What Does the Future Hold for IT Security? Expert Insights on Trends and Challenges

The cloud has fundamentally reshaped how businesses operate, but it also brings a host of new security concerns. In a recent discussion, Comarch‘s ICT product manager, Malgorzata Zabieglinska-Lupa, sat down with risk and information security specialist Ewelina Kornas-Zarzycka to explore the future of IT security. They tackled everything from evolving cyber threats to the pressing demands of GDPR compliance. Here are the key takeaways.

Top Threats Facing Security Leaders Today

When asked about the biggest threats, Kornas-Zarzycka highlighted the rapid evolution of the cybersecurity landscape. Organizations today face a wide array of dangers, including malicious attacks, sophisticated viruses, ransomware, and social engineering schemes. These threats can disrupt business continuity and lead to significant data breaches.

To combat these risks, she emphasized the need for proactive measures. Implementing a SIEM system is a critical first step, but it is not enough on its own. Companies must also adopt comprehensive processes like security incident management, risk management, and vulnerability management. For organizations with lower IT maturity, outsourcing to specialized providers can be a cost-effective solution.

Risk Management in a Changing IT Environment

The nature of risk management has shifted dramatically in recent years. Kornas-Zarzycka noted that businesses now recognize that risk applies to both negative threats and positive opportunities. A proactive, well-defined approach is essential for navigating this complexity.

She stressed that risk management must be dynamic and responsive to the changing business environment. Factors like global economic shifts, political events, regulatory scrutiny, and rapid technological advances are all influencing risk strategies. This means that security leaders must continuously adapt their tools and techniques. As a result, organizations are investing more resources into risk management to stay ahead of emerging challenges.

The Impact of GDPR on Data Protection

With the General Data Protection Regulation (GDPR) now in full effect, compliance remains a top priority. Kornas-Zarzycka explained that GDPR emphasizes individual rights, such as data access, correction, portability, and deletion. Companies must implement robust safeguards for collecting, storing, and sharing personal data.

One of the most critical requirements is the ability to report a personal data breach to the relevant authority within 72 hours. This necessitates a well-organized incident management process. Beyond legal compliance, adhering to GDPR helps build trust with clients and strengthens customer relationships. In essence, it turns regulatory pressure into a competitive advantage.

Thinking About Risk Under GDPR

Under the GDPR, organizations are encouraged to take a “risk-based approach” to data protection. This means evaluating the potential harm to individuals from data breaches and using mitigation techniques to minimize impacts. Understanding what data the organization holds and why is crucial for this process.

What the Future Holds for the Security Market

Looking ahead, Kornas-Zarzycka sees a dual landscape. On one hand, cyber-attacks are becoming more sophisticated, threatening business continuity and causing reputation damage. On the other, technology is advancing rapidly, offering high-end solutions for monitoring and analysis.

She believes that the future of IT security lies in embracing these innovations while staying vigilant against evolving threats. Tools for building robust security processes will become increasingly important. Ultimately, the field demands constant learning and adaptation, which is what drew Kornas-Zarzycka to it in the first place. She finds satisfaction in the dynamic nature of the work and the critical role security plays in protecting organizations.

For more insights on building a resilient security strategy, check out our guide on cloud security best practices and learn about incident response planning.

Beyond the Usual: Key Takeaways from the Women in Cybersecurity Panel at ISC2 Congress

Women in cybersecurity panels have become a staple at industry events. In fact, they are now so common that some attendees might consider skipping them. However, the session at this year’s ISC2 Congress in Austin proved to be anything but predictable. Featuring a lineup of seasoned experts, the discussion offered fresh perspectives on persistent challenges. This article highlights the most compelling points from that conversation, focusing on the state of women in cybersecurity today.

Why This Panel on Women in Cybersecurity Stood Out

Moderated by freelance journalist Karen E. Hoffman, the panel included Jennifer Minella, VP Engineering and consulting CISO at Carolina Advanced Digital; Suzanne Hall, managing director at PwC; and Lynn Terwoerds, executive director of the Executive Women’s Forum. Each brought a unique viewpoint, making the session both engaging and insightful. Instead of rehashing the entire discussion, here are the standout moments that deserve attention.

Unconscious Bias and the Glass Ceiling

One of the most striking topics was the persistent underrepresentation of women in leadership roles. According to the latest ISC2 Workforce Study, men are four times more likely to hold C-level or executive management positions than women, and nine times more likely to be in manager roles. Suzanne Hall attributed this to unconscious bias. “When CFOs, CEOs, or CIOs think about security professionals, they think about a guy. Always,” she said, noting that media portrayals reinforce this stereotype.

Jennifer Minella offered a different angle. While she acknowledged the reality of bias, she pushed back against the term “glass ceiling.” “Instead of starting from a point of saying there should be no bias, we should accept that from a neuroscience perspective, there will always be bias,” she explained. “We need to acknowledge that there IS bias as a starting point, and then work from there.” She also pointed out that women may simply want different career paths. “Maybe women don’t always want to be that executive,” she said, citing her own preference for a vice-chair role over a chair position.

The Equifax Fallout and Unfair Scrutiny

The panel didn’t shy away from high-profile cases. Suzanne Hall referenced the aftermath of the Equifax breach, where the female CISO’s educational background was heavily criticized. “I’ve never seen news coverage, in the wake of a data breach, comment on a CISO’s educational background until Equifax’s female CISO,” she said, calling the scrutiny “horrifying.” Hall argued that the real lesson should have been about patching vulnerabilities, not about the CISO’s lack of a computer science degree. For a deeper dive, read The Washington Post’s coverage.

