Cyber Security Awareness Month 2025: Addressing Legacy Technology and Emerging Threats
As we approach Cyber Security Awareness Month 2025, the Australian Government emphasizes the critical issue of relying on legacy technology. This concern isn’t limited to technologies that have been in use for years; it applies to any system that hasn’t been updated to address modern security threats. Given the rapid pace of technological advancement, the opportunity to refresh and maintain systems is diminishing quickly.
The Risks of Outdated Technology
Older systems that remain unpatched are vulnerable to known security flaws. These technologies often don’t integrate well with newer security tools, posing a substantial risk to organizations. Moreover, when vendors discontinue support, businesses might find themselves without updates or assistance, making them prime targets for cybercriminals.
A staggering statistic shows that approximately 70% of IT teams dedicate more than six hours each week solely to security patching. The complexity of managing outdated systems typically increases the likelihood of human errors or misconfigurations, which can easily jeopardize sensitive data.
Proactive Cyber Security Culture
Keeping systems up to date isn’t just about efficiency; it’s a matter of safety. Fostering a culture of cyber awareness means recognizing that security involves more than merely reacting to threats. It’s about proactively fortifying the foundations of our digital spaces.
Insights from Industry Leaders
Robert Marolda, CyberArk
Robert Marolda, Director of Enterprise & Public Sector Sales for ANZ at CyberArk, points out the heightened enterprise risk due to the surge in machine identities—thanks to trends in AI, cloud computing, and automation. Many organizations are unprepared for this ungoverned identity attack surface, primarily due to fragmented strategies and siloed tools. Businesses need to prioritize resilience without compromising efficiency since identity-related breaches continue to rise.
With one-third of machine identities bearing privileged access, issues such as an expired TLS certificate can lead to significant disruptions. Organizations are urged to embed privileged access management into a cohesive identity security strategy to enhance visibility, mitigate risks, and maintain operational effectiveness.
Stuart Low, Biza.io
Stuart Low, CEO and Founder of Biza.io, stresses the importance of reviewing existing infrastructure to enhance data privacy and security. A common misconception is that a robust cyber security framework requires starting from scratch, leading to delays in adopting sufficient cyber strategies. The Consumer Data Right (CDR) serves as an example of an established system that can help businesses manage and analyze data more securely while minimizing data collection, thereby reducing potential risks.
James Greenwood, Tanium
James Greenwood, VP of Customer Success and Solutions Engineering for APAC at Tanium, highlights the necessity for businesses to cultivate a “cyber safe culture.” This involves developing an ongoing approach to cybersecurity and recognizing both the strengths and weaknesses of technology and human resources. Mental health and burnout within cybersecurity teams can lead to costly mistakes. Therefore, combining automated technology with real-time data, along with a strong human workforce, is crucial for countering evolving cyber threats.
Reassessing Cyber Security Strategies
Sam Salehi, Qualys
Sam Salehi, Managing Director ANZ at Qualys, emphasizes that basic cyber hygiene—like avoiding suspicious links and updating software—is no longer sufficient. The challenge now lies in understanding which risks truly matter to businesses. Research indicates that while nearly half of organizations have formal cyber risk programs, only a fraction align these with their business objectives, resulting in an overall increase in risk levels.
A shift in focus from attack surfaces to risk surfaces is crucial. Not all vulnerabilities carry equal weight; a minor issue on a critical system could pose a greater threat than a severe issue on a less important asset. The future lies in evolving cybersecurity from a mere IT function to a business function that quantifies potential losses and prioritizes tactical decisions based on various business outcomes.
Hayley Fisher, Adyen
Hayley Fisher, ANZ Country Manager at Adyen, warns that treating cyber security as an IT-only concern is a mistake. Many small-to-medium enterprises (SMEs) overlook vulnerabilities in payment systems, leading to increased exposure. Data indicates that over half of SMEs rely on multiple SaaS platforms for payment reconciliation, creating unnecessary complexities. By integrating SaaS platforms that emphasize strong risk management and automation, SMEs can significantly reduce vulnerabilities and redirect focus toward growth.
Understanding Human Risk
Erich Kron, KnowBe4
Erich Kron, CISO Advisor at KnowBe4, advocates for a focus on human behavior in cyber security. With 70 to 90% of breaches involving human error, understanding how employees think and act is vital. Human Risk Management (HRM) should not merely be about regulatory compliance but rather about building a supportive culture that encourages positive decision-making about security threats.
Embracing Cyber Resilience
Adhil Badat, Rackspace Technology
Adhil Badat, Managing Director APJ at Rackspace Technology, highlights the inevitability of cyber-attacks and the necessity for businesses to adapt. Traditional disaster recovery methods have become outdated, as the impact of downtime can be swift and costly. Cyber readiness must include identifying mission-critical workloads and constantly assessing readiness to ensure rapid recovery in a secure environment.
Nigel Tan, Delinea
Nigel Tan, APAC SE Director at Delinea, points to the crucial role of machine identities in modern security strategies. With the number of machine identities surpassing human ones significantly, securing them is more vital than ever. Recent breaches demonstrate the risks of not protecting these identities adequately, underscoring the need for organizations to enhance their defenses against increasingly sophisticated cyber threats.
Rethinking Security Approaches
David Rajkovic, Rubrik
David Rajkovic, Regional VP A/NZ at Rubrik, encourages organizations to reevaluate their security strategies as cyber threats evolve. Identity-based attacks, which account for a significant percentage of breaches, necessitate a shift towards zero trust principles. By adopting methods such as least privilege access policies and just-in-time access, organizations can better protect critical systems from unauthorized access.
Collaborative Security Culture
Shain Singh, F5
Shain Singh, Principal Security Architect at F5, stresses that application security should be a shared concern across all business functions. Every aspect of software development and deployment carries risks. This Cyber Security Awareness Month serves as a reminder that fostering security must be everyone’s responsibility, with collaboration and resilience at the forefront.
Conclusion
As Cyber Security Awareness Month unfolds, it’s a pivotal time for organizations to address enduring cyber vulnerabilities actively. By reinforcing security frameworks, cultivating a proactive cyber culture, and placing as much emphasis on machine identities as on human ones, businesses can enhance their defenses against emerging threats in the digital landscape.
