The Expert View: Building Growth Through Cyber-Security

The cyber threat landscape continues to pose new challenges for businesses, as attackers become more sophisticated and find new weaknesses to target. At a recent Business Reporter dinner briefing at the House of Lords, security leaders gathered to discuss the current threats organisations are facing.

 

Zeki Turedi, Field CTO, EMEA, at CrowdStrike, opened the discussion by highlighting the increased activity of threat actors, adding that some nation-state attackers are now masquerading as internal employees. He asked attendees what challenges they had faced over the last year.

 

The Biggest Cyber Risks Facing UK Businesses

One of the most pressing concerns was securing cloud environments. As organisations migrate to SaaS and cloud infrastructure, they face new security challenges, particularly in ensuring the components of their ecosystem are securely integrated. While fast-moving workloads benefit from cloud agility, more static ones have different economic and security considerations. Meanwhile, some industries, such as defence, are choosing to retain on-premises infrastructure, even exploring mobile data centres for added security.

 

Supply chain security emerged as another significant challenge. While securing third-party vendors is difficult, monitoring fourth-party suppliers and those further down the chain is even more complex. Criminal gangs are increasingly targeting large enterprises through their supply chains, making supplier risk a major concern.

 

Finally, deepfake threats are also on the rise, with attackers using AI-generated voice and video to impersonate executives and manipulate employees. Some organisations are now reconsidering voice biometrics due to these risks, said one attendee, and there is not yet a clear strategy for protecting public-facing executives whose images and voices are readily available online.

 

Strengthening Organisational Defences

When it comes to mitigating cyber risks, there was consensus that a mix of prevention, containment, and recovery strategies is essential. Relying solely on prevention is unrealistic, given the evolving nature of attacks.

The weak link remains user behaviour. Some organisations respond to this by heavily restricting what employees can do but others accept that it’s impossible to eliminate human error and prefer to focus on making systems secure enough that mistakes are unlikely. Neither solution is perfect and both have limitations.

 

Emerging technologies such as digital signatures and watermarks offer some protection against deepfake threats, but some attendees suggested that businesses must also cultivate a culture in which employees feel empowered to flag suspicious activity. Drawing a parallel to health and safety protocols, one participant suggested that organisations should implement a "stop the line" policy for financial transactions to prevent fraud.

 

Attendees also discussed the challenge of communicating security risks to boards that may lack technical expertise. Having cybersecurity professionals in leadership positions can help bridge this gap. "Having security people on the board has moved the needle for us," one participant noted. Without this representation, it can be difficult to secure buy-in for critical investments.

 

AI in Cyber-Security

Artificial intelligence (AI) is becoming increasingly embedded in security products, but concerns about AI risks remain. One key issue is data security: where is the data stored, how is it processed, and could an organisation’s sensitive data be used to train external AI models?

 

Many organisations are not yet using AI for security but are focusing instead on assessing AI risks within their broader business operations. One participant noted that their security team is already stretched thin vetting AI use cases and may soon struggle to keep up with the rapid adoption of AI tools.

 

One delegate at the briefing suggested that we should assess AI systems differently. "We keep trying to treat LLMs like software, but maybe we should think of them more like people. We can’t vet a person’s mental processes, only their actions. Should we apply that approach to AI?"

 

Those exploring AI-driven security solutions believe they will be running AI-powered Security Operations Centres (SOCs) within the next couple of years. For now, many are leveraging AI features embedded in trusted security tools to gain efficiencies without increasing their own operational burden.

 

Harnessing Threat Intelligence

The conversation turned to how organisations can better harness threat intelligence. While there is no shortage of threat data, making it actionable is a challenge. Simply knowing that threats are increasing does not always translate into effective decision-making. One attendee remarked that some risk teams would learn just as much by reading the news.

 

However, structured intelligence provides measurable insights. Understanding attacker motivations - whether they are after financial gain, intellectual property, or disruption - can help businesses tailor their defences. Moreover, contextual intelligence enables organisations to determine whether a threat is escalating in their industry or shifting elsewhere.

 

Closing the discussion, Lee Stephens, Principal Security Advisory Services at BT, observed that while the threats discussed were familiar, the challenge remains ever-present. "Being in business is about taking risks, and our job in security is to enable that. Cyber threats will only continue to grow. As vendors, we must constantly think about how we can help organisations protect themselves more effectively."

 

As cyber threats evolve, organisations must balance security measures with business enablement. Proactive defences, intelligent threat intelligence usage, and strategic AI adoption will be key to staying ahead in an increasingly complex landscape.

---

To learn more, please visit: www.bt.com & www.crowdstrike.com