Table of Contents
Cybersecurity teams must adapt their approaches in the wake of a dramatically changing threat landscape, according to expert speakers at the Google Cloud Next 2025 event.
This changing threat landscape has been driven by four primary factors:
- An increasing volume of cybercriminal actors
- Growing geopolitical tensions resulting in more malicious nation state activity
- New cybersecurity and data protection regulations
- Rapid developments in new technologies, such as AI
Matt Rowe, Chief Security Officer at Lloyds Banking Group, said that this reality means “everything we do in terms of the work of security has to change.”
Here are the top five areas security leaders should focus on in this new environment.
Secure Your Blind Spots
Sandra Joyce, VP of Google Threat Intelligence, explained that there is a growing trend of threat actors targeting the “visibility gap” in organizations – those devices that often do not support security tools like EDR. These include firewalls, virtualization platforms and VPN solutions.
“Threat actors are identifying blind spots and targeting those areas relentlessly.”Sandra Joyce, VP of Google Threat Intelligence
“Threat actors are identifying blind spots and targeting those areas relentlessly,” she noted.
This is a tactic that has been utilized by Chinese state actors, who commonly exploit zero days in network and edge devices.
“This means security leaders need to consider zero days across their entire technology stack,” Joyce added.
However, directly securing these devices is difficult. Speaking to Infosecurity, Jurgen Kutscher, VP at Mandiant Consulting, said the focus should be on detecting lateral movement following compromise of these devices.
“A challenge we have with these advanced threat actors is also that they are using living off the land techniques, meaning they’re not introducing a lot of noisy tools in the environment, they’re extremely quiet,” he explained.
Kutscher advised organizations to detect anomalies in user behavior, such as credentials being used in an unexpected way. Identity and access management is also crucial to lock down hackers’ access to certain areas.
In addition, he urged organizations to proactively approach specialists like Mandiant when a zero day vulnerability has been published. This can enable a quick assessment on whether the organization has been compromised.
Develop Strategies to Combat Insider Threats
Another notable trend observed by Google is the expansion of North Korea’s fake IT worker program. This is where malicious actors working on behalf of North Korea attempt to seek employment as IT workers in various sectors.
They use fake personas to trick target firms into hiring them.
Once hired, these fake workers use their access into the organization to generate revenue for the North Korea regime and steal sensitive data for espionage purposes.
There has also been cases of these actors stealing sensitive data to extort their former employers.
In April 2025, Google Threat Intelligence reported that the program has expanded its focus beyond the US to Europe in recent months.
Combatting insider threats, such as North Korea’s IT worker scheme, goes beyond a cybersecurity problem and requires a whole of company approach encompassing departments such as HR.
“HR executives don’t wake up and think their first priority is North Korea IT workers,” Joyce noted.
She said organizations must develop a comprehensive process to improve their hiring practices, such as conducting rigorous background checks and holding in-person interviews if possible.
In addition, effective identity and access management programs need to be in place to restrict the access of third-party contractors.
Use AI to Make Your Team More Efficient
During the Google Cloud Next event, a number of new AI solutions were showcased, designed to significantly reduce the workload of cybersecurity professionals.
This includes an alert triage agent, which can perform investigations on each security alert for customers.
Rowe emphasized the importance of using such tools to stay one step ahead of attackers.
This is particularly important for analysts working in security operation centers (SOC).
“Analysts in a classic SOC are crushed by busy work.”Matt Rowe, Chief Security Officer, Lloyds Banking Group
“Analysts in a classic SOC are crushed by busy work – investigating low-key true positives. They go through a lot of work to get to a dead end, often times not pertaining to malicious activity,” Rowe explained.
Using automation and AI to do the analysis of alerts has enabled Lloyds’ SOC team to spend their time focusing on the most sophisticated threats, something Rowe referred to as working on “high fidelity, true positives.”
Secure the Use of AI
Organizations are rapidly deploying AI tools to boost productivity and competitiveness. However, this trend is resulting in significant data security challenges.
There is often a lack of control over the data inputted into AI agents, making traditional governance strategies ineffective.
“As soon as you add on an AI service, that inherently opens organizations up to security risks.”Yasmeen Ahmad, Managing Director for Data and Analytics, Google Cloud
“The current challenge for many organizations is having data platforms with AI bolted on. As soon as you add on an AI service, that inherently opens organizations up to security risks,” noted Yasmeen Ahmad, Managing Director for Data and Analytics at Google Cloud.
Additionally, AI is being used to unlock the value of “unstructured data”, such as images, texts and video, which are not covered by traditional guardrails.
There is also the issue of trust in data taken from AI tools, with issues like misconfigurations and hallucinations prevalent.
Ahmad said it is vital for organizations establish a single access layer that all data in the organization goes through.
Saurabh Tiwary, VP and General Manager, Cloud AI at Google Cloud, highlighted some of the ways AI can help solve data governance challenges in the technology. This includes rapidly analyzing documents to give them an appropriate sensitivity label.
Google’s AI Agent Marketplace allows customers to browse, purchase and manage AI agents that have been classified as ‘safe’.
Addressing Credential Attacks on the Cloud
There has been a major shift in organizations’ data moving to the cloud in recent years and which has resulted threat actors targeting this environment.
Compromised credentials remains one of the primary methods used by threat actors to breach data in the cloud.
Joyce noted that one of the main causes of stolen credentials is the rise of infostealers, malware used to harvest credentials which are then sold on criminal underground marketplaces.
Hackers also often steal credentials by compromising on-prem environments and conducting lateral movement into the cloud, according to Kutscher.
“If your enterprise is not secure, you still have a direct attack path into your cloud environment,” he added.
Therefore, basic authentication practices remain crucial – such as not reusing passwords and deploying multifactor authentication (MFA).
Another challenge with cloud security is that organizations often do not understand their entire cloud footprint.
“Security teams have a hard time keeping up with the business when they get new SaaS providers, and corporate security doesn’t sometimes keep tabs on all the places where corporate data can now live,” Kutscher commented.
He urged organizations to use cloud providers that understand the “shared responsibility model,” in which the provider takes some responsibility for customers’ security in the cloud, including offering visibility tooling.
