Preparing for the Next Big Cyber Threat: Expert Recommendations

Staying ahead of the game is a top concern for security teams as the cyber threat landscape continues to evolve rapidly. Every year seems to bring new technological advances, which also introduce new cybersecurity trends and significant risks. As organizations face these challenges, it’s essential to build proactive defenses, not reactive responses.

The next big cyber threat is already here—ready or not. The increasing use of artificial intelligence (AI), complex supply chains, and shifting regulations are all creating a volatile security ecosystem, and your organization needs to prepare now to tackle new cybercrime threats.

In this guide, we break down the most urgent cyber threats on the horizon and share exclusive insights from our Chief Information Security Officer, Phil Ross. His frontline perspective adds a rare layer of strategic depth—paired with clear, actionable steps to help you stay ahead of today’s most complex security challenges.

Ready to future-proof your business against emerging cyber threats? Let’s dive in.

AI risk: Security concerns and legal battles

Perhaps no technological tool is influencing organizations across every industry quite like AI. However, the conversation around AI is slowly shifting from its impressive functionality to the potential risks introduced by this new tool.

Phil warns that, as businesses increasingly adopt AI-driven systems, they may underestimate the complexity and risk involved. “One of the most overlooked threats is the emergence of control blind spots,” he says. As organizations shift decision-making responsibilities to AI, they may lose the critical oversight that human analysts traditionally provide. While AI can often outperform humans in routine assessments, Phil emphasizes the importance of maintaining a human-in-the-loop for high-impact decisions to avoid costly errors.

As companies explore new territories with AI, understanding the associated risks and legal concerns is essential to better prepare for the cyber threats that arise from its use.

Rise of generative AI = rise in risk

Generative AI is a type of artificial intelligence that creates new content, such as text, images, music, and videos, by learning from existing data instead of just analyzing it. Popular generative AI models include ChatGPT, DALL-E, and Character.ai, among others. As generative AI and machine learning become more widely adopted, it brings with it a set of evolving security challenges. Below are some of the key cyber risks organizations should be aware of:

• Malicious code in open-source AI models: Without thorough vetting, organizations risk deploying AI tools embedded with malware or hidden backdoors, which can compromise systems and expose sensitive data.
• Exposure of sensitive data through AI tools: Generative AI models often require vast datasets to operate effectively. If not properly secured, these tools can inadvertently expose sensitive information, personally identifiable data, or even harmful content.
• The rise of Shadow AI: Employees may begin using generative AI tools without formal approval or oversight. This unmonitored usage—often referred to as “shadow AI”—can lead to uncontrolled data sharing, integration of unvetted tools, and gaps in security coverage.
• Prompt injection attacks: Generative AI models can be manipulated through carefully crafted inputs. These prompt injection attacks can bypass intended safeguards, leading to unauthorized actions or data breaches.
• Increased attack surface: Integrating AI inherently expands an organization’s attack surface. Each new AI-driven system or endpoint creates opportunities for hackers and threat actors to exploit, making it harder for security teams to monitor and defend the full attack surface.

Along with these increased risks, AI use has also introduced a slew of legal and ethical concerns that can impact businesses across various industries.

Legal and Ethical Minefields

The rapid advancement of AI technologies has ushered in significant legal and ethical challenges, particularly concerning data protection, intellectual property rights, and the responsible use of AI systems. Organizations that implement AI tools must recognize these challenges to avoid potential lawsuits or ethical issues. Examples of these challenges include:

• LinkedIn’s privacy controversy (2025): LinkedIn faced a class-action lawsuit for allegedly using premium subscribers’ private messages to train AI models without proper notification or consent.
• Clearview AI’s facial recognition database: Clearview AI compiled a vast database of facial images by scraping publicly available photos from the internet, leading to multiple legal challenges scrutinizing the company’s methods and imposing fines for privacy violations.
• Bias and discrimination: AI systems have been found to perpetuate biases present in training data, leading to discriminatory outcomes.
• Global jurisdictional issues: AI technologies are not confined to one jurisdiction, complicating the creation and enforcement of consistent privacy practices and governance across borders.

When it comes to governance, Phil advises against assuming a one-size-fits-all solution. For organizations in lightly regulated sectors, he recommends starting early with a basic policy framework. This iterative approach ensures that AI oversight remains practical and responsive to rapid developments.

“Stand up a working group to tackle new questions about the use of AI as they emerge, and evolve your policies over time.” – Phil Ross, CISO at UpGuard

As for the role of security teams, Phil believes a mindset shift is necessary. “It’s tempting to think cybersecurity should own every data-related risk—but when it comes to AI, most security practitioners aren’t yet equipped to manage emerging threats like data poisoning,” he explains. Instead, he predicts a dual pathway: either cybersecurity professionals will need substantial upskilling, or experts from data science and analytics backgrounds will pivot into AI security roles. “There’s a vacuum forming—and it’ll pull talent from both sides.”

