How are businesses preparing for the evolving threats and challenges in the world of cybersecurity? In today's episode of Tech Talks Daily, I'm joined by Dominik Samociuk, Head of Security at Future Processing, a technology consultancy and software delivery partner with over two decades of experience.
Together, we explore the current state of cybersecurity and dive into predictions for 2025, focusing on emerging threats, regulatory changes, and the critical importance of cyber resilience.
Dominik shares insights into the rise of AI-driven attacks, including deepfakes and automated phishing campaigns, which are increasing in sophistication and volume. These threats are forcing organizations to rethink their strategies, moving beyond prevention to comprehensive approaches that include detection, response, and recovery. We also discuss how businesses can strengthen their defenses through zero-trust architecture, third-party risk management, and enhanced employee training—especially as the human factor remains one of the most vulnerable aspects of cybersecurity.
Regulatory changes, such as the NIS2 Directive, DORA, and the upcoming Cyber Resilience Act, are also driving a shift in how organizations approach security. Dominik explains how businesses can align with these evolving requirements by conducting regular gap analyses, automating compliance processes, and leveraging frameworks like ISO 27001 and NIST.
Data privacy in the era of AI is another key focus of our discussion. Dominik outlines the steps businesses must take to classify and protect sensitive data, ensure transparency with stakeholders, and build robust incident response plans. Additionally, we delve into the importance of embedding security practices throughout the development lifecycle and the role of open-source intelligence in identifying vulnerabilities and emerging threats.
Whether you're looking to stay ahead of cyber threats or understand how regulatory changes will impact your organization, this episode provides actionable insights to navigate the complexities of modern cybersecurity. How is your business preparing for the future of cyber resilience? Join the conversation and share your thoughts!
[00:00:01] What will cybersecurity look like in 2025? With digital threats growing in sophistication from deepfake-enabled attacks to AI-driven phishing campaigns, organisations will once again be challenged with staying ahead in an ever-evolving landscape.
[00:00:20] So my guest today is going to join me in looking at critical topics like the rise of AI-driven threats, lessons learned from recent high-profile breaches, and how businesses can adapt to complex regulations like Cyber Resilience Act and the NIST-2 Directive.
[00:00:38] So are your cybersecurity strategies ready for the challenges of 2025?
[00:00:44] Well, it's time for me to introduce you to today's guest. Enough spoilers from me. It's time for us to uncover the tools, the frameworks, the mindsets needed to navigate the road ahead.
[00:00:55] So a massive warm welcome to the show. Can you tell everyone listening a little about who you are and what you do?
[00:01:02] I'm Dominik Samociuq and actually I'm cybersecurity head in future processing. I'm combining my corporate role also with being an assistant professor in Silesia University of Technology in Gliwice in Poland.
[00:01:19] And my corporate role involves two variants due to the fact that I'm responsible for our internal cybersecurity team, making sure that our customer data in future processing are safe and secure.
[00:01:34] And also we are developing the tailored security solution for our customers, starting with the consulting opportunities, ensuring compliance with evolving regulation and simply helping organization build robust defenses against emerging cyber threats.
[00:01:53] And I'm curious, as someone who is responsible for internal cybersecurity teams, we hear a lot about AI threats, deepfakes and so much other things.
[00:02:03] But what are the most pressing cybersecurity threats that you're seeing on the front line here?
[00:02:09] What is emerging in today's digital landscapes, whether that be the rise of deepfakes or AI-driven attacks or something completely different?
[00:02:16] What are you actually seeing out there at the moment?
[00:02:18] Yeah, I would say that the rise of deepfakes and AI-driven attacks has introduced a new level of sophistication to cyber threats that we already knew.
[00:02:29] Deepfakes can be weaponized for social engineering, phishing.
[00:02:34] Also, we see spreading misinformation or actually manipulating decision makers.
[00:02:40] Also, for the well-known threats such as normal phishing or spam campaigns, the deepfakes and AI-driven attacks are used.
[00:02:52] AI can automate phishing campaigns.
[00:02:54] And we also see that there is a lot more of it.
