Cybersecurity Decrypted #36: CISO Perspectives On Critical Security Challenges

With several UK retailers and public bodies still recovering from ransomware attacks which have already cost millions in disruption, Infosecurity Europe 2025, held this week in London, couldn’t have come at a better time.

The Expert Insights team were in attendance; and we were particularly interested in the perspectives of CISOs sharing battle-tested insights from the frontlines. Some key insights:

• Heather Lowrie, Founder and CISO of the year, 2024, highlighted AI’s dual nature. While attackers wield AI for deepfakes and disinformation, defenders can harness it to bolster defenses. She urged proactive use of AI to stay ahead of misinformation campaigns that exploit the information environment.
• Maritsa Santiago, CISO at LexisNexis Reed Technology, emphasized the evolving CISO role. Backgrounds in Governance, Risk, and Compliance (GRC) or non-technical business areas are increasingly vital, broadening the skillset needed for modern cybersecurity leadership.
• Jean-François Simons, Senior Security Advisor European Council of ISACs, drew lessons from the world aviation, where incident investigations are shared industry-wide rather than kept within organizations. He also cited his time as CISO at Brussels Airlines, where he rewarded employees for reporting issues rather than punishing, suggesting CISOs adopt similar strategies to encourage users to share, rather than hide issues.
• Dan Baker, CISO at Crayon, and Mantas Marcinkevicius, CISO at Lloyd’s List Intelligence, also discussed the dual nature of AI in the fight against cybercrime. Baker noted AI’s ability to sift through vast data to spot anomalies but cautioned that sophisticated actors will lower the barrier for lesser attackers. Marcinkevicius predicted agentic AI orchestrating entire kill chains without human intervention, urging a shift to behavior-based defenses.
• Mike Pitman, CISO at British Standards Institute, cautioned against over-relying on AI solutions, stressing the need for tuning to fit organizational contexts. He foresaw criminal gangs offering AI-as-a-Service within 3-5 years, exploiting cheap compute power.
• Des Massicott, CISO at RX Global, spoke at a panel covering supply chain attack complexity, using the recent ransomware attacks as an example of how breaches disrupt essentials like food supply. He predicted AI will amplify these attacks and advised CISOs to assume compromise, preparing accordingly.

These CISOs underscored resilience, collaboration, and adaptive AI strategies as critical for tackling ransomware, supply chain attacks, and emerging AI threats. Their collective call: share lessons, rethink leadership, and prepare for a future where attacks are smarter and more autonomous.

We’ve recently launched a new community just for security professionals, and we believe strongly that the voices of those on the frontline defending against cyber-crime will be key in building the policies to prevent attacks in the future.

• Ransomware mastermind exposed: An anonymous whistleblower has named Vitaly Nikolaevich Kovalev as the alleged operator behind the Conti and Trickbot ransomware groups. 🔗
• Australia mandates ransomware payment reporting: Covered organizations must now report ransomware or cyber extortion payments to the government within three days of the payment being made. 🔗
• UK announces new cyber warfare tactics: The 2025 Strategic Defence Review outlines a new approach to warfare that unifies physical and cyber military capabilities. 🔗
• New budget cuts CISA funding: Trump’s fiscal year 2026 proposal cuts $495 million and 1,000 employees from CISA. If the proposal goes ahead, the Cybersecurity Division will lose 18% of its current funding. 🔗

• Identiverse kicks off in Las Vegas: The 2025 Identiverse conference is taking place this week in Las Vegas, with AI set to be the main topic of discussion. 🔗
• TitanHQ and Redstor merge: The cybersecurity and enterprise cloud backup companies will form a new integrated data protection platform for MSPs under the name CyberSentriq. 🔗
• Email security vendor raises $25M: Email security vendor Trustifi has announced it has raised $25M in a series A funding round led by Camber Partners. 🔗
• Check Point to acquire Veriti: Check Point announced it is acquiring Veriti, an exposure management specialist. Financial terms of the deal have not been shared. 🔗

This week on the Expert Insights Podcast:

• Kara Sprague, CEO of HackerOne, on how offensive cybersecurity testing can help organizations build long-term resilience, and the impact of AI on ethical hacking. Listen now.
• Charles Henderson, EVP of Cybersecurity at Coalfire, on how to build a defensive strategy to protect against deepfake vishing attacks. Listen now.
• Leonid Belkind, CTO and Co-Founder at Torq, and Don Jeter, CMO, on what hyperautomation is, and the key to Torq’s incredible growth over the past year—we’re talking $112M in funding, 300% in revenue, and 200% in staff. Listen now.

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

• The Rise Of AI-Powered Voice Cloning: How To Stop Deepfake Vishing Attacks
• IT Management Buyers’ Guide 2025
• Managed File Transfer Buyers’ Guide 2025
• The Top 7 Backup Solutions for Microsoft Entra ID

That’s all for this week! 👋

How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.

• Top RMM Solutions For MSPs
• Top Mobile Device Management (MDM) Solutions
• Top Email Security Gateways
• Top Email Security Solutions For Office 365
• Top Identity And Access Management Solutions
• Top Phishing Protection Solutions
• Top Phishing Simulation And Testing Solutions
• Top Cyber Threat Intelligence Solutions