As our digital world grows increasingly interconnected, so too do the challenges of maintaining robust cybersecurity. High-profile incidents, such as the CrowdStrike event during the summer of 2024, have illuminated critical vulnerabilities in technology infrastructure and underscored the urgent need for organizations to evolve their approaches. Cybersecurity is no longer solely about defense—it is about building resilience to adapt to and recover from an ever-changing threat landscape.
Drawing on my experience as a researcher and educator in cybersecurity, I’ve seen firsthand how the complexity of modern digital ecosystems demands innovative and proactive solutions. In this Q&A, I’ll share insights into critical issues shaping cybersecurity today, from preventing technological failures and combating ransomware to navigating the ethical challenges of AI-powered defense systems. Through this discussion, I hope to provide actionable guidance on how organizations can strengthen their resilience and remain ahead of evolving threats.
- The CrowdStrike incident brought attention to key technological vulnerabilities in cybersecurity infrastructure. What lessons can organizations draw from this event, and what practices should they implement to safeguard against similar risks?
The CrowdStrike incident demonstrated the importance of researching topics such as secure software updates and the general problem of having homogeneous systems. That is, if many people are using the same solution for a task such as security, and that system fails, everyone may become vulnerable or unavailable at the same time. The CrowdStrike incident was not a security breach, but it did demonstrate how much damage future attacks may create where a product is serving thousands of high-profile customers. For instance, many organizations are highly dependent on cloud services such as GMail or Microsoft Office 365. Hence, if these products were to fail in some way in the future, millions of users and thousands of organizations would be affected. One practice that one could envision here would be to focus on architectures that are more fault tolerant and fail safe in case something catastrophic happens. Software updates should be tested for robustness before deployment, and the dependency between different software products and how they can adversely influence each other should be automatically analyzed. As our computer, software and network systems continue to become embedded into critical infrastructures, all systems should be kept up to date with the latest security patches. This practice will not only protect against cybersecurity threats, but will also maintain reliable performance.
- Given the increasing frequency and sophistication of ransomware attacks, what do you predict will be the most effective defense strategies in 2025, and how might organizations need to shift their approaches to stay ahead?