Is Your Company Ready to Face Tomorrow’s Security Risks?

In 2017, businesses faced relentless waves of ransomware, phishing, and IoT attacks. As the cyber landscape evolves, understanding tomorrow’s security risks is crucial for survival. Industry experts from Comarch ICT—Malgorzata Zabieglinska-Lupa, Paulina Swiatek, and Maciej Rosolek—recently shared their insights on emerging threats and how organizations can fortify their defenses.

Why Security Feels Like a Never-Ending Chase

Security is one of the fastest-growing sectors in IT, yet it often lags behind attackers. Maciej Rosolek compares this to a dam holding back a river: we build protections based on best practices, but water (malicious actors) erodes them over time. As technology advances, hackers gain access to powerful tools, creating new leaks that demand immediate fixes. This cycle explains why security is a constant catch-up game.

Paulina Swiatek adds that hackers learn faster than most IT professionals. To anticipate attacks, businesses must invest in employee training and infrastructure. Without these, the success of a cyberattack often depends on how much time and money an organization is willing to spend on defense.

Shifting Attitudes: From Cost to Strategic Priority

Historically, security was viewed as an unnecessary expense. However, high-profile incidents—like ransomware hitting UK hospitals or the Edward Snowden leaks—have changed perceptions. More companies now realize that a breach can cost far more than preventive measures. Yet, many still treat IT security as separate from business strategy, leading to expensive and misaligned solutions.

Swiatek stresses that IT security strategy should be built alongside business strategy. When aligned, security becomes more effective and cost-efficient. Companies that fail to integrate these elements risk leaving themselves exposed to tomorrow’s security risks.

Key Trends Shaping the Future of IT Security

Machine Learning: The New Frontier

With over 100,000 new malware variants created daily, traditional antivirus software is no longer enough. Maciej Rosolek highlights the need for intelligent systems that use machine learning to detect threats. These include:

• SIEM tools that correlate data from multiple sources to identify suspicious behavior
• IPS/IDS systems with adaptive learning capabilities
• Flow analysis platforms that spot anomalies in network traffic

Machine learning is set to become a cornerstone of modern security, helping organizations stay ahead of tomorrow’s security risks.

GDPR Compliance: A Catalyst for Change

The EU General Data Protection Regulation (GDPR), enforced in May 2018, forced many companies to overhaul their data protection practices. Non-compliance carries severe penalties, pushing businesses to invest in better security. However, Rosolek notes that many firms lack internal expertise, turning to specialized IT integrators and service providers for support. This trend is driving a surge in security spending.

To prepare for GDPR, companies must:

• Read and understand the regulation thoroughly
• Map where personal data is stored and who has access
• Conduct risk assessments and implement tailored protections

There is no one-size-fits-all solution; each organization must find the right mix of tools and processes to safeguard data.

Building a Successful IT Security Strategy

Developing a robust strategy requires a holistic approach. Swiatek recommends starting with the company’s business goals and then assessing the current security posture. This involves understanding processes, functions, and future plans. From there, organizations can define the desired security state and outline steps to achieve it.

Key elements include:

• Alignment with business and IT strategies
• Regular threat and risk analysis
• Compliance with standards and regulations

Because threats evolve, security strategies must be reviewed and updated continuously. Measuring effectiveness and making improvements is essential to stay resilient.

Empowering the Weakest Link: End Users

Both experts agree that end users are the most vulnerable point in any security system. Even the most advanced tools fail if employees lack awareness. Swiatek suggests assuming a low baseline of knowledge and providing regular training with mandatory exams. Topics should include password policies, data access rules, and social engineering tactics.

Rosolek emphasizes ongoing awareness campaigns, such as security events where employees see real-world examples of data theft. Annual refresher tests and new-hire training help reinforce good habits. By investing in user education, companies can significantly reduce their exposure to tomorrow’s security risks.

For more insights on IT risk and security management, check out Comarch ICT’s IT Risk & Security page. Also, explore our guide on cyber threat trends and employee security training best practices.

Was the Equifax CSO Really to Blame? A Deeper Look at Cybersecurity Accountability

When Equifax suffered a massive data breach in 2017, exposing over 143 million records of personally identifiable information (PII), the fallout was swift. The company’s chief security officer (CSO) and chief information officer (CIO) both departed soon after. But does the Equifax CSO blame game tell the full story? Or are deeper systemic issues at play?

Many observers quickly pointed fingers at the CSO’s background—a music degree, not a technical one. However, Tripwire research shows that 72% of security professionals find it harder to hire skilled staff today than two years ago. This suggests that blaming one person’s education misses the point entirely.

Understanding the CSO’s Role in Cybersecurity

According to a recent article by CSO Online, the CSO oversees security efforts across departments like IT, HR, legal, and facilities. This includes identifying security initiatives and standards. The CSO’s direct reports typically include the chief information security officer (CISO) and the director of corporate security.

But having the right structure is only half the battle. Even the most qualified CSO cannot succeed without adequate resources and board-level support. In Equifax’s case, the breach exposed flaws in patch management and continuous monitoring—problems that transcend any single executive.

Resource Gaps and Open Positions

Interestingly, Equifax had around 12 open security-related jobs at the time of the breach, down from 16. These roles, mostly based in Georgia, faced challenges like high salary demands and a limited pool of skilled professionals. This highlights a broader industry issue: the cybersecurity talent shortage.

