{"id":15053,"date":"2025-10-30T16:41:54","date_gmt":"2025-10-30T16:41:54","guid":{"rendered":"https:\/\/newestek.com\/?p=15053"},"modified":"2025-10-30T16:41:54","modified_gmt":"2025-10-30T16:41:54","slug":"cybersecurity-awareness-month-quotes-and-commentary-from-industry-experts-in-2025","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15053","title":{"rendered":"Cybersecurity Awareness Month Quotes and Commentary from Industry Experts in 2025"},"content":{"rendered":"
\n

\"Cybersecurity<\/p>\n

For Cybersecurity Awareness Month 2025, the editors at Solutions Review have compiled a list of quotes, predictions, and commentary from leading experts across industries.<\/strong><\/em><\/p>\n

As part of this year\u2019s Cybersecurity Awareness Month, we\u00a0invited the best and brightest minds in the enterprise technology market to share their best practices, predictions, and personal anecdotes about the impact of artificial intelligence on their careers<\/a><\/strong><\/span>, companies, and more. The experts featured represent some of the top influencers, consultants, and solution providers with experience across industries, and each projection has been vetted for relevance and ability to add business value.<\/p>\n

Cybersecurity Awareness Month Quotes from Industry Experts in 2025<\/strong><\/h2>\n
\n

Kevin Bocek, SVP of Innovation at CyberArk<\/strong><\/a><\/h4>\n

\u201cAs we enter Cybersecurity Awareness Month, organizations from retailers to airports to daycares are under attack. Unfortunately, the next big incident may be of our own making. Within months, every business and government agency will be required by Google, Microsoft, and Apple to replace their TLS certificates at an increasingly rapid pace. Beginning in March, certificates must be renewed more frequently, or websites will not load, mobile apps will not connect, and even baggage handling systems and ATMs could go offline. TLS certificates, also known as machine identities, are essential for authenticating sites to browsers and apps and for enabling encryption.<\/p>\n

\u201cWe all recognize the problem when visiting a site that shows \u2018can\u2019t be trusted\u2019 or \u2018expired certificate.\u2019 Now imagine the chaos if that happens eight to ten times more often within every organization as TLS certificate lifetimes shrink to just 47 days, leaving customers and citizens locked out. The good news is that automation is available through certificate management tools for every business. This is all part of sound machine identity security, which now requires the same level of priority and protection that we give to human identities.\u201d<\/p>\n

\n

Ellen Boehm, SVP of IoT and AI Identity Innovation at Keyfactor<\/strong><\/a><\/h4>\n

\u201cThis Cybersecurity Awareness Month, enterprises face a growing risk that wasn\u2019t on the radar just a year ago: rogue AI agents. With agentic AI now moving into production, autonomous systems are capable of making decisions, transacting, and executing tasks without human oversight. Without strong identity and trust controls, these agents can quickly become shadow AI, acting outside policy, spoofing identities, or initiating fraud at machine speed.<\/p>\n

\u201cThe challenge is clear. Most organizations can\u2019t yet answer the fundamental question: Is this AI agent authentic? Legacy authentication methods like API keys and static tokens are easily compromised and offer no cryptographic proof of identity. If not addressed, this gap opens the door to breaches, data loss, and trust breakdowns, far faster than human-led security teams can respond.<\/p>\n

\u201cTo counter this, digital trust must be embedded at the identity layer. Certificate-based machine identity management allows organizations to verify every agent, enforce policies, and revoke trust instantly if compromise occurs. This approach ensures visibility, accountability, and control over AI behavior in real-time. As agentic AI becomes part of the enterprise, securing it is no longer optional; it\u2019s foundational. This Cybersecurity Awareness Month is a reminder that new threats demand new trust models.\u201d<\/p>\n

\n

Mike Britton, Chief Information Officer at Abnormal AI<\/strong><\/a><\/h4>\n

\u201cWhile security education and training should, of course, be an ongoing initiative, Cybersecurity Awareness Month presents a unique opportunity for security leaders to emphasize the behaviors, tools, and resources that can help employees support the organization\u2019s security year-round. To combat increasingly sophisticated threats\u2014like those powered by generative AI\u2014training must focus on the personal value of security for employees. Security leaders can also make education memorable and fun through gamification, contests, or inviting guest speakers. The goal is to maximize October\u2019s momentum to establish an ongoing culture of security awareness that keeps employees engaged and cyber-focused throughout the remainder of the year, thereby protecting the organization.\u201d<\/p>\n