Mid-Career Dropout and Mentorship Gaps

Another critical issue raised was the high dropout rate among women mid-career. Lynn Terwoerds explained that the ISC2 Workforce Study, combined with her experience at the Executive Women’s Forum, shows this trend is “extremely problematic.” While caregiving responsibilities are often cited as a reason, the study found that almost as many men as women are in caregiving roles—yet men do not leave the industry at the same rate. This suggests deeper systemic factors at play.

Mentorship emerged as a key solution. Terwoerds credited her all-male mentors for her success, while Hall and Minella echoed similar positive experiences. However, the panel also called for more female mentors. “Women have to recognize the role they play in order to be proactive with mentoring,” Terwoerds said, emphasizing the need for mutual support.

Changing the Industry’s Mascot

Jennifer Minella closed the session with a powerful call to action: change how the industry markets itself. “We market with images of ninjas, pirates…at least we have unicorns now too,” she joked. “If our industry had a mascot or personality, it’s the grumpy, skeptical paranoid guy or the guy in a black hoodie in a basement…who wants to walk into that? Nobody!”

Her point resonated deeply. To attract and retain more women in cybersecurity, the industry must shed its outdated, intimidating image. As Minella put it, “Nobody wants to be the grumpy arseh*le with no life work balance.”

For more on building a diverse workforce, read our article on cybersecurity career paths and strategies for inclusive workplace culture.

In conclusion, this panel at ISC2 Congress offered more than just a checklist of problems. It provided actionable insights on bias, mentorship, and industry stereotypes. The conversation around women in cybersecurity is evolving, and events like this are crucial for driving real change.

Securing Modern Assets: Navigating Cybersecurity in the Digital Transformation Age

Digital transformation has reshaped how businesses operate, turning technology into the backbone of growth and efficiency. However, this shift brings unprecedented complexity to IT environments. As organizations adopt cloud services, mobile devices, and IoT systems, their attack surfaces expand rapidly. Without proper visibility, securing modern assets becomes a monumental challenge. Cybercriminals exploit these blind spots, leaving companies vulnerable to breaches that could have been prevented.

Today’s enterprises face a fragmented landscape. Employees use personal devices for work, third-party contractors access sensitive data, and operational technology (OT) like industrial control systems connects to networks never designed for such exposure. This convergence creates what experts call a “cyber exposure gap”—the difference between known risks and actual vulnerabilities. Understanding this gap is the first step toward effective digital transformation cybersecurity.

The Expanding Attack Surface: Why Traditional Tools Fall Short

Traditional security tools were built for a simpler era—on-premise desktops and servers. They struggle to keep pace with dynamic assets like cloud instances, containers, and microservices. DevOps teams deploy updates daily, often bypassing security oversight. This rapid innovation widens the attack surface, making it elastic and unpredictable.

As a result, organizations can no longer rely on periodic vulnerability scans. They need continuous, live visibility across all platforms. Without it, they risk missing misconfigurations or unpatched systems that attackers exploit. Basic security hygiene—like patching and configuration management—remains critical, yet many firms chase headline threats instead of addressing these fundamentals.

Cyber Exposure Management: A Proactive Strategy for Modern Assets

To regain control, businesses must adopt a proactive approach known as cyber exposure management. This method focuses on three core questions: How secure are we? How exposed are we? What can we do to reduce risk? By answering these, organizations can prioritize actions that matter most.

The process begins with attack surface visibility. Live discovery tools identify every asset—from traditional endpoints to IoT devices—across the network. Next, this data maps to business context, considering asset criticality and exploit activity. Finally, quantified risk metrics inform strategic decisions, helping CISOs communicate with the board in business terms.

For example, a manufacturing firm might discover that its OT systems, never designed for connectivity, are now exposed online. Without visibility, this risk goes unnoticed until a breach occurs. Cyber exposure management bridges that gap, enabling targeted remediation.

Key Stages of Cyber Exposure Management

• Discovery and Assessment: Identify all assets in real time, including cloud, mobile, and IoT devices.
• Business Context Mapping: Prioritize assets based on criticality and current exploit trends.
• Risk Quantification: Measure exposure in financial terms to drive investment decisions.

Building a Strategic Security Program for Digital Transformation

Implementing a strategic security program requires shifting from reactive to proactive thinking. Instead of reacting to the latest vulnerability, organizations should focus on modern asset protection. This means integrating security into DevOps pipelines, enforcing policies for BYOD, and vetting third-party access.

Automation plays a key role. Tools that continuously monitor and assess assets reduce manual effort and speed up response times. Additionally, training employees on security best practices minimizes risks from personal devices. A comprehensive IT security strategy must also include regular audits and incident response drills.

Consider linking to resources like this guide on cyber risk assessment or cloud security best practices for deeper insights. These internal resources can help teams build robust defenses.

Overcoming Challenges in Digital Transformation Cybersecurity

Despite the benefits, digital transformation cybersecurity faces hurdles. Budget constraints, skill shortages, and legacy systems often slow progress. However, starting small—like improving asset visibility—can yield quick wins. Partnering with managed security providers or using integrated platforms can also ease the burden.

Another challenge is aligning security with business goals. CISOs must translate technical risks into business impacts, such as revenue loss or regulatory fines. This language resonates with executives, securing buy-in for necessary investments.

In conclusion, securing modern assets in the digital age demands a paradigm shift. By embracing cyber exposure management, organizations can navigate complexity, reduce risk, and thrive in their transformation journey. The key lies in visibility, prioritization, and continuous improvement—principles that turn cybersecurity from a cost center into a competitive advantage.