Cybersecurity Awareness Month 2025: Insight and Expertise

October marks Cybersecurity Awareness Month, a reminder for organizations and individuals alike to prioritize online safety. This year, we’ve compiled insights, predictions, and actionable advice from industry leaders to help navigate the evolving cybersecurity landscape.

The Growing Risk of Rogue AI

Ellen Boehm, SVP of IoT and AI Identity Innovation at Keyfactor, highlights a rising threat: rogue AI agents. These autonomous systems can make decisions and execute tasks without human oversight, creating potential risks such as identity spoofing and fraud. Boehm emphasizes the importance of implementing robust identity verification methods to guard against these threats, outlining how organizations must adapt their security frameworks to this new reality.

The Increasing Importance of Machine Identities

According to Phil Calvin, Chief Product Officer at Delinea, the attack surface is fundamentally changing due to the rise of machine identities that now outnumber humans. Organizations are only beginning to recognize this shift, with many failing to prioritize the security of these identities. Calvin argues that securing machine identities is as critical as protecting user accounts, advocating for tighter controls and visibility.

Cyber Resilience Over Outdated Methods

Jack Cherkas, Global Chief Information Security Officer at Syntax, warns against the reliance on outdated cybersecurity measures. He asserts that fundamentals like strong passwords and multi-factor authentication remain essential, but businesses must not overlook more complex threats. Cherkas suggests that organizations need to shift from merely using technology for defense to adopting a holistic approach focused on resilience.

Proactive Threat Defense Strategies

Jim Doggett, CISO at Semperis, believes that the mindset among cybersecurity leaders should shift toward anticipating breaches rather than merely preventing them. Doggett stresses the importance of having proactive disaster recovery plans and clear communication strategies to ensure business continuity during attacks. His perspective encourages a culture of preparedness rather than complacency.

Taming the AI Risk Frontier

Rich Dandliker, Chief Strategy Officer at Veza, frames visibility as a key principle in cybersecurity resilience. He insists that organizations must adapt their defenses to a context where identities—both human and machine—are constantly evolving. This adaptability is crucial for detecting and preventing intrusions before they escalate into significant breaches.

The Importance of Securing Data Ecosystems

Carolyn Duby, Field CTO and Cyber Security AI Strategist at Cloudera, sheds light on the challenges posed by sprawling data ecosystems. She emphasizes the pressing need for consistent data governance to ensure that sensitive data remains protected. Duby advocates for a unified visibility approach, underlying its significance in detecting anomalies and minimizing breach risks.

Employee Engagement and Training

Mike Britton, Chief Information Officer at Abnormal AI, underscores the role of employee education during Cybersecurity Awareness Month. He suggests that engaging employees through gamified training or contests can make security practices more memorable and enjoyable. This kind of proactive training builds a culture of security awareness, which is essential in today’s threat landscape.

Ransomware: The Backups Under Siege

Anthony Cusimano, Solutions Director at Object First, warns that ransomware attacks now often target backups, making traditional response strategies insufficient. He insists that organizations must invest in technologies that ensure the immutability of data to safeguard against tampering. This proactive defense toward backup strategies is central to organizational resilience.

Embracing Zero Trust

Fouad Khalil, Senior Director of Enterprise Security at Locus Robotics, argues for the necessity of zero-trust architectures in today’s threat environment. He points out that the traditional perimeter-based defenses are becoming obsolete with the increasing complexity of networks and devices. Khalil suggests reinforcing security practices like strong passwords and multi-factor authentication as foundational elements.

Visibility and Governance in AI Usage

As Kunal Modasiya, Senior VP at Qualys, explains, the rapid adoption of AI creates vulnerabilities that must be managed. Moreover, organizations need to be vigilant about unauthorized AI use, commonly referred to as shadow AI. Implementing oversight is critical, as uncontrolled AI adoption can lead to serious breaches.

Transforming Endpoint Security

Gunnar Peterson, CISO at Forter, urges organizations to rethink their approaches to identity and access management (IAM). He highlights how traditional methods can falter against the adaptive nature of cyber threats today. Businesses must prioritize adaptive detection systems that monitor the behavior of identities continuously to maintain a secure environment.

Battling Phishing and Social Engineering

According to Derek Manky, Chief Security Strategist at Fortinet, the essentials of staying safe online remain unchanged despite evolving threats. Basic training focused on recognizing phishing attempts and timely software updates can significantly improve an organization’s cybersecurity posture.

The Need for Advanced Security Practices

Jimmy Mesta, Co-Founder and CTO at RAD Security, urges decision-makers to focus not just on technical defenses but also on boosting security infrastructure. He notes that the complexity of the environments security teams operate in often leads to an oversight of basic security practices, which could provide initial preventive measures.

The insights and strategies shared during Cybersecurity Awareness Month 2025 enrich our understanding of the current threats and the measures we can take. By prioritizing proactive measures, enhancing employee awareness, and adopting resilient security frameworks, organizations can navigate the complexities of the ever-evolving cyber landscape.