\n

Phil Calvin, Chief Product Officer at Delinea<\/strong><\/a><\/h4>\n
\n
\n

\u201cThe attack surface is changing, and the rise of machine identities is at the core of it. From chatbots to APIs and autonomous agents, these identities already outnumber humans; yet, they\u2019re too often overlooked in cybersecurity strategies. 94 percent of organizations plan to adopt AI in identity security, but only 28 percent prioritize securing machine identities today<\/a>, exposing a dangerous gap. Securing these identities is just as critical as protecting human ones if businesses want to stay secure.<\/p>\n

\u201cCybersecurity Awareness Month is a reminder that visibility, control, and collaboration are essential. As machine identities increasingly become entry points for attackers, organisations should start with visibility into where they are and what they can access. Then, it\u2019s about shortening credential lifespans\u2013that way, stolen details will quickly expire. Finally, it\u2019s important to restrict each identity\u2019s access to only what it truly needs, ensuring the principles of least privilege are applied consistently.<\/p>\n

\u201cIdentity security needs to evolve so that every identity, whether human or machine, can be trusted to work together. Businesses that get this right will position themselves as standard-setters, turning a vulnerability into an advantage and giving their industries the foundation to thrive.\u201d<\/p>\n

\n<\/div>\n<\/div>\n

Jack Cherkas, Global Chief Information Security Officer at Syntax<\/strong><\/a><\/h4>\n

\u201cIn an era of generative AI, automation, quantum computing, and advanced security platforms, it\u2019s tempting to believe that only the latest technology can keep you safe online. This year\u2019s Cybersecurity Awareness Month \u2018Core 4\u2019 actions prove this is a myth. The fundamentals\u2014strong passwords, multi\u2011factor authentication, timely software updates, and scam awareness\u2014remain the most consistently effective defenses for both organizations and individuals. For businesses, these basics safeguard operations and reputation; for individuals, they protect finances, privacy, and daily life. Getting them right is the cornerstone of cyber resilience and the foundation for safe innovation.\u201d<\/p>\n

\n
\n
\n

Anthony Cusimano, Solutions Director at Object First<\/strong><\/a><\/h4>\n

\u201cRansomware attacks are no longer just about disrupting operations\u2014they\u2019re increasingly targeting backups. In fact, 96 percent of attacks hit backup data, yet securing backups is often overlooked in cybersecurity strategies. Simply having backups isn\u2019t enough anymore; organizations must adopt storage that ensures Absolute Immutability to prevent tampering, encryption, or deletion, ensuring recovery is always possible. The rise of AI-generated data makes immutability even more critical. AI produces massive volumes of essential data, yet 65 percent of organizations back up less than half of it, leaving it vulnerable to cyber-criminals.<\/p>\n

\u201cThis Cybersecurity Awareness Month, organizations must treat data protection as a core cybersecurity responsibility. Disaster recovery plans should minimize downtime, safeguard critical assets, and align backup strategies with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Regular testing, monitoring, and threat simulations ensure readiness for ransomware, insider threats, and emerging cyber-attacks. Investing in modern, immutable storage and comprehensive recovery plans strengthens organizational resilience, reduces cyber risk, and ensures critical data remains secure. Protecting data is no longer optional; it\u2019s a strategic cybersecurity imperative.\u201d<\/p>\n

\n

Jim Doggett, CISO at Semperis<\/strong><\/a><\/h4>\n

\u201cFor too long, the industry has operated under a false sense of security, believing that if we just buy enough tools, we can prevent every attack. That mindset is fundamentally flawed and, frankly, dangerous. This is especially true when it comes to preventing and recovering from ransomware attacks. Within the past 12 months, nearly 80 percent of organizations have been targeted by ransomware, with 40 percent of attacks involving a physical threat of some kind. The stakes have never been higher.<\/p>\n

