Grant Bourzikas, CSO at Cloudflare, has said that vendor lock-in is a crutch that organisations need to remove in order to eliminate their chances of being compromised by threat actors. In an exclusive op-ed for tahawultech.com, Bourzikas has called for enterprises to start their ‘security transformation’ now.
Vendor lock-in is a crutch that will lead to increasing breaches in 2025 – organisations must start their security transformation journeys.
The deeply rooted foothold that vendors have in organisations’ environments has become one of the main drivers of complexity. The bottom line is that complexity creates chaos, and chaos distracts from the real priorities when it comes to securing an organisation.
Being held hostage by a vendor, to a point where moving off of them seems impossible, is the moment they begin to help shift the balance of power back in favour of threat actors. The hyper-focus on “digital transformation” over the past few years – implementing a myriad of new tools and vendors across the organization to rapidly innovate – has left security in the dark.
In 2025, we will feel the full weight of having fallen victim to the cycle: shiny new tools, Wall Street’s buy-in, rush to implement, repeat. We must now shift focus to “security transformation,” and begin to remove the tools and vendors that are causing complexity vs. furthering innovation.
In 2025, disinformation will transcend the Internet and social media, and move to poison and taint AI models.
Information sharing exists at an order of magnitude faster, and more efficient than ever before. And in the world of AI, data is the only currency and organisations that have the most will win – but quantity doesn’t always equal quality. AI on its own will not solve the world’s most critical problems.
The successful implementation and use of AI depends on data. But as disinformation continues to plague society, it will begin to trickle into AI models that are critical to making decisions – e.g., calculating goods needed to restock grocery store shelves, diagnosing sick patients or analyzing market trends to share financial risks with bankers.
Broad brush cyber regulations legislated with good intent will have a reverse effect in 2025 – creating complexity and having no real impact on stopping attacks.
In the past few years we have witnessed a cadence of record shattering, significant breaches that have drawn the eye of regulators. But while their attempts to raise the security resiliency of organizations are aimed to be helpful, they are often knee jerk reactions that require unrealistic efforts.
This is a complete misstep, with much of today’s regulatory efforts ineffective and not focused on the most critical aspects of security controls. Regulators still fail to recognize what will make the biggest difference in moving the needle towards immutable infrastructure.
In 5-10 years there will only be two types of companies: Those that leveraged AI to innovate, and those that no longer exist.
With this harsh reality, CISOs must figure out how to be an enabler of AI, not a blocker. But with AI still in its infancy, very few have a strong understanding of the technology or the risks it may present… leading to extremely low levels of confidence that their organization is well-prepared.
The lack of understanding around AI, is ultimately giving threat actors a leg up.
