Unlock Cyber Safety: Your 2025 Awareness Guide
▼ Summary
– Cybersecurity Awareness Month highlights the critical need to protect digital environments across work, education, and home settings.
– Machine identities are rapidly expanding due to AI and cloud technologies, creating an ungoverned attack surface that many organizations are unprepared to manage.
– Organizations must shift from managing vulnerabilities in isolation to prioritizing risks based on business impact, asset criticality, and financial exposure.
– Machine identities now vastly outnumber human ones and require equal security measures, including visibility, restricted access, and shortened credential lifespans.
– Integrating privileged access management and business context into security strategies is essential to reduce risk and build meaningful resilience.
October marks Cybersecurity Awareness Month, serving as a crucial annual prompt to strengthen our digital defenses across workplaces, educational settings, and homes. With cyber threats growing more sophisticated, experts emphasize that foundational security practices alone are no longer sufficient for true protection.
Robert Marolda, Director of Enterprise & Public Sector Sales ANZ at CyberArk, points out that enterprise risk has reached unprecedented levels. The rapid expansion of machine identities, fueled by artificial intelligence, cloud services, and automation, is creating an unmanaged attack surface that many organizations are ill-equipped to handle. Disconnected strategies and isolated tools worsen the situation, preventing security teams from clearly seeing and controlling who or what has system access. Too often, companies prioritize operational efficiency over security resilience, even as identity-related breaches climb and critical assets remain vulnerable.
Marolda highlights that roughly one-third of machine identities possess privileged or sensitive access. Something as routine as an expired TLS certificate can trigger significant business disruption. To counter escalating threats, he advises organizations to treat machine identities with the same seriousness as human accounts. Embedding privileged access management into a comprehensive identity security strategy ensures full visibility, lowers risk, and sustains operational performance.
Sam Salehi, Managing Director ANZ at Qualys, observes that while Cybersecurity Awareness Month traditionally reinforces basics like avoiding suspicious links, applying updates, and using strong passwords, these steps are inadequate for 2025. The real organizational challenge lies not in defending the entire attack surface, but in identifying which risks genuinely impact business operations.
Recent studies indicate that although nearly half of organizations have formal cyber risk programs, only a small portion align these initiatives with business goals. This misalignment helps explain why, despite growing security investments, overall risk continues to increase.
Salehi notes that security teams frequently spread their efforts too thinly across thousands of vulnerabilities, addressing each in isolation without weighing business consequences. He advocates shifting the discussion from attack surfaces to risk surfaces, stressing that not every vulnerability carries equal weight. A low-severity flaw in a mission-critical system may pose a far greater danger than a high-severity issue in a non-essential asset.
The path forward, according to Salehi, involves moving from detection to strategic direction. Cybersecurity must transition from an IT responsibility to a core business function, one that quantifies potential losses, models realistic threat scenarios, and prioritizes actions based on asset importance, financial exposure, and business outcomes. To close maturity gaps, security leaders should look beyond traditional metrics like CVSS scores and adopt unified frameworks such as a Risk Operations Center (ROC). By continuously analyzing vulnerability data, asset context, and threat exposure, a ROC supports smarter prioritization and faster, more effective remediation.
His message to Australian and New Zealand organizations is clear: move beyond vulnerability management to true risk management. Integrating business context into every security decision is the only way to build meaningful resilience.
Nigel Tan, APAC SE Director at Delinea, adds that the attack surface is transforming, with machine identities at the center of this shift. From chatbots and APIs to autonomous agents, machines already outnumber human users 46 to 1, yet they frequently receive less security attention. Protecting these identities is now equally as vital as safeguarding human accounts.
The recent Salesloft breach illustrates this risk. Attackers bypassed employee credentials and instead exploited an AI-powered chatbot’s privileged access, infiltrating systems like AWS and Slack. With only 28% of Australian organizations prepared to secure AI, compared to 44% globally, the readiness gap is evident.
Tan urges organizations to use Cybersecurity Awareness Month as a catalyst for action. As machine identities increasingly become attack vectors, start by gaining visibility into their locations and access permissions. Shorten credential lifespans so stolen details become useless quickly, and restrict each identity’s access to the minimum required. Treating machine identities with the same priority as human ones is fundamental to maintaining business resilience.
(Source: ITWire Australia)