\u201cCybersecurity leaders, particularly CISOs, must operate under the assumption that ransomware attacks are not a matter of if but when. To prepare, they need a proactive disaster recovery plan centered on clear communication to keep the business running smoothly during an attack. Ransomware can shut down critical operations across the organization, everything from WiFi and phones to Active Directory. A solid communication plan ensures CISOs and their teams can minimize costly downtime.<\/p>\n

\u201cThis Cybersecurity Awareness Month, let\u2019s commit to shifting our focus. Let\u2019s stop selling cybersecurity as an avoidance tool and start championing it as a business enabler built on the foundation of resilience.\u201d<\/p>\n

\n<\/div>\n<\/div>\n

Carolyn Duby, Field CTO and Cyber Security AI Strategist at Cloudera<\/a><\/strong><\/h4>\n

\u201cAI is driving up the volume and value of enterprise data, and cyber-criminals are matching its speed. As organizations operate across increasingly sprawling data environments, multiple platforms, each enforcing its own security and governance models, add to the complexity and inconsistency of controls within the system. This creates data silos and leaves sensitive data vulnerable, as there is no confirmation of who has access to it or how it is used.<\/p>\n

\u201cThis lack of visibility creates a perfect opportunity for attackers and a significant liability for enterprises navigating stricter regulatory oversight. The solution to this is robust data governance, which encompasses consistent guardrails for access, accountability, and control throughout the entire lifecycle. During Cybersecurity Awareness Month, organizations have a duty to assess whether visibility and governance are being utilized correctly as the foundation of their resilience.<\/p>\n

\u201cYou cannot defend what you cannot see. Cybersecurity begins with a clear line of sight into where data resides, who interacts with it, and under what circumstances. Yet storing data across multiple environments compounds this challenge. Security teams must manage multiple complex models simultaneously, often becoming \u2018jack of all trades but master of none.\u2019 The result is blind spots, gaps in monitoring, and frustrated users who may try to bypass cumbersome policies, which might lead to data leaks.<\/p>\n

\u201cUnified visibility enables organizations to detect anomalies, assess risk exposure, and prevent breaches before they occur. Governance frameworks that consolidate data across environments eliminate blind spots and give security teams a single, consolidated view of activity.\u201d<\/p>\n

\n

Bill Dunnion, Chief Information Security Officer at Mitel<\/strong><\/a><\/h4>\n

\u201cSecurity teams today are navigating an environment where critical infrastructure is under constant pressure. Attackers understand that disrupting communications, transportation, or healthcare systems can cause significant operational and community impact, making these networks prime targets. The challenge is that these systems are often complex and rapidly evolving, with new technologies layered on top of legacy environments. That complexity means small gaps can quickly become big risks. The focus must be on visibility, detection, and the ability to respond quickly, because resilience is not just a future goal. It is what keeps essential services running safely every day.\u201d<\/p>\n

\n

Ryan Edge, Director of Strategy, Privacy, and Data Governance at OneTrust<\/strong><\/a><\/h4>\n

\u201cRealistically, shadow AI will happen regardless of how strong a company\u2019s policies are. Many companies are still in the process of rolling out enterprise solutions, and in the meantime, employees are experimenting with them. There is a clear urgency to figure out how AI tools can help people work better, faster, or in some cases, achieve something that wasn\u2019t possible before. What matters most is how quickly an organization can identify, assess, and govern shadow AI. The reason it poses such a threat to the business is that AI can directly ingest sensitive data and make decisions without oversight. AI doesn\u2019t operate in a silo, and issues can magnify quickly. Small decisions or inputs can scale into regulatory or ethical issues very quickly.<\/p>\n

\u201cFor some organizations, shadow AI creeps up when governance teams can\u2019t move fast enough to approve safe AI use. Data teams might decide to leave privacy and risk stakeholders out of the project altogether if they\u2019re viewed as speed bumps.<\/p>\n

\u201cWhile business teams may not intentionally bypass privacy and risk management teams, these stakeholders know that inefficient processes can impact the speed at which they can innovate. This presents a clear opportunity for governance teams to demonstrate their AI readiness and serve as a driver of innovation. If they can accelerate their risk reviews, embed controls, and automate how they detect AI use throughout the business, they can shift more of their time to strategic AI advisory and earn a seat at the table, rather than chasing unsolicited AI use.\u201d<\/p>\n

