionally, they should adopt approaches and frameworks such as, Zero Trust, Essential 8 and cybersecurity incident management to prepare for unexpected and evolving threats.
Specifically, cybersecurity incident management acts as a systematic approach to preparing for, detecting, responding to, and recovering from cybersecurity incidents. The main objectives include minimising the impact of incidents on business operations, preserving data integrity, and safeguarding regulatory compliance – each increasingly important, particularly for the financial and government sectors.
Stay ahead of evolving threats: the human-focused trends reshaping the digital landscape
According to the Cyber Security Strategy 2023–2030, the Australian government aims to make the country the most cyber-secure nation by 2030, but this cannot be done with strategy and planning alone. CIOs alongside CISOs, their teams, executives, boards and workforces must come together and unite in these critical efforts to ensure their business is secure. Only together, as unified teams, can we uplift cybersecurity as a worldwide goal, not only minimising cyber threats but remembering to take a human-centric approach to cybersecurity. Below, we outline our top noteworthy human-cybersecurity trends.
1. Humans first: adjusting cyber strategies for GenAI inside and out
Organisations are under GenAI-powered attacks, experiencing cyber threats from various malicious actors that are attacking enterprises from multiple sides. The growing number of attacks is placing pressure on leaders to once again ensure they have the right cyber-secure foundation with a comprehensive strategy and a technology stack that includes AI-powered threat detection to thwart these attacks. But leaders must also prioritise having the right internal, people-centric approach in place.
Inside an organisation, GenAI is increasingly being utilised to boost human productivity, and often people are bringing their 'own AI' to work. And though solutions like Microsoft Copilot, can act as a catalyst for transformation, streamlining an organisation's operations, delivering significant benefits, there is a dark side to the use of AI internally. User and data risks can arise from erroneous data use or generation and sharing intellectual property (IP) can all stem from GenAI. Organisations should plan for the unforeseen with clear strategies and policies shared with teams to ensure they're across all GenAI use and risk to workers, thereby mitigating risks.
2. Prioritise cyber hygiene and security culture
We also urge all leaders not to treat training as an afterthought. The World Economic Forum (WEF) reports there is a significant cyber resilience gap and that 52 per cent of leaders lack the skills or resources they need to adequately secure their businesses against cyber threats and risk. Today's cyber landscape no longer allows this area of business to be a box-ticking exercise, especially if your business has poor cyber planning, which can lead to disengaged teams and low stakeholder buy-in. Impactful employee cyber training that is both informative and engaging is key to keeping workers informed and united in protecting organisations. Winning strategies include inclusive, personalised training that uses modern training tools such as gamification, bringing together all workers to protect the organisation together.
3. Watch out for cybersecurity burnout
The great skill shortage and pervasive stress related to increasing demands within this complex area for organisations has had a snowball effect, affecting IT teams to the point of exhaustion. Not only do they lack the resources they need, but they also have the weight of managing this hypercritical aspect of business, which within a blink, can cause irreparable damage through an unexpected data or compliance breach and expensive downtime. Alex Michaels, Senior Principal Analyst at Gartner, urges leaders to urgently address stress management, because those who do and also offer teamwide wellbeing initiatives demonstrate augmented effectiveness and improve overall personal resilience.
What's next: strategise, train and plan for the unexpected!
CIOs must plan and prepare for current and future risks with a sense of urgency. Most IT leaders recognise the critical nature of this, and some also acknowledge that collaborating with their team and partnering with external experts is essential. By leveraging external expertise, they can strengthen defences, mitigate vulnerabilities, cut IT costs, and bridge any skill gaps or talent shortages to unlock long-term resilience and success.
As we continue to collaborate with our partners, we come across many of the same challenges, but we continue to persevere, working with teams to not only raise awareness about current cyber complexities and vulnerabilities but also to support the strengthening of their cybersecurity posture. To learn more about our tailored cyber solutions, visit our website to see our cyber approach or download our Essential 8 Security Whitepaper – A Comprehensive Guide for IT Security in the Age of AI.
