Alexander von Keyserlingk on Trends, Technologies, and Geopolitics Shaping the Future of Cybersecurity

Thank you for attending our inaugural conference and accepting our invitation to be part of this interview for the Cybersecurity Summit ~ Cyberfy 

1. What are some of the most significant trends you see shaping the future of cybersecurity, particularly in sectors like finance, telecom, and healthcare?

There is a greater understanding among organizations, particularly in finance, telecom and healthcare, that cybersecurity is important to prioritize, driven by expanding data and cybersecurity regulations, and the hostile threat landscape.

Looking at compliance, the number of regulatory frameworks is increasing, with NIS2, DORA, and the Cyber Resilience Act driving the need to implement technologies that prove compliance and that the organization lives up to the requirements. The regulations also drive a greater concern for data protection, where organizations in Europe, especially, are more concerned about where their data is stored, so foreign intelligence services, for example, don’t have the ability to access the data without legal process.

From a threat landscape perspective, geopolitical uncertainties are shaping the cybersecurity sector. We’ve seen the rise of cyberwarfare in recent years, causing nation-state actors to target European organizations, including those with less mature cybersecurity.

2. How do you see the evolving landscape of cyber warfare impacting international relations and national security, particularly in the context of emerging technologies and state-sponsored cyber activities?

Cyberwarfare has resulted in some new dynamics in the threat landscape. For example, we’re seeing nation-state actors cooperating with ransomware operators to gain initial access. On top of that, nations are trying to impact elections around the world through disinformation campaigns. We saw this in the US, where federal agencies warned that both Russia and Iran manufactured content to influence the outcome of the election and sow doubt among the population.

Nation-states increasingly leverage cyber capabilities to target critical infrastructure, disrupt economies and conduct espionage. As a result, we’re seeing an uptick in the interest in implementing Zero Trust architecture and strategies emphasizing strict identity verification and least-privilege access policies, mitigating insider threats and credential theft risks.

3. Judging from your experience, what are common mistakes companies make in balancing cybersecurity with operational efficiency?

Operational efficiency is key, so when ransomware and other cyber threats increase in sophistication and compliance requirements increase, there is a need for new approaches.

From a technological perspective, organizations should focus on giving the security teams the tools to work as efficiently as possible. Many teams struggle with alert fatigue today, spending too much time correlating observations made by the array of security tools. They need more proactive and behavior-based frameworks to free up time. Automating investigation and response mechanisms can also allow the team to work quickly.

From a compliance perspective, implementing tools that can gather information for audits and determine compliance automatically can help. Organizations operating in regions with strict data privacy laws, like Europe, must align with local requirements. This also means cybersecurity tools should strive to store and process data in Europe.

From a process perspective, it’s important to break down siloes. They need to ensure that the security team works in close collaboration with IT operations and risk management so everyone is aligned on the approach to cybersecurity, ensuring that patch management, network segmentation, Disaster Recovery, and other best practices are implemented and continuously monitored to support both security and operational efficiency.

4. What’s the influence of advanced technologies like AI and machine learning on threat landscape and cyber warfare?

Phishing remains one of the most widely used attack vectors, and the most efficient type is spear-phishing. With Generative AI, attackers no longer need to spend time researching personal information about the victims because the technology does that for them by scraping information from LinkedIn, for example. Personalizing phishing emails has become automatic, increasing the number of spear-phishing emails that attackers are able to send.

Advanced technology adoption is becoming mutually more sophisticated on all sides. It also continues to be ever more accessible to all participants, which poses a threat and an opportunity at the same time.

Specifically, for security operations teams, this means ever-enhanced detection & response capabilities across endpoints, cloud/on-prem environments, and network layers, including lateral movements and forensics. The continuous feedback between the information security management system, security operations, and IT Service management elevates cyber resilience by consolidating security tools.

5. If you could implement one change across the entire cybersecurity industry, what would it be and why

I would love to see more real-time threat intelligence sharing. Many defenders operate in silos. We already have a strong cybersecurity community, sharing information about their experiences with tooling, trends, and the threat landscape. If that knowledge-sharing happened on a broader scale, it would significantly help a lot of the organizations that are left fending for themselves today.

6. Would you recommend our next year’s edition of the Cybersecurity Summit ~ Cyberfy to your colleagues? If so, what aspects did you find most valuable?

I would definitely recommend the Cybersecurity Summit, and I look forward to attending with two of my colleagues. The high-quality talks, great insights, and exciting high-profile guests make it a valuable event. Thank you very much!