All posts
Security Through Threat Intelligence
Three themes stood out in discussions by global security leaders throughout the two days of The-C2 cyber threat intelligence:
- The supply chain
- AI
- Cyber hygiene
CISOs may be pleased to hear no one had all the answers, but they did have some interesting points to consider. Here are five key takeaways for CISOs.
Key Takeaways for CISOs
1. Mitigate the risk of under-resourced, smaller suppliers
You’ve shored up your defences. You’re certain that, should something happen, you’re prepared – right down to the folding beds for those “all-nighter” moments.
But attackers don’t give up. They might go after the easier target – your suppliers. Especially attractive to attackers are the smaller organisations that don’t have the resources available to large corporations.
The attackers might not even have to use your supplier as a springboard into your network. Putting them out of action maybe all the disruption they need, if the goal is to take out a competitor.
And what happens if your supplier is breached? Do you hang them out to dry and void the contract? Or are you smart about it and recognise that if the issues are fixed now, they will probably be more secure and security conscious than the next supplier that comes along.
2. AI: Recognise the risks and take control
AI is still on the fringes of significant cyber threat but, with the latest developments, the landscape is changing rapidly. On one hand, it will allow the bad guys to get attacks up and running faster, using less code or other resources. On the other hand, security vendors are already exploring and implementing AI to increase defence and protection.
But there are other aspects about how AI is used in business that CISOs should start considering now. Undoubtably, when AI is used to write code it will introduce new security vulnerabilities. It already often suggests insecure code. And, of course, malefactors will attempt to poison the AI algorithms.
Users too will want to take advantage of the autonomy that AI provides, and perhaps give unwise permissions to the tool in order to achieve a task.
But, as so often happens with cybersecurity, many of the issues aren’t new, they just have a fancy ‘AI’ title in front of them. Shadow AI is the new name for Shadow IT, and many of the controls and mechanism used already share the same principles. Just as businesses had to deal with BYOD over a decade ago, now it’s BYOM (bring your own model).
3. Cyber Hygiene: Make it second nature, like washing your hands
Cyber hygiene should be ingrained into the organisation’s culture, not an annual training event with a phishing test at the end. Defence in depth has a major human element in it, and businesses should do more to change behaviours if they want to change the organisation’s culture.
Too often, employees see cyber security as a technology issue, not a risk to the entire business. The growing user demands for AI tools is a classic example. After all, what’s the harm in downloading something from Hugging Face? However, providing users with authorised tools, and raising the situational awareness of the dangers of others, can have a deep positive impact on overall security.
But getting the message through will involve other departments, such as HR. They can help develop programs that deliver key messages in a variety of formats to ensure they are “heard” by all of the workforce.
4. Use threat intelligence as an enabler
Threat intelligence is no longer just a defensive tool. It provides business risk insights that help organisations make smarter decisions.
Moving from a reactive to a proactive approach to threat intelligence enables organisations to anticipate attacks with more accuracy. This increases the window of opportunity to prevent the attack from happening and ultimately drives business resilience.
In addition, by aligning intelligence-driven security with board-level risk management, CISOs will be able to justify security investments with clear, data-backed insights.
5. Embed compliance into the security strategy
The cyber threat landscape is constantly shifting, and CISOs need to prepare for evolving compliance requirements. While regulations are struggling to keep up, it’s likely that different global regions are all pushing in similar directions.
One of the key areas will be stricter supply chain security mandates. This becomes increasingly likely as businesses start to use a multitude of AI tools, many of which rely on the cloud to move data around as it is processed through various third-party systems.
To stay ahead of the curve, CISOs should start to embed compliance using the principles of good practice and cyber hygiene into their security strategy rather than treating compliance as an afterthought.
Thanks and see you next year
As hosts of The-C2, SE Labs would like to thank all those who took part in these discussions. There are other key takeaways for CISOs available so, if you’d like more in-depth information about some of the discussions from The-C2, head over to LinkedIn for the latest articles.
To register your interest in attending The-C2 in 2026 visit https://the-c2.com/