\n

Devin Ertel, Chief Information Security Officer at Menlo Security<\/strong><\/a><\/h4>\n
\n
\n

\u201cThe browser is the most critical and vulnerable application in today\u2019s enterprise.\u00a0Menlo Security\u2019s latest report<\/a> highlights that web traffic to generative AI sites surged 50 percent year-over-year to 10.53 billion visits in January 2025, with 80 percent of that activity happening directly in browsers. This makes the browser not just the primary gateway to AI tools, but also the main channel through which sensitive data and potential threats now flow. At the same time, 68 percent of employees are using free AI tools with personal accounts, and more than half are pasting sensitive corporate data into them, creating major risks of data leakage.<\/p>\n

\u201cAI is amplifying both opportunity and risk. While employees rely on it to be more productive, attackers are using the same technology to spin up convincing phishing sites, fake domains, and ransomware delivery mechanisms at scale. With more than 6,500 GenAI domains and 3,000 apps already active, the browser has become the frontline battleground for security teams.<\/p>\n

\u201cThat\u2019s why this year\u2019s Cybersecurity Awareness Month theme, \u2018Stay Safe Online,\u2019 resonates so strongly. Security leaders can\u2019t stop AI adoption, but they can govern it responsibly, deploying secure browsers, enforcing true zero-trust access, and eliminating shadow AI with sanctioned, safe tools. Modernizing browser security isn\u2019t just about compliance, but about protecting the workforce where they live and work today, which is online.\u201d<\/p>\n

\n<\/div>\n<\/div>\n
\n
\n

Jeremy Fong, VP Product at Opswat<\/strong><\/a><\/h4>\n
\n
\n

\u201cAs the 22nd annual Cybersecurity Awareness Month urges us to \u2018Secure Our World,\u2019 the speed at which data moves is as important as the integrity with which it is managed. File transfers remain one of the most common and most vulnerable points of exposure. In the AI era, where adversaries weaponize automation to embed malicious content or bypass traditional defenses, organizations cannot afford to treat this as routine infrastructure.<\/p>\n

\u201cManaged File Transfer (MFT) should be seen not as a legacy technology or need but as a strategic control solution. Its value lies in verifiable security: encryption, access policies, file scanning, and auditable trails that demonstrate accountability. These capabilities are increasingly non-negotiable, as regulators, from the SEC to the EU\u2019s DORA, demand provable safeguards.<\/p>\n

\u201cTo \u2018Secure Our World\u2019 year-round, leaders should take three actions:<\/p>\n

    \n
  1. Elevate the secure file transfer conversation to the boardroom. It is a trust and resilience issue, not just an IT concern.<\/li>\n
  2. Mandate consistent controls across cloud, hybrid, and on-prem environments, including secure transport and encryption at rest to protect confidentiality, and file scanning to prevent hidden threats.<\/li>\n
  3. Continuously test and adapt processes to anticipate AI-driven threats.<\/li>\n<\/ol>\n

    \u201cSecuring how data moves is securing how business operates. In an era defined by speed, complexity, and growing cyber risk, MFT is not optional but foundational to long-term resilience and trust, exactly the kind of proactive measure Cybersecurity Awareness Month urges every organization to adopt.\u201d<\/p>\n<\/div>\n<\/div>\n

    \n<\/div>\n<\/div>\n

    Peter Galvin, Chief Growth Officer at NMI<\/strong><\/a><\/h4>\n

    \u201cCybersecurity awareness month is a great reminder that payment security is never one-and-done; it\u2019s a constant race to stay ahead of fraudsters. Today, the two primary threats we face in online payments are fraud and compliance. Criminals are already using AI to crack outdated defence practices, but the irony here is that businesses must fight AI with AI. Payment fraud will continue to evolve with technological innovations, so the only way to protect merchants and consumers is with layered defenses that adapt in real-time. Tokenization, biometrics, passkeys, fraud detection tools, and strong underwriting all play a role. Still, true protection comes from a \u2018security in depth\u2019 approach, which involves layering tools such as AI fraud detection for both pre- and post-transaction verification, 3DS, and enhanced merchant vetting.<\/p>\n

