Professional speakers at the Google Cloud Next 2025 function said that cybersecurity teams must adapt their strategies in the midst of a rapidly changing danger landscape.
This evolving threat environment has been influenced by four main components:
- an increasing number of cybercrime stars
- Growing political tensions have a negative impact on the activities of more state states.
- New restrictions for data safety and security
- Rapid advancements in new technology, such as AI
This fact, according to Matt Rowe, Chief Security Officer at Lloyds Banking Group, means “everything we do in terms of the job of security has to change.”
In this new setting, security officials should concentrate on the top five places, as outlined below.
Safe Your Blind Spots
There is a growing trend of risk players focusing on the “visibility space” in agencies, according to Sandra Joyce, VP of Google Threat Intelligence. These equipment frequently do not support surveillance equipment like EDR. These include VPN solutions, cloud platforms, and firewalls.
Concern players are identifying blind areas and persistently targeting those places, according to Sandra Joyce, VP of Google Threat Intelligence.
She noted that” Hazard players are identifying blind spots and relentlessly targeting those places.”
Chinese state actors have used this technique to frequently squander zero days in community and advantage devices.
This means security managers must take into account zero time across their entire engineering stack, Joyce continued.
However, it’s challenging to straight secure these products. According to Jurgen Kutscher, VP at Mandiant Consulting, the focus should be on detecting lateral movement following a settlement of these devices, according to Infosecurity.
The advanced threat actors are exceptionally quiet, he said, and a challenge they face is that they are using living off the land techniques, which means they don’t use a lot of loud tools in the environment.
Kutscher advised businesses to look into consumer conduct anomalies, such as when credentials are being used inadvertently. Identity and access control are also essential to restricting thieves ‘ access to particular regions.
He also urged businesses to proactively contact experts like Mandiant when a zero time risk has been exposed. This will make it easier to determine whether the institution has been compromised quickly.
Develop Methods to Prevent Insider Threats
The development of North Korea’s false IT worker program is another trend that Google has noticed. This is where malignant stars working for North Korea make attempts to hire as IT professionals in a variety of industries.
They rely on fabricated personalities to trap their prospective employers into hiring them.
These phony employees gain access to the company once they are hired to extort money from the North Korean government.
Additionally, there have been instances of these celebrities stealing sensitive information to steal their previous employers.
Google Threat Intelligence reported in April 2025 that the program’s target has recently expanded beyond the .
Beyond a security issue, battling inside threats, such as the North Korean IT worker scheme, calls for a whole-of-company approach that includes departments like HR.
According to Joyce,” HR executives don’t wake up and assume that North Korean IT workers are their top goal.”
She urged businesses to develop a complete hiring strategy, including stringent background checks and possible in-person interviews, to improve their hiring practices.
Additionally, third-party contractors must have powerful identity and access management systems in place.
Use AI to Improve the efficiency of your staff
A number of new AI answers were presented at the Google Cloud Next event, designed to drastically reduce the workload of cybersecurity professionals.
An investigation diagnosis agent is included in this that you look into each security alert issued by customers.
Rowe emphasized the value of utilizing these resources to stay one step ahead of assailants.
This is particularly crucial for analysts working in security operation centers ( SOC).
The Chief Security Officer, Lloyds Banking Group, says,” Economists in a traditional SOC are crushed by active work.”
” Experts in a classic SOC are crushed by active work – looking for subtle, understated real positives. They go through a lot of work, frequently without regard to destructive activity, Rowe explained.
The SOC team at Lloyds spent their time focusing on the most powerful threats by using AI and automation to analyze alerts, which Rowe called “working on high fidelity, true positives”
Usage of AI Safely
Companies are deploying AI devices to increase productivity and competitiveness as quickly as possible. However, this pattern is creating significant issues with data protection.
Traditional management strategies are inefficient because there is frequently a lack of control over the information that is inputted into AI agents.
As soon as you add an AI company, organizations are automatically exposed to safety risks, according to Yasmeen Ahmad, Managing Director for Data and Analytics at Google Cloud.
” Having data systems with AI bolted on is the current issue for many companies. Yasmeen Ahmad, Managing Director for Data and Analytics at Google Cloud, noted that adding on an AI services essentially opens businesses up to safety hazards.
Also, AI is being employed to uncover the value of “unstructured data,” such as images, texts, and videos, which are not covered by traditional handrails.
There is also the question of confidence in AI resources ‘ data, which frequently involves hallucinations and failures.
Ahmad argued that it is crucial for businesses to build a second access layer through which all data is processed.
At Google Cloud, Saurabh Tiwary, VP and General Manager, Cloud AI, cited some of the way that AI can assist with data management issues. This includes conducting an immediate analysis of documents to provide them the correct awareness label.
Customers can browse, buy, and handle AI agents that have been deemed” healthy” through Google’s AI Agent Marketplace.
Detecting Credential Episodes in the Cloud
In recent years, there has been a significant shift in how organizations ‘ data has moved to the fog, which has led to threat actors looking for this setting.
One of the main ways that threat players use to misconduct is compromising qualifications.
Joyce cited the fall of , a piece of malware that is used to eluded and sell credentials on obscene underwater marketplaces as one of the main causes of stolen credentials.
Hackers also frequently steal qualifications by compromise on-prem environments and lateral action into the sky, according to Kutscher.
” If your business is not secure, you still have a primary attack way into your sky culture,” he continued.
Therefore, fundamental authentication techniques like using multifactor authentication ( MFA ) and not reusing passwords are still important.
Another issue with cloud security is the fact that organizations frequently do not comprehend their whole sky footprint.
When they hire new SaaS companies, protection teams have a hard time keeping up with the business, Kutscher said, and business security doesn’t occasionally keep tabs on all the locations where commercial data may now reside.
He urged businesses to choose cloud providers who are familiar with the” shared responsibility model,” which assumes some of the safety responsibilities of consumers in the sky, including providing visibility tools.