[00:02:57] Even on the global landscape, I would say, for example, in February this year, Poland was the most attacked country in statistics in cybersecurity landscape.
[00:03:09] And why is that? Is that because of the global conflict around the world at the moment?
[00:03:14] Are you being so close to that or is it something else?
[00:03:16] Yeah, I would say that geopolitics, but also Poland as an emerging country, is a valuable target for attackers.
[00:03:26] And of course, we are at the magical time of year where we begin to reflect on the lessons we've learned this year and also what we do differently next year.
[00:03:35] So as we approach 2025, what would you say are the key lessons that we could learn from 2024?
[00:03:41] And how can businesses apply to some of those lessons and improve their cybersecurity strategies for the future?
[00:03:48] Anything that you're telling your teams there?
[00:03:51] Yes, I would say that 2024 is and will be in a few weeks.
[00:03:58] The fantastic year.
[00:03:59] Really, it has taught us that cybersecurity is not just a technical issue treated by some of the corporate landscape,
[00:04:08] but we should tackle the cybersecurity from the strategic point of view.
[00:04:13] I would say that the increasing frequency of supply chain attacks that we are observing highlighted that the need for the end-to-end visibility for cybersecurity,
[00:04:23] not only pointy perspective.
[00:04:28] I would say that businesses should focus on tricky areas.
[00:04:32] First of all, strengthening the third-party risk management.
[00:04:36] We have seen quite a few security problems, stating very mildly, with utilizing third-party software with some kind of vulnerability.
[00:04:49] Also, I would say that another area businesses should focus on would be adopting a zero-trust architecture
[00:04:55] and also, of course, investing in employee awareness training.
[00:05:00] I would say still the human factor is the easiest-to-broke factor in cybersecurity.
[00:05:08] And another big trend we've seen this year is the evolving regulations out there from DORA to NISTU and the CRA,
[00:05:17] all continuously reshaping cybersecurity requirements.
[00:05:20] It's going to be incredibly daunting and complex just trying to keep up with them all.
[00:05:24] But how should businesses better adapt to ensure compliance while also maintaining the operational efficiency that they need?
[00:05:33] Yeah, I would say that businesses should adopt a proactive approach to compliance
[00:05:39] by actually integrating regulatory requirements into their broader risk management strategies.
[00:05:46] From my perspective, conducting regular gap analysis, automating compliance tracking,
[00:05:54] embedding cybersecurity into business processes can definitely reduce the operational burden.
[00:06:02] Of course, partnering with compliance experts due to the fact that we have still the gap in the amount of available cybersecurity engineers
[00:06:13] would be beneficial and also leverage well-known frameworks like the ISO 27001,
[00:06:21] like NIST, like SOC 2, can also help align security measures with those regulations effectively.
[00:06:28] And there's a lot of hype around AI this year, predictably.
[00:06:32] But one of the big challenges that seems to have come out of this is data privacy.
[00:06:37] That data that we're using to power AI, do you have it in the public cloud?
[00:06:42] Probably not.
[00:06:43] Do you have it in the private cloud?
[00:06:44] Yes, but do you have it in the private cloud?
[00:06:45] On-prem or off-prem?
[00:06:48] There's so many big questions around that.
[00:06:49] So as data privacy continues to be a significant challenge for organizations,
[00:06:54] especially with AI implementations as well,
[00:06:56] what best practices do you recommend for businesses to manage
[00:07:00] and protect that sensitive information effectively?
[00:07:02] It feels like such a bigger argument now with AI in the room.
[00:07:08] Yes, and I will start with that it will be a common theme in cybersecurity.
[00:07:15] First of all, we need to know what we want to secure.
[00:07:18] So first of all, I would start with data classification.
[00:07:23] So we know what type of data we actually have,
[00:07:27] what we need to focus on, what should be the first priority.
[00:07:31] Of course, enforcing the strong encryption practices,
[00:07:35] implementing access control policies based on the principle of least privilege,
[00:07:42] doing the regular audits.
[00:07:45] Once again, training of the employees, training of the staff on data handling.
[00:07:50] And of course, investment in incident response capabilities.
[00:07:55] I would say every of those are equally critical.