    \u201cThe payment industry should see Cybersecurity Awareness Month as more than just a checklist; it\u2019s a call to action. Too many companies still hesitate to adopt proven tools like tokenization because of the perceived complexity, but the cost of inaction is far greater and could come with a hefty cost. Security is about striking the right balance, keeping fraudsters out while keeping the customer experience seamless. Ultimately, the goal is to protect merchant and consumer trust, because once trust in payments is lost, everything else falls apart.\u201d<\/p>\n

    \n

    Mike Geehan,<\/strong> Head of Security, Compliance, and Corporate IT at Cockroach Labs<\/a><\/h4>\n

    \u201cYes, Cybersecurity Awareness Month can serve as a reminder to reset passwords and brush up on the latest in phishing best practices, but it\u2019s an equally important time to revisit your organization\u2019s approach to resiliency. Availability is one of the core pillars of the information security triad, so resiliency is vital to a business\u2019s security strategy. Outages, cyber-attacks, unexpected vulnerabilities, or other events that cause unplanned downtime can test your defenses and expose any weaknesses in your infrastructure. Executives should take a step back and ask some simple questions: How resilient is our technical infrastructure under stress? Where are the weak spots? And are we testing them on a regular basis?<\/p>\n

    \u201cBuilding scalable infrastructure is critical, but equally important is ensuring that scalability doesn\u2019t introduce new vulnerabilities. Take a traditionally security-specific concept, zero trust. Apply the concept holistically across an organization\u2019s entire architecture. Assume failure and breaches will happen, and build resilience at all levels of the ecosystem. Cybersecurity Awareness Month, as a lead-in to the new year, is the perfect time, aside from yesterday, to review compliance requirements, stress test your architecture, and continue to reinforce resilience. Prepare your organization to respond, not react to whatever 2026 has in store.\u201d<\/p>\n

    \n

    Matan Getz, CEO and Co-Founder of Aim Security<\/strong><\/a><\/h4>\n

    \u201cThe pace of AI adoption has outpaced security, leaving many organizations exposed. Defenses must shift from ad\u2011hoc fixes to continuous protection that spans the full AI lifecycle. That means validating every input, governing use through clear policies, monitoring in real-time, and securing both the code and the integrations behind it. Trust in AI will depend on whether companies can see, control, and secure every point where they use, build, or run it \u2014 before attackers do.\u201d<\/p>\n

    \n

    David Gildea, Vice President of Product and AI at Druva<\/strong><\/a><\/h4>\n
    \n
    \n

    The Real Security Threat in AI<\/strong><\/em><\/p>\n

    \u201cEarly on, the common security concerns around AI were rooted in fear, uncertainty, and misconceptions. For example, some were worried that AI might expose sensitive data, but in reality, most corporate data is heavily cleansed, and only a small fraction is valuable for model training.<\/p>\n

    \u201cThe real security challenge lies not just with the LLM, but with agentic AI frameworks, where tasks are delegated across dozens or even hundreds of AI agents. Most security teams are focusing on locking down data flows across LLMs, but the bigger threat is the swarm of AI agents making decisions and trading data at machine speed. These systems are too complex for humans to track quickly and nearly impossible to police with current security frameworks.\u201d<\/p>\n

    Building a New Foundation for Agentic Security<\/strong><\/em><\/p>\n

    \u201cAddressing this risk requires more than duct-taping existing frameworks\u2013it demands a new security foundation built for agentic systems. To manage this complexity, new specifications are emerging to provide the necessary controls.<\/p>\n

    \u201cFor example, standards like SPIFFE (Secure Production Identity Framework for Everyone) are being discussed to provide a strong, verifiable identity for each individual agent. Building on this, new proposals like the OAuth \u2018Identity Assertion Authorization Grant\u2019 are being developed specifically to handle how agents are granted access to resources.<\/p>\n

    \u201cThis combination of verifiable identity and delegated authorization is crucial for enterprises to securely:<\/p>\n