Unlock Cyber Resilience: Security Awareness Month 2025

October marks Cybersecurity Awareness Month, serving as a vital annual reminder for everyone, from corporate leaders to families at home, to strengthen their digital defenses. This dedicated period encourages a collective focus on safeguarding our interconnected world against increasingly sophisticated threats.

David Rajkovic, Regional Vice President A/NZ at Rubrik, observes that while organizations historically fortified digital perimeters, modern attackers frequently bypass these barriers. Identity-based attacks now dominate the threat landscape, with recent studies indicating nearly 80% of cyber incidents over the past year stemmed from compromised credentials. Attackers weaponize legitimate user identities to infiltrate critical systems, making traditional perimeter defenses insufficient.

Adopting zero trust principles offers a robust countermeasure. Strategies like least privilege access ensure individuals only reach data essential for their roles, while just-in-time access grants temporary permissions for specific tasks. Furthermore, AI-driven anomaly detection monitors behavioral patterns, flagging suspicious activities as they occur. Advanced data security platforms now map every identity, human and machine, to the sensitive information they can touch, enabling organizations to visualize potential damage from a breached account before an incident unfolds.

Shain Singh, Principal Security Architect at F5, emphasizes that application security has transcended IT departments to become an enterprise-wide priority. This year’s theme, ‘Building our cyber safe culture,’ underscores that every code commit, integration, and business workflow introduces risk. Cybersecurity is a shared duty spanning developers, executives, and staff. Embedding security into organizational DNA boosts resilience, transforming it from a technical checklist into a cultural norm.

Scott Morris, Managing Director of Infoblox for Australia and New Zealand, points to DNS security’s evolving role. Previously relegated to post-breach analysis, DNS now represents the internet’s entry point. Governments worldwide are integrating DNS security into regulatory frameworks, recognizing its value in protecting national infrastructure. By prioritizing DNS protection, businesses establish a frontline defense against tactics like ‘fast flux,’ where attackers rapidly alter domains to evade detection.

Roz Gregory, Regional Vice President A/NZ at Datadog, calls for a cultural shift where security ownership is distributed across development, operations, and leadership teams. Regulatory mandates like the Security of Critical Infrastructure Act compel organizations to treat compliance as a foundation for national resilience. Integrating observability and security across roles enables proactive management, uniting traditionally siloed teams to preempt breaches and system failures.

Kevin Gritsch, Vice President of Partner Services, APAC at Pax8, highlights the regulatory pressure on small and medium-sized businesses. Despite contributing significantly to GDP, SMBs struggle to meet compliance standards designed for larger enterprises. Managed service providers are increasingly guiding SMBs through security frameworks and audits, helping them align with models like the Essential Eight. Cyber resilience now centers on preparation and recovery, with compliance failures posing existential risks.

Vinayak Sreedhar, Country Head A/NZ at ManageEngine, notes AI’s double-edged impact. While accelerating innovation, AI introduces novel threats like deepfakes and automated attacks. Responsible AI governance must keep pace with adoption, ensuring ethical deployment without sacrificing security. Organizations must establish clear policies and proactive defenses to harness AI’s potential safely.

Rob Dooley, Vice President, Asia Pacific and Japan at Rapid7, warns that AI amplifies both defense and offense. Attackers leverage generative models for hyper-realistic phishing, while defenders use AI to accelerate threat detection. Individual cyber hygiene practices, like verifying requests and enabling multi-factor authentication, remain critical for disrupting attack chains.

Erich Kron, CISO Advisor at KnowBe4, stresses that human factors underpin most breaches. Human Risk Management moves beyond awareness training to build resilient habits. Supporting employees to recognize and respond to threats cultivates a security-first mindset, turning human vigilance into an organizational asset.

Adhil Badat, Managing Director APJ at Rackspace Technology, asserts that cyberattacks are inevitable, making recovery planning non-negotiable. Modern business continuity requires clean, isolated recovery environments to restore operations within hours. Treating resilience as a core discipline transforms it into a competitive advantage, safeguarding operational continuity and customer trust.

Lincoln Goldsmith, Director of Enterprise Channels & Alliances, APAC at Semperis, identifies human error as a primary vulnerability. Attackers exploit distractions, often striking during weekends or holidays. Building cyber-safe habits, like consistent password hygiene and patching, mirrors daily health routines, layering personal vigilance into organizational defense.

Dan McLean, Country Manager, ANZ at Barracuda Networks, cautions against legacy system risks. Outdated technologies harbor unpatched flaws and complicate security management. Proactive system maintenance is fundamental to cyber resilience, preventing exposure to known exploits and reducing administrative overhead.

Ultimately, Cybersecurity Awareness Month reinforces that security is a continuous journey, not a yearly event. Through collaborative effort, technological investment, and cultural commitment, organizations and individuals can navigate the digital landscape with greater confidence and resilience.

(Source: ITWire Australia)