At the Google Cloud Next 2025 event, cybersecurity experts emphasized the need for adaptation in response to the evolving threat landscape. The increasing volume of cybercriminal actors, geopolitical tensions leading to more nation state activity, new regulations, and rapid technological advancements were identified as key drivers of this changing environment.
Matt Rowe, Chief Security Officer at Lloyds Banking Group, emphasized the necessity for a shift in security strategies in light of these challenges. He stated that the nature of security work must undergo significant changes to effectively counter evolving threats.
Sandra Joyce, VP of Google Threat Intelligence, highlighted the tactic of targeting blind spots within organizations by threat actors. These blind spots, which often lack security tools like EDR, include firewalls, virtualization platforms, and VPN solutions. Joyce warned that threat actors are relentlessly exploiting these vulnerabilities to infiltrate systems.
Chinese state actors, in particular, have been known to exploit zero-day vulnerabilities in network and edge devices. Security leaders are advised to consider zero-day threats across their entire technology stack and focus on detecting lateral movement following a compromise of these devices. Jurgen Kutscher, VP at Mandiant Consulting, emphasized the importance of detecting anomalies in user behavior and implementing robust identity and access management practices to prevent unauthorized access.
Another concerning trend highlighted at the event was the expansion of North Korea’s fake IT worker program. Malicious actors affiliated with North Korea attempt to infiltrate organizations by posing as IT workers, using fake identities to gain access for espionage and data theft purposes. Combatting insider threats like this requires a comprehensive approach involving departments beyond cybersecurity, such as HR, to improve hiring practices and restrict access for third-party contractors.
The event also showcased new AI solutions designed to enhance the efficiency of cybersecurity professionals. These tools assist in automating analysis of security alerts, allowing analysts to focus on sophisticated threats rather than mundane tasks. The use of AI in security operations centers (SOC) was highlighted as a crucial strategy to enhance threat detection capabilities.
However, the rapid deployment of AI tools also presents data security challenges for organizations. Traditional governance strategies may prove ineffective in controlling the data inputted into AI agents, opening organizations up to security risks. It is essential for organizations to establish a robust data governance framework and implement measures to address potential security vulnerabilities arising from AI deployments.
Credential attacks on cloud environments were identified as a significant threat, with compromised credentials serving as a common method for data breaches. Basic authentication practices, such as avoiding password reuse and implementing multifactor authentication, remain essential to mitigate the risk of credential theft. Organizations are urged to have a comprehensive understanding of their entire cloud footprint and partner with cloud providers who follow a shared responsibility model for security.
In conclusion, cybersecurity teams must remain vigilant and proactive in adapting their strategies to combat the evolving threat landscape and ensure the security of their organizations in an increasingly complex digital environment.