What are the main emerging risks you are including within watchlists for 2024-2025?

Governance, Risk & ComplianceRisk Management
842 viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
CISO| Legal & Regulatory APAC lead in Media9 months ago

Supply chain security is essential for modern business operations, ensuring the safe and efficient delivery of products and services from the initial supplier evaluation and onboarding to the end of the contract. It is crucial to identify and establish accountability with suppliers right from the contract stage. Especially when countries around the world maturity their Cybersecurity regulations and laws

Director of IT9 months ago

Cyber Security, Cyber Risk, Sustainability/ESG, Responsible AI.

CIO9 months ago

The key risks with the most visibility (for good reason) are probably cybersecurity, responsible and effective AI, and overall regulatory compliance (e.g., privacy laws). There is enough literature to speak to those.

However, I would also add vendor consolidation risks as a trend to monitor. Examples of impacts include increased licensing costs, changes to product roadmaps, service stability and customer relationship dynamics. These changes are often very disruptive and can result in unplanned pressures to operating expenses or costly migration initiatives. The most high profile recent example is Broadcom acquisition of VMWare, although there are many others.
 

It isn’t all negative as there are also opportunities within this environment of landscape consolidation. Either through acquisition, extension of their product verticals or both, many vendors are offering platforms or suites of products. There should be continual scan of the market to identify areas of overlaps and potential rationalization opportunities that would drive lower licensing costs, simplify operating environment resulting in improved efficiency.

Lightbulb on1 circle icon1 Reply
no title9 months ago

Vendor consolidation is something that I have seen myself but did not actually consider that it is a risk! This is great thanks! Going straight into the register 😛

CTO in Media10 months ago

Social engineering attacks taking advantage of AI.
Voice cloning, realtime voice/video cloning.

Take the current simple "CEO needs gift cards" spam SMS or email, but add a live video call aspect.

Social engineering has been the easiest way to gain access or breach security processes and these tools can open up any company to massive losses.

Few employees would deny a request straight from the CXO if they had them on a video call and the face/voice matches.

Content you might like

When do you think we'll see more standards introduced for code signing?

Within the next 6 months32%

Within the next 7-12 months49%

Within the next 1-2 years17%

I have no idea1%

View Results

Post-pandemic, will your team be working fully remote, in-person, or hybrid?

Remote26%

In-person27%

Hybrid46%

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

I wanted a point of view on migration from on-prem AD and SCCM to AAD and Intune. Would be great to have a perspective on, - Is there a real need since SCCM is still undersupport from Microsoft? - I understand that we can get rid of onprim AD Infrastructure and move on SaaS, but any other benefits we get by doing this?