InfoSec Pros On the Road: Brenda Bernal, VP, Product Security and Compliance at Digicert

For years, security budgets seemed to go only one direction: up. As recently as February of this year, some 62% of organizations said they planned to increase their cybersecurity spending for 2020, according research by analyst firm ESG.

But that was then.

Like their C-suite peers, CISOs today are being asked to do more with less – and probably will be for some time, as the world continues in these uncertain economic times.

“The modern business has far more potential cybersecurity events to investigate than can be reasonably reviewed by people, and machine learning has the benefit of quickly focusing people’s attention on the signal, not the noise, so that organizations can rapidly respond to potential incidents before threat actors can establish persistence in an environment.” — Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions

As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should prepare for in the coming year.

“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof

“In this episode, we’re talking with Kayne McGladrey about cybersecurity, cyberterrorism and how to defend against these attacks at the personal, corporate, and national levels. I’ve been working on research for my next book and I knew that I had to talk to him to see what we could do to defend against this new and pernicious form of war.”

As far as attacks by state espionage services, McGladrey said airlines aren’t the only target within the travel industry. An attack on the reservation system of Marriott’s Starwood brands in 2018, which exposed nearly 500 million customer records, is believed to have been perpetrated by China. Generally, espionage attacks aren’t geared toward credit card fraud and personal account takeovers the way criminal cyberattacks can be, McGladrey said, but there’s always a chance a government hacker will moonlight on the dark web.