[00:08:01] Importantly, I would say that business must maintain transparency with stakeholders
[00:08:06] about how the data is collected, how the data is stored,
[00:08:10] how the data is used to build trust and meet regulatory expectation.
[00:08:15] Due to the fact that we need data to utilize the emerging technologies,
[00:08:21] such as AI, generative AI,
[00:08:23] data privacy is a critical challenge for organization nowadays.
[00:08:31] But once again, I would start with knowing what we actually need to protect,
[00:08:36] what will be the priorities,
[00:08:37] and then follow up with this equally critical aspects,
[00:08:43] audits, training, handling, investment in incident response.
[00:08:48] And the other big word of 2024 is resilience.
[00:08:52] And the concept of cyber resilience in particular continues to gain traction.
[00:08:57] So how can businesses move beyond those traditional cyber security measures
[00:09:01] to build a more proactive rather than reactive approach
[00:09:05] so they can be resilient and adaptive with their security posture?
[00:09:09] Yeah, you are touching a great point due to the fact that most of the businesses
[00:09:14] are actually thinking about only a prevention part of cyber resilience.
[00:09:20] Still, we need to also focus on detection, response and recovery.
[00:09:26] You know, there is a well-known quote from cybersecurity world
[00:09:31] that there is only two types of people,
[00:09:34] the one that are doing backups
[00:09:35] and the one that will be doing backups.
[00:09:38] I couldn't agree more with the situation.
[00:09:42] Businesses should implement robust incident response plans.
[00:09:46] There is not the question if, but rather when they will be using those.
[00:09:52] Ensure some system redundancy
[00:09:54] and cost is continuously stress test their security frameworks.
[00:09:59] I'd say that cyber resilience also requires fostering a culture of awareness
[00:10:04] and adaptability where teams are trained to respond effectively
[00:10:09] to dynamic threats and disruptions.
[00:10:12] I love that quote you use there.
[00:10:15] The belts and braces of cybersecurity.
[00:10:16] Those who are doing backups are those who will be doing backups.
[00:10:20] Such a great point.
[00:10:21] And penetration testing and secure development lifecycle or SDL
[00:10:26] are also vital components of a robust security strategy.
[00:10:30] So any advice on how organizations could maybe integrate some of these practices
[00:10:34] more effectively into their development processes?
[00:10:38] I know it can be difficult with just trying to keep the lights on
[00:10:41] and keep up with the business as usual processes,
[00:10:45] but any advice around this?
[00:10:46] Yeah.
[00:10:48] In our business team related to security,
[00:10:50] we are using the quote, another quote,
[00:10:54] that the security is not a one-time action.
[00:10:57] It is a process.
[00:10:59] And we need to keep this in mind.
[00:11:02] So to integrate penetration testing
[00:11:04] and security development lifecycle effectively,
[00:11:08] organizations need to threat security as a continuous process
[00:11:11] rather than a one-time activity.
[00:11:13] This includes various practices,
[00:11:17] conducting regular security assessment
[00:11:19] during the development lifecycle.
[00:11:21] From my perspective, we should start as soon as possible.
[00:11:25] Even when there is not architecture,
[00:11:28] even if this is only an idea,
[00:11:30] we need to think about the cybersecurity risks
[00:11:35] related to the product that we want to develop.
[00:11:39] And also we cannot threat security as we will do penetration testing
[00:11:44] before going live and it will be okay.
[00:11:47] Maybe it will if we have a very secure aware development team.
[00:11:52] But in most of the cases,
[00:11:54] we found out a lot of vulnerability that needs to be fixed.
[00:11:58] If we utilized the secure development lifecycle,
[00:12:03] probably those vulnerabilities won't be even introduced
[00:12:07] into the software.
[00:12:07] So embedding the automated security testing tools
[00:12:12] into CICD pipelines,
[00:12:15] fostering collaboration between development and security teams,
[00:12:18] I would say would be crucial to effectively
[00:12:22] introduce penetration testing
[00:12:25] and other practices
[00:12:26] inside the software development lifecycle
[00:12:29] with this security in mind.
