CISO ME Issue 01 | Page 25

f

e

a

t

u

r

e

Quentyn Taylor, Senior Director of Information Security at Canon EMEA:
The answer to this question is simpler than most expect – it’ s compromised credentials.
Whilst there is significant anxiety about AI being weaponised to generate new exploits, in reality, this is quite uncommon. Most of the time, hackers aren’ t breaking down the door; they’ re simply walking in with a set of keys in their hands. These keys are credentials gathered from previous breaches, tested across platforms to see where the same password has been reused.
From compromised credentials and supply chain vulnerabilities to workforce fatigue, quantum threats and unsecured connected devices, organisations face an increasingly complex and unpredictable cybersecurity landscape. We asked five cybersecurity experts to share their views on the most overlooked cybersecurity risk facing organisations today. Their insights highlight a range of emerging and persistent threats that often receive less attention than they deserve, while underscoring why business leaders should be taking a closer look at these risks before they become major security incidents.
A sophisticated software exploit might work 90 % of the time, if it’ s a good one. A password, on the other hand, works 100 % of the time, especially if there is no multi-factor authentication( MFA) or anomalous login telemetry behind it. If you are using single-factor authentication and have reused that password on another website at any point in the past, you are running a significant risk.
Businesses should also know that not all MFA is equal. SMS-based codes can be intercepted through SIM-swapping, and users can be socially engineered into surrendering codes in real time. For anything of real value, hardware tokens and passkeys are still the most robust options.
This is a solvable problem.
Moving beyond outdated practices like forced password updates, which often result in weaker options, and implementing robust MFA, passkeys and hardware tokens instead give businesses of any size a clear and actionable path to reducing their exposure.
Daz Preuss, Chief Operating Officer( UK) at CybExer:
The most overlooked cybersecurity risk facing organisations today is human fatigue and psychological pressure within the workforce, particularly among security and IT teams.
While boardrooms fixate on threat intelligence, zero-days and compliance frameworks, they consistently underestimate the human layer. Security professionals operate under relentless
Businesses should also know that not all MFA is equal.
WWW. INTELLIGENTCISO. COM / MIDDLE-EAST 25