A recent wave of incidents has dominated headlines, from cyber events crippling airports to high-profile breaches at reputable companies such as Marks & Spencer and Jaguar Land Rover. As attacks become more advanced and more frequent, businesses must re-evaluate their defenses, not just to prevent an attack, but to ensure resilience and business continuity when one inevitably occurs. With October marking Cyber Security awareness month, now is a great time to reconsider security strategies.
In a bid not to be left behind, many companies rush to adopt new tools and technologies, often at the expense of the fundamental elements of cybersecurity. Terry Storrar, Managing Director at Leaseweb UK, believes that “Cyber Security Awareness Month is a good time to remember a fundamental principle of cybersecurity – that prevention is always better than a cure.”
Basic cyber hygiene remains the bedrock of effective defence. Terry adds: “In times where ransomware attacks, data breaches, and emerging threats are rife, security procedures aren’t just personal habits – they are crucial frontline defences for our most critical national infrastructure.” Without these fundamental safety systems in place, companies place huge risks on their security.
With artificial intelligence now capable of altering voices, accents, and languages, even the most alert employee can be duped. Coined ‘deepfakes’, these AI-driven impersonations pose a huge threat to business safety and add a complex layer to cyber defence.
Darren Thomson, Field CTO EMEAI at Commvault, explains, “Threat actors recognise that many employees receive minimal cybersecurity training, leaving them ill-equipped to identify the latest and most sophisticated threats.” This highlights the growing need to provide security training to all employees. With deepfakes threatening every business, leaving security solely on the shoulders of CISOs is detrimental to overall strategy.
As technology evolves and companies rely on new methods to defend their cyber operations, the human element is often neglected. Thomson adds, “by combining stronger human defencesagainst social engineering with modern, automated clean recovery strategies, organisations can ensure they remain secure, resilient, and ready for whatever threats emerge next.”
Yousef Hazimee, Head of Security at LearnUpon, agrees that training is crucial. “From increasingly sophisticated attack methods to emerging technologies like AI, cyber threats are evolving fast. That’s why it’s essential for security teams to provide employees with training that’s current, engaging, and easy to apply in their everyday work,” he explains.
He encourages organisations to treat education as a continuous process: “As employees grow more confident and security-aware, their training should grow with them. Providing timely, tailored content not only strengthens your company’s defences but also shows employees that their time – and their learning – truly matter.”
The same tools that strengthen defences can also supercharge attacks, something made abundantly clear in the wake of AI. Stephan Badesha, CISO at Node4, says: “Today, one of the most prominent frontiers in cybersecurity is Artificial Intelligence (AI), which is a double-edged sword. This gives defenders powerful advantages in detecting anomalies, accelerating incident response, and, as technology evolves, the ability to anticipate new threats.”
On a positive note, Sandeep Singh, Senior Director of Security Strategy and Operations at HackerOne, outlines the beneficial impact AI has had on security. “Across the cybersecurity industry, researchers are evolving just as quickly as the risks they face,” he says. “AI isn’t replacing human expertise; it’s amplifying it.”
“Seventy percent of researchers now describe themselves as AI-native, leveraging AI tools to enhance their hunting abilities and accelerate testing, making it possible to identify risks and threats more efficiently than ever before,” Singh adds.
While most organisations are still adapting to AI’s impact, Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, warns of another shift. “The cybersecurity industry is beginning to step up preparations for a post-quantum era of cryptography,” he explains. “Over the past year, we’ve seen a lot of interesting trials and experiments, with experts scrambling to find ways to protect data before quantum computing reaches the mainstream.”
He concludes: “Preparation is vital and helps ensure teams have a plan for integrating quantum-resistant algorithms into their current and future technology stacks.”
With attackers now operating on an industrial scale, Dan Bridges, Technical Director – International at Cyware, believes the only effective response is collective defence. “Businesses today are connected through an invisible digital network, and while this is great news for e-commerce, it can also lead to a number of unguarded back doors just waiting to be exploited.”
He suggests that “businesses need to present a unified front, working together to improve defences, fix flaws, and mitigate potential vulnerabilities.Through cooperation-based defensive alliances, organisations can work together across threat intelligence platforms (TIPs) and related threat-sharing and collaboration capabilities.”
As attacks increase year on year, Cybersecurity Awareness Month highlights the importance of keeping security and resilience at the forefront of business priorities. Whether it’s defending against AI-powered deepfakes or preparing for the next development, such as quantum-era encryption, or simply providing training to all employees, every action counts towards keeping online operations cyber safe.