Actionable tips

• Audit shadow AI to identify unauthorized tools used across your organization, especially in remote work environments.
• Define acceptable use by creating clear AI usage policies for employees, including zero-trust architecture.
• Build AI governance frameworks that include oversight, accountability, and compliance.
• Protect sensitive data by restricting inputs into AI tools and using security measures.
• Track emerging threats by staying informed on evolving AI-driven attacks and insider threats.

Supply chain threats: The need for stronger third-party vetting

Just like the use of AI, organizations are increasingly reliant on third-party vendors across their business operations. This large ecosystem results in a longer supply chain—a business’ interconnected network of activities, organizations, and resources needed to source, produce, and deliver a product or service.

As supply chains get bigger, so does the threat of supply chain attacks. Cybercriminals can dismantle an organization in seconds by strategically targeting a vital vendor in its supply chain. It is now more important than ever to be aware of the growing cyber threats facing your supply chain.

Expanding attack surfaces

An organization’s attack surface includes all vectors where a cyberattack could originate or gain entry, including critical infrastructure, networks, IOT devices, and even human factors. This extends when businesses utilize third-party partnerships, as each connection becomes a potential entry or cyber threat. These vulnerabilities can go unnoticed until they’re exploited—especially if vendors don’t meet the same security standards as the organizations they serve.

A recent example of a major third-party cyber incident is the 2023 MOVEit data breach. Progress Software’s MOVEit Transfer product is a widely used secure file transfer solution used by thousands of organizations. However, a critical vulnerability was exploited by the ransomware group Cl0p, allowing the hackers to access sensitive databases without authentication. The statistics are overwhelming:

• More than 2,700 organizations were impacted globally
• Over 93 million individuals’ data was exposed, including personal health and financial information
• Victims included government agencies, healthcare providers, and large enterprises

The MOVEit breach is just one example of how one vulnerability in a software supply chain compromised thousands of downstream organizations, including those with strong internal cloud security.

Current TPRM efforts are falling short

As supply chain threats evolve, so should an organization’s third-party risk management program. However, many businesses are still using outdated methods to manage vendor risk—inadvertently creating security gaps that threat actors could exploit.

• Static questionnaires and spreadsheets: Manual methods provide a one-time snapshot of a vendor’s security posture, failing to account for real-time changes
• Asset inventories: Current vendor inventories are often incomplete, leading to “unknown-unknowns,” or third-party services that aren’t tracked or monitored
• Delayed detection of security issues: Long detection processes leave organizations unaware of emerging vulnerabilities until after a breach occurs.

These shortcomings leave organizations vulnerable to a wide range of risks, like missed warning signs of vendor security incidents and delays in incident response to third-party breaches. Additionally, organizations could face regulatory compliance failures and reputational damage from breaches outside their direct control.

Modern cyber threats require modern risk management. Transitioning to automated, continuous, and scalable third-party risk management practices is crucial to safeguard against today's evolving supply chain vulnerabilities.

When asked how organizations can move beyond once-a-year assessments, Phil suggests adopting a more dynamic approach: signal-driven monitoring.

“Start collecting signals that reflect real-time risk from both third and fourth-party vendors, including service status updates, media coverage of disruptions, and critical vulnerability scan results—especially those tied to actively exploited zero days.” – Phil Ross, CISO at UpGuard

To take this further, Phil advocates for automation. “Wherever possible, automate the workflows triggered by these signals,” he says. This ensures faster response times and allows teams to focus on the incidents that matter most.

Actionable tips

• Enhance security operations with continuous monitoring tools to track vendor risk in real time.
• Tier your vendors by risk level and focus the most scrutiny on high-risk providers.
• Automate security reviews and assessments to reduce manual overhead and human error.
• Ensure complete visibility and threat detection into your third- and fourth-party relationships.

Navigating New U.S. Policy Directions

In 2025, changing U.S. leadership has brought with it a series of cybersecurity policy shifts that may weaken national cyber defenses and create new vulnerabilities for both public and private sector organizations. While the full impact is still unfolding, early signals point to increased uncertainty, a potential loss of central coordination, and broader exposure to cyber risk.

A shifting regulatory environment

Several recent developments suggest that federal cybersecurity priorities and enforcement may be deprioritized or restructured. These include key leadership changes at the NSA and U.S. Cyber Command, which are leading to concerns about continuity and focus at the federal level. Additionally, an executive order promoting state-level autonomy over cybersecurity preparedness could result in uneven security standards and inconsistent response strategies across jurisdictions.