According to ISACA, the global shortfall of cybersecurity professionals could reach two million by 2019. This scarcity makes it tough for any company to build a robust security team, regardless of the CSO’s background.

Why Blaming the CSO’s Degree Is Misguided

Critics pointed out that Equifax’s CSO held a music degree, implying a lack of technical expertise. However, cybersecurity as a discipline is relatively new. Many seasoned professionals entered the field before dedicated computer science programs included security training.

A liberal arts or fine arts degree can foster critical thinking and a holistic perspective—qualities essential for managing people, communicating with boards, and understanding legal risks. Companies should value well-rounded leaders who can see the big picture, not just technical specialists.

That said, continuous education is vital. The CSO must stay current through training, conferences, and networking. They also need to ensure their team receives ongoing training to counter evolving threats.

Systemic Cybersecurity Failures at Equifax

The Equifax breach wasn’t caused by one person’s degree; it resulted from systemic issues. The company struggled with patch management, using outdated technology without a clear timeline for updates. This is a common problem across many organizations, regardless of leadership.

Board-level buy-in is another critical factor. If directors don’t fully understand cybersecurity risks, they may underfund security initiatives. The CSO can only do so much without proper resources and support from the top.

The Growing Skills Gap and Its Impact

As seasoned professionals retire, the cybersecurity skills gap widens. This makes it harder to find qualified staff, even for well-funded companies. The industry must encourage non-traditional candidates to enter the field through training and mentorship programs.

Diverse thinking—from people with varied educational backgrounds—can drive innovation. Companies that embrace this diversity are better positioned to develop cutting-edge security solutions.

Conclusion: Focus on Resources, Not Blame

In the end, the Equifax CSO blame narrative oversimplifies a complex situation. The public may never know all the details, but focusing on someone’s degree does nothing to fix the underlying problems. Instead, attention should shift to resource allocation, training programs, and board engagement.

For more insights on cybersecurity accountability and how to avoid similar failures, explore our guides on data breach response planning.

What Does the Future Hold for IT Security? Expert Insights on Trends and Challenges

The cloud has fundamentally reshaped how businesses operate, but it also brings a host of new security concerns. In a recent discussion, Comarch‘s ICT product manager, Malgorzata Zabieglinska-Lupa, sat down with risk and information security specialist Ewelina Kornas-Zarzycka to explore the future of IT security. They tackled everything from evolving cyber threats to the pressing demands of GDPR compliance. Here are the key takeaways.

Top Threats Facing Security Leaders Today

When asked about the biggest threats, Kornas-Zarzycka highlighted the rapid evolution of the cybersecurity landscape. Organizations today face a wide array of dangers, including malicious attacks, sophisticated viruses, ransomware, and social engineering schemes. These threats can disrupt business continuity and lead to significant data breaches.

To combat these risks, she emphasized the need for proactive measures. Implementing a SIEM system is a critical first step, but it is not enough on its own. Companies must also adopt comprehensive processes like security incident management, risk management, and vulnerability management. For organizations with lower IT maturity, outsourcing to specialized providers can be a cost-effective solution.

Risk Management in a Changing IT Environment

The nature of risk management has shifted dramatically in recent years. Kornas-Zarzycka noted that businesses now recognize that risk applies to both negative threats and positive opportunities. A proactive, well-defined approach is essential for navigating this complexity.

She stressed that risk management must be dynamic and responsive to the changing business environment. Factors like global economic shifts, political events, regulatory scrutiny, and rapid technological advances are all influencing risk strategies. This means that security leaders must continuously adapt their tools and techniques. As a result, organizations are investing more resources into risk management to stay ahead of emerging challenges.

The Impact of GDPR on Data Protection

With the General Data Protection Regulation (GDPR) now in full effect, compliance remains a top priority. Kornas-Zarzycka explained that GDPR emphasizes individual rights, such as data access, correction, portability, and deletion. Companies must implement robust safeguards for collecting, storing, and sharing personal data.

One of the most critical requirements is the ability to report a personal data breach to the relevant authority within 72 hours. This necessitates a well-organized incident management process. Beyond legal compliance, adhering to GDPR helps build trust with clients and strengthens customer relationships. In essence, it turns regulatory pressure into a competitive advantage.

Thinking About Risk Under GDPR

Under the GDPR, organizations are encouraged to take a “risk-based approach” to data protection. This means evaluating the potential harm to individuals from data breaches and using mitigation techniques to minimize impacts. Understanding what data the organization holds and why is crucial for this process.

What the Future Holds for the Security Market

Looking ahead, Kornas-Zarzycka sees a dual landscape. On one hand, cyber-attacks are becoming more sophisticated, threatening business continuity and causing reputation damage. On the other, technology is advancing rapidly, offering high-end solutions for monitoring and analysis.

She believes that the future of IT security lies in embracing these innovations while staying vigilant against evolving threats. Tools for building robust security processes will become increasingly important. Ultimately, the field demands constant learning and adaptation, which is what drew Kornas-Zarzycka to it in the first place. She finds satisfaction in the dynamic nature of the work and the critical role security plays in protecting organizations.

For more insights on building a resilient security strategy, check out our guide on cloud security best practices and learn about incident response planning.