Today, Steve speaks with Kailyn Johnson, cyber intelligence and geopolitical risk lead at UK consulting firm Sibylline. Kailyn and Steve discuss the current threat landscape, focusing on areas where cyber and geopolitics overlap, and she offers some practical advice on how to contextualize security for your organization’s C-suite.

1 The dark web is becoming more democratized, opening up the door for low-skilled threat actors to cause harm.

2 Open and frequent communication between security teams and other branches of the organization, in particular those in charge of the budget, is crucial for cyber resilience operations to receive sufficient support.

3 Staying up to date on patching, knowing your supply chains, and understanding how threats to critical infrastructure can affect you, will be key for organizations in 2025.

1 How the dark web is becoming more democratized, and what means for businesses

2 Why showing the worth of the cyber team is tricky but critical for long-term success

3 What organizations can do better in 2025

 1 “So we're seeing just ransomware continuing to be a consistent risk to business operations, financial risk, reputational risk, security risks, operational risks. But alongside that, we're also then seeing the influx of a lot more low-skilled threat actors having now the capabilities to conduct sophisticated operations with the democratization of the dark web.” - Kailyn Johnson

 2 “Showing off the value that these teams have to the people with budget, sometimes might help unlock a bit of that budget. If you're seeing the benefit of those teams, you're more likely to give them the budget that they might need for it, and whether that's internally or sometimes externally, if you've produced really good work, or if you've created all these detections that have helped improve the network security for your organization, how could we maybe publish that, whether it's internally to the stakeholders, or if it's for everyone, so people are seeing, actually, they're doing a really good job.” - Kailyn Johnson

 3 “But sometimes you're so focused on the impact of the regulations that you sometimes then forget, actually the processes that we're doing are working. Then should we just maybe let things play out and see how they're going? I think there's always a bit of a worry of, are we always in compliance? And it's good that we have that worry, but it's also sometimes the case of, just keep doing what you're doing, and you've got your compliance teams to tell you when you're not.” - Kailyn Johnson

• ISF Analyst Insight Podcast

Read the transcript of this episode

Subscribe to the ISF Podcast wherever you listen to podcasts

Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.