Kelly Gill, pictured, SVP and Chief Technology Officer at ASSA ABLOY Opening Solutions EMEIA, discusses the evolving threats posed by cyber criminals – and what the security industry can do to protect itself.
Cybersecurity has never been more critical. Not only must businesses contend with the usual challenges from phishing and malware, but the rapid growth of artificial intelligence (AI) has introduced a new and unpredictable dimension to keeping out online criminals.
It is no surprise, then, that NIS2 has recently been introduced, the Cyber Resilience Act (CRA) is coming in September, and an AI Act is set to follow in 2027. But what exactly are the risks facing our industry, what should companies be doing to mitigate them – and above all, how can you ensure your business stays safe?
Unprecedented challenges
The newest and therefore most unpredictable challenge comes from AI. For example, there are now autonomous AI threat chains that can discover and exploit vulnerabilities unilaterally, moving from reconnaissance to exfiltration in record time without any need for human oversight. Then there is the significant risk of falling for AI-driven impersonation and deepfake attacks, including realistic voice or video cloning. These can easily trick unwitting victims and are becoming more sophisticated with every month that passes.
The danger posed by cyber criminals has also become more complex due to the growing interconnectivity of digital products and services. In many ways, a world where all hardware and software are interconnected is an efficient and convenient one. But it is also one where, if bad actors gain access to a single element, they may be able to compromise the whole network.
The consequences of a breach
The risks that businesses face if they are not adequately protected against cyber-attacks are hard to overstate. Should criminals gain unauthorized access to your online systems, this can lead to a loss of intellectual property, customer data, or trade secrets – all with major consequences for any business.
Even if the worst is avoided, you will still experience the disruption of downtime and loss of productivity as you work to address the problem. And if customers and partners are made aware of the breach, they may lose trust in your organization – impacting stakeholder relationships and future business opportunities. While industry standards such as ISO 27001 are voluntary, failure to meet regulatory requirements such as GDPR can result in fines and legal action.
What companies can do
Thankfully – in line with new regulations such as NIS2 and the CRA – there is much that companies can do to protect themselves from cyber-attacks, ensuring they protect information assets and keep the trust of their customers. A key step is proactive vulnerability management. This involves continuously identifying and addressing weaknesses in both internal systems and third-party components.
It is also crucial to establish a process to flag and assess credible active threats. For example, if a vulnerability is actively exploited, it should be reported to authorities in line with applicable regulatory timelines and as part of responsible disclosure. A final report should then be generated once corrective measures have been identified. Companies should develop corrective measures promptly when vulnerabilities are discovered, ensuring third-party components are regularly reviewed and updated to address any vulnerabilities.
Working group
Whilst we continue to support and guide our customers through this changing and uncertain landscape, we are also taking various actions to meet the requirements of the CRA and NIS2 regulations.
We have teams working closely with regulatory and compliance specialists, supported by a cross-functional Cyber Resilience Act (CRA) working group. This internal network of cybersecurity and product security experts analyze evolving EU regulations and help ensure requirements specified in NIS2, the Cyber Resilience Act, and future digital regulations are understood and addressed consistently and practically across the organization.
We are supporting our customers through targeted education and guidance. This includes expert articles and a recent white paper that translate the complex requirements of NIS2 and other regulations into clear, actionable steps. We also share insights through workshops and events, helping our customers understand how the regulations apply to their specific operations – from digital systems to physical access.
The challenge posed by cyber criminals has never been greater, but there are clear steps that companies can take in line with the latest regulations. In this way, we can protect our customers from online bad actors – and ultimately help people feel safe and secure as they experience a more open world.