The Cyber Safety Review Board (CSRB), which was previously tasked with analyzing major cyber incidents, was dismantled—which could result in reduced oversight and delay lessons learned from high-impact breaches. These changes introduce ambiguity into the threat landscape, as organizations are left with fewer federal guidelines, less coordinated intelligence sharing, and more pressure to self-regulate cybersecurity strategies.

With regulations becoming more complex, Phil stresses the importance of readiness. “Organizations need to establish clear and efficient procedures for how incidents are evaluated and how disclosures are managed,” he says. Having a well-defined incident response process isn’t just about containment—it’s also about knowing what needs to be reported, to whom, and when.

Phil also points to data retention as a critical, often-overlooked piece of the puzzle. “Make sure your data retention configurations are properly optimized across all relevant systems,” he advises. Without access to the right logs or forensic details, organizations may struggle to meet evolving regulatory expectations or defend the integrity of their incident reports.

The real business risk: Exposure and uncertainty

Policy shifts like these do more than increase the compliance burden—they actively raise cyber risk exposure. This rise could also contribute to a rise in a variety of cyber incidents, such as ransomware attacks, social engineering attacks, deepfake phishing, and even extortion. This exposure can also cause:

• Reduced federal oversight: A lack of oversight may embolden threat actors who perceive a weaker or slower response from U.S. agencies.
• Decentralized policies: Segmentation across standards leads to inconsistent security baselines, creating new entry points for attackers
• ‍Gaps in threat intelligence and incident review: Key safeguards that previously helped companies stay informed and respond quickly to emerging threats are no longer available.

According to Phil, one of the most pressing concerns is the reduction in proactive U.S. cyber defense efforts—particularly when it comes to countering Russian state-sponsored threat actors.

“We’re seeing a pullback in coordinated defense strategies, especially around cyber threat intelligence sharing with allied nations. This fragmentation could lead to higher attack success rates and longer dwell times, as threat actors operate with fewer obstacles and reduced visibility from defenders.” – Phil Ross, CISO at UpGuard

This environment of uncertainty makes it harder for security leaders to plan effectively—but it also makes proactive risk management more important than ever.

Actionable tips

• Monitor domestic and global cybersecurity regulations continuously to stay ahead of compliance and security expectations.
• Appoint a compliance lead or cross-functional task force to evaluate how these changes affect your risk posture.
• Update incident response plans and align reporting processes with U.S. and international requirements to prepare for increased disclosure complexity.
• Allocate budget investments in continuous risk monitoring to fill the oversight gaps left by regulatory fragmentation.

Your strongest defense? A team built to adapt

As the cyber threat landscape evolves, so too must the teams responsible for defending against it. Phil’s top piece of advice for security leaders is simple but powerful: invest in your people.

“Some of the human resources you’ll need in the years ahead will be too rare to reliably find on the open market,” he explains. Rather than chasing unicorn hires, Phil recommends developing internal talent—supporting those with the potential to grow and bringing in fresh minds who can absorb both new tools and institutional knowledge.

He also highlights the growing importance of low-code automation skills, calling out tools like n8n as prime examples. “These platforms will democratize AI-enriched automation and help reduce the toil of day-to-day Security Operations,” Phil notes.

“Focus on finding people with the energy and aptitude to pick up new technologies while also learning from your experienced team members.” – Phil Ross, CISO at UpGuard

Because at the end of the day, tools can only go so far—it’s your team that turns strategy into action.

How UpGuard Breach Risk helps organizations stay ahead

From AI-driven vulnerabilities to third-party risks and regulatory uncertainty, the cybersecurity landscape is growing more complex by the day. The organizations that thrive in this environment will be the ones that invest in proactive risk management, not reactive damage control.

UpGuard Breach Risk helps security teams stay ahead of emerging threats with continuous monitoring, real-time vendor risk insights, and a clear view of your external attack surface. It’s the visibility and control you need to build resilience in the face of what’s next.

Additional Breach Risk features include:

• Data leak detection: Protect your brand, intellectual property, and customer data with timely detection of data leaks and avoid data breaches‍
• Continuous monitoring: Get real-time information and manage exposures, including domains, misconfigurations, IPs, and employee credentials‍
• Attack surface reduction: Reduce your attack surface by discovering exploitable vulnerabilities and domains at risk of typosquatting‍
• Shared security profile: Eliminate having to answer security questionnaires by creating an UpGuard Trust Page‍
• Workflows and waivers: Simplify and accelerate how you remediate issues, waive risks, and respond to security queries‍
• Reporting and insights: Access tailor-made reports for different stakeholders and view information about your external attack surface

Explore how UpGuard Breach Risk can help protect your business at https://www.upguard.com/contact-sales.