[00:12:32] Also, emphasizing security education for developers
[00:12:37] ensures that they are simply equipped
[00:12:39] to write secure codes from the start.
[00:12:42] And another topic I wanted to shine a light on today
[00:12:45] is the fact that open source intelligence activities
[00:12:48] play an increasing role in threat detection
[00:12:51] and prevention right now.
[00:12:53] So what are the kind of opportunities and challenges
[00:12:55] that you're seeing in leveraging this
[00:12:57] for that more proactive cybersecurity approach
[00:13:00] we've been talking about today?
[00:13:01] Yeah.
[00:13:02] Yeah.
[00:13:02] Austin is actually my favorite
[00:13:04] due to the fact that it is totally free.
[00:13:06] It offers the immense opportunities in threat detection
[00:13:10] by providing insight into potential vulnerabilities,
[00:13:14] data leaks, emerging threats.
[00:13:16] However, of course, it comes with challenges,
[00:13:20] challenges known from other perspectives,
[00:13:22] but also viable in cybersecurity,
[00:13:24] such as data overload,
[00:13:26] ensuring the source reliability.
[00:13:30] And also with the OSINT,
[00:13:32] I stated that it's free,
[00:13:34] but there is ethical and legal consideration
[00:13:37] that needs to be taken into account.
[00:13:40] To maximize its benefits,
[00:13:43] I would say that organizations should invest
[00:13:45] in skillet analysts,
[00:13:47] use automated tools to filter data,
[00:13:49] and also try to align
[00:13:52] the open source intelligence activities
[00:13:54] with their broader security objectives overall.
[00:13:57] So as we collectively look ahead
[00:14:00] to the opportunities and challenges of a new year,
[00:14:03] and equally as SecOps is evolving too,
[00:14:06] any trends or innovations that you see
[00:14:09] shaping the future of security operations?
[00:14:11] And how can businesses maybe stay ahead
[00:14:14] in this rapidly changing environment?
[00:14:16] Any tips here for the new year?
[00:14:17] Yeah, you ask about the innovation,
[00:14:20] and it won't be new,
[00:14:22] but it is still innovation,
[00:14:24] definitely use of AI and machine learning.
[00:14:26] In the case of SecOps,
[00:14:29] it will be for threat detection,
[00:14:32] maybe greater emphasis on automation
[00:14:34] to reduce response times,
[00:14:37] and also the shift towards XDR solution,
[00:14:41] so extended detection and response.
[00:14:43] I would say that those would be
[00:14:45] the trends and innovation
[00:14:46] that we are actually observing in 2024,
[00:14:50] but it will be evolving.
[00:14:53] It will be,
[00:14:54] maybe the adoption of the tool
[00:14:55] will be greater and greater
[00:14:57] in the following years.
[00:14:59] Various perspectives,
[00:15:00] the maturity of the business,
[00:15:02] not treating the cybersecurity
[00:15:04] as the second priority to functionality.
[00:15:08] I would say that it is common hand in hand
[00:15:11] with the overall solution,
[00:15:13] working solution,
[00:15:14] like the performance, usability, etc.
[00:15:17] Also, the regulation helps,
[00:15:20] I would say,
[00:15:20] but it is helping us
[00:15:22] as we are providing the services,
[00:15:25] but it is also helping to making sure
[00:15:27] that the end customer of the solution
[00:15:30] will have trust for the organization.
[00:15:33] Let's take into account
[00:15:34] the NIST directive.
[00:15:37] All companies that are under those umbrella
[00:15:42] of NIST directive
[00:15:44] is simply starting focusing
[00:15:46] on their cybersecurity perspective
[00:15:50] from the organizational point of view.
[00:15:52] In few months,
[00:15:54] we will have Cyber Resilience Act,
[00:15:56] which will be following
[00:15:57] on the product security.
[00:16:00] So, yeah,
[00:16:02] using the SecOps with AI,
[00:16:04] with XDR solution for the organization,
[00:16:07] with automation for development
[00:16:10] of the cybersecurity policies,
[00:16:13] cybersecurity strategies inside the product,
[00:16:16] I would say this will be the trend
[00:16:19] for the following months.
