Digital defence in 2025: Rethinking cyber security in a hyperconnected world

What if your next data breach doesn’t come from a hacker – but from your own tech stack?

As businesses accelerate their digital transformation journeys, the attack surface is expanding – bringing new opportunities, but also significant risks. As we’ve seen globally, organisations without the right infrastructure in place are highly vulnerable to sophisticated cyber attacks.

Emerging technologies like cloud computing, the Internet of Things (IoT), and generative AI are making digital ecosystems more interconnected—and more exposed. This growing attack surface calls for a proactive, strategic approach to protect data, preserve brand trust, and ensure long-term resilience.

AZK Media’s Managing Director, Azadeh Williams, spoke with Amelia Gowa, leading CISO and NSW State Director at Trustwave, to explore how security leaders can navigate this expanding threat landscape and prepare for the cyber challenges of the future.

The expanding cyber attack surface

The rapid adoption of cloud services, IoT devices, and AI-driven applications has significantly broadened the digital perimeter. 

“This creates new challenges for security teams. However, these same technologies also drive innovation, which can benefit both sides of the cybersecurity equation. That’s why it’s in every organisation’s best interest to stay ahead of the curve,” says Gowa. 

Each new connection point introduces potential vulnerabilities that cybercriminals can exploit. According to the World Economic Forum's Global Cybersecurity Outlook 2025, 66 per cent of organisations expect AI to have the most significant impact on cyber security in the year to come, but only 37 per cent report having processes in place to assess the security of AI tools before deployment.

What does this mean? Organisations need to focus on cyber security as a business imperative in order to combat sophisticated cyber threats – particularly if the threats are AI-driven. 

Emerging threats: AI and shadow IT

Generative AI is not only enhancing operational efficiencies but also empowering cybercriminals to execute more sophisticated attacks. These include advanced phishing schemes and the creation of convincing deepfakes, which can deceive even the most vigilant users.

Simultaneously, the proliferation of shadow IT – unauthorised devices and applications used by employees – further complicates security efforts. 

“As a result, organisations must strengthen their AI governance and develop well-rounded strategies based on best practice to reduce the risk of data breaches and leaks,” says Gowa. 

Without proper oversight, these tools can create unmonitored entry points for cyber threats. 

The role of third-party suppliers and AI governance

As businesses increasingly rely on third-party suppliers and partners, the security of these external entities becomes critical. A breach in a supplier's system can have cascading effects on your organisation's security posture. 

““From a security perspective, a more interconnected ecosystem means a larger attack surface – and with that comes a greater reliance on third-party suppliers, vendors, and partners. This naturally increases an organisation’s overall risk profile,” acknowledges Gowa. 

“Security teams must stay ahead of these evolving threats, but the responsibility doesn’t lie with them alone. Organisations now have a clear mandate – and a vested interest – to build trust across their entire ecosystem. That includes their hardware, software, business operations, and third-party relationships, all of which play a critical role in shaping their security strategies,” she adds. 

Establishing stringent AI governance frameworks and conducting thorough security assessments of third-party vendors are essential steps in protecting sensitive data and maintaining trust.

Without robust strategies in place, a data breach can cause irreversible reputational damage and erode customer trust. Organisations need to develop and implement strategies that not only prevent attacks but also ensure rapid recovery and continuity of operations in the event of a breach.

What's next for CISOs?

The cost of inaction is simply too high.

As we lean into the modern and complex digital landscape, cyber security leaders must remain future-focused. That means embracing emerging technologies responsibly, implementing rigorous security protocols, and fostering a culture of trust and adaptability.

Gowa closes with one final message: “We want organisations to stay ahead of the curve – and that means constantly learning and evolving. As emerging threats and the broader threat landscape continue to shift, organisations must adapt in step. If you don’t evolve with it, you risk being left behind.”

Authored by Jessica Phillips, Senior Social Media and Communications Specialist at AZK Media.