I used to love reading the myriad "state of security" reports from vendors. Many of them are very well written and fun to read and they definitely guide my security program.
However, in recent years it seems like they have increasingly been selling the company line. Not a bad thing, but less fun to read knowing the bent.
The World Economic Forum has been publishing a report for a number of years now and while it is high level it's still useful. It also has the advantages of being aimed at global organizations and at governments as well as corporations. The 2025 report was published January 17, 2025.
A key quote from the paper:
... this year’s report shines a light on the increasing complexity of the cyber landscape, which has profound and far-reaching implications for organizations and nations.
Some highlights for me:
- The report mentions supply chain problems without being alarmist.
- The report highlights complexity of the landscape while emphasizing a strategy of resilience. This aligns well with my personal philosophy.
- The report mentions that AI is being used in social engineering and phishing attack campaigns.
- They are careful to note that AI is double edged and most organizations are struggling to get a handle on their use of AI.
P.S. Please look for a new upcoming series on Security First Principles. I am outlining and writing some posts now to convey my first principles and strategies.
No comments:
Post a Comment