[00:16:21] And in our conversation today,
[00:16:23] we've been talking about
[00:16:24] how future processing,
[00:16:25] your customers and business leaders
[00:16:28] listening to this podcast
[00:16:29] can all stay ahead
[00:16:30] in this rapidly changing environment.
[00:16:32] But as people listening
[00:16:34] look up to you for guidance,
[00:16:35] the question I'd love to ask you is,
[00:16:37] where or how do you self-educate?
[00:16:39] Because I suspect
[00:16:40] everybody listening
[00:16:41] feels that pressure
[00:16:42] to be in a state
[00:16:44] of continuous learning.
[00:16:45] But how do you get around this?
[00:16:47] How do you keep up to speed
[00:16:48] with those changes?
[00:16:50] Okay, so I would say
[00:16:51] that there is quite a few
[00:16:52] perspectives on those.
[00:16:54] I'll start with peer learning.
[00:16:57] From my perspective,
[00:16:59] peer learning is invaluable.
[00:17:02] Networking with industry professionals
[00:17:05] and engaging in discussion,
[00:17:07] whether through forums,
[00:17:09] one-on-ones, webinars,
[00:17:11] conferences, workshops,
[00:17:12] all of those offers
[00:17:15] some diverse perspective.
[00:17:17] I would also state
[00:17:18] that cybersecurity
[00:17:20] is not anymore,
[00:17:22] I would say,
[00:17:23] a vertical
[00:17:23] in overall landscape
[00:17:28] in corporate world.
[00:17:30] Cybersecurity is connected
[00:17:31] with the finances,
[00:17:33] with marketing,
[00:17:34] with PR,
[00:17:35] and they are interconnecting
[00:17:37] when doing the processes
[00:17:40] for the corporate world.
[00:17:42] So peer learning,
[00:17:44] not only with the
[00:17:45] cybersecurity specialist,
[00:17:47] is crucial.
[00:17:49] For me also,
[00:17:50] self-education
[00:17:51] is utilizing the,
[00:17:54] once again,
[00:17:55] professional webinars,
[00:17:56] conferences,
[00:17:57] workshops,
[00:17:58] which provide
[00:17:59] some kind of insights
[00:18:00] into the emerging threats,
[00:18:02] the best practices,
[00:18:03] utilizing podcasts.
[00:18:05] Probably I won't be
[00:18:06] listening to myself.
[00:18:07] It will be cringe.
[00:18:08] But, yeah,
[00:18:12] utilizing this form
[00:18:13] is getting the extensive
[00:18:16] visibility currently.
[00:18:18] Of course,
[00:18:19] reading white papers,
[00:18:21] industry blogs,
[00:18:22] research journals.
[00:18:23] Due to my second career
[00:18:25] as assistant professor,
[00:18:27] I still reading
[00:18:28] the research journals.
[00:18:30] Still,
[00:18:30] you can get
[00:18:31] the invaluable
[00:18:32] perspective
[00:18:33] for cybersecurity
[00:18:35] and stay informed
[00:18:37] about technical advancement
[00:18:38] and regulatory changes.
[00:18:41] Lastly,
[00:18:42] I would say
[00:18:43] that hands-on learning
[00:18:45] is also critical.
[00:18:47] So,
[00:18:48] experimenting
[00:18:48] with new tools,
[00:18:50] testing scenarios
[00:18:51] in lab environments,
[00:18:53] and occasionally
[00:18:54] participating
[00:18:55] in capture the flag events
[00:18:57] to simply sharpen
[00:18:58] the technical skills
[00:19:00] is the last part.
[00:19:01] from my perspective,
[00:19:03] I'm trying to
[00:19:04] strike a balance
[00:19:05] between the theory,
[00:19:06] practice,
[00:19:07] and collaboration.
[00:19:08] And I will focus
[00:19:09] on collaboration a lot.
[00:19:11] Fantastic advice.
[00:19:12] And the perfect
[00:19:13] scene setter
[00:19:14] for business
[00:19:15] cyber resilience
[00:19:16] in 2025.
[00:19:18] And for anybody listening
[00:19:19] wanting to carry on
[00:19:20] this conversation
[00:19:21] with you
[00:19:22] or find out more
[00:19:22] about future processing,
[00:19:24] where would you like
[00:19:25] to point everyone listening
[00:19:26] if they just want to
[00:19:27] carry on this conversation?
[00:19:28] I finished with
[00:19:29] collaboration,
[00:19:30] so it's easy
[00:19:31] to find me
[00:19:32] on LinkedIn.
[00:19:32] Probably there is
[00:19:34] only one Dominik Samociuk
[00:19:35] on LinkedIn.
[00:19:37] Also,
[00:19:38] you can find
[00:19:39] use cases,
[00:19:40] white papers,
[00:19:41] our offering
[00:19:42] in our website
[00:19:44] futureprocessing.com.
[00:19:47] I'm here
[00:19:48] to also discuss
[00:19:49] with you
[00:19:51] in various topics,
[00:19:52] as I said,
[00:19:52] not only cyber security,
[00:19:54] definitely
[00:19:55] the peer learning
[00:19:56] in both ways
[00:19:58] would be fantastic.
[00:20:00] Well,
[00:20:00] I'll add links
[00:20:01] to everything
[00:20:01] so people can find
[00:20:02] you nice and easy.
[00:20:03] And we covered
[00:20:04] so much today
[00:20:05] from deep threat,
[00:20:06] deep threats,
[00:20:07] deep fakes,
[00:20:08] AI related dangers,
[00:20:09] not to mention
[00:20:10] adapting to the
[00:20:11] evolving regulations
[00:20:12] and some of those
[00:20:13] data privacy challenges
[00:20:14] that I suspect
[00:20:15] we're going to hear
[00:20:16] much more about
[00:20:17] in 2025.
[00:20:18] And you did give us
[00:20:19] a few cyber security
[00:20:20] things to look out
[00:20:21] for next year too.
[00:20:22] So thank you so much
[00:20:23] for taking the time
[00:20:24] to share that with me today.
[00:20:25] Really appreciate your time.
[00:20:26] Thank you for having me.
[00:20:27] Whether it be
[00:20:28] countering AI driven
[00:20:30] attacks to aligning
[00:20:31] with evolving regulations
[00:20:32] and fostering
[00:20:33] a culture of awareness,
[00:20:35] organisations must
[00:20:36] treat cyber security
[00:20:38] as an ongoing priority.
[00:20:39] We all agree on that,
[00:20:40] I would think by now.
[00:20:41] But what steps
[00:20:42] are you or your organisation
[00:20:43] to stay secure
[00:20:45] in an era
[00:20:46] of rapid technological change?
[00:20:48] Are you investing
[00:20:49] in the right tools?
[00:20:50] Are you training
[00:20:51] to adapt
[00:20:52] to the emerging threats?
[00:20:54] Whatever it is,
[00:20:55] love to hear your thoughts
[00:20:56] on how we can collectively
[00:20:57] tackle the challenges
[00:20:58] of cyber security
[00:20:59] in 2025 and beyond.
[00:21:02] So please,
[00:21:03] share your ideas,
[00:21:04] your insights
[00:21:05] so we can shape
[00:21:06] a safer digital future
[00:21:07] together by emailing me
[00:21:10] techblogwriteroutlook.com,
[00:21:11] LinkedIn,
[00:21:12] X,
[00:21:12] Instagram,
[00:21:13] just at Neil C. Hughes.
[00:21:14] Make sure you follow
[00:21:15] but make sure you say
[00:21:16] a quick hello
[00:21:17] and share your insights
[00:21:19] with me.
[00:21:20] But enough cyber security
[00:21:21] for one day.
[00:21:22] I've got to go prepare
[00:21:23] for tomorrow's guest now.
[00:21:24] We've got a completely
[00:21:25] different topic.
[00:21:26] But that is just a teaser
[00:21:27] to try and tempt you
[00:21:28] into coming back tomorrow.
[00:21:30] So hopefully I will speak
[00:21:30] with you all then.
[00:21:31] But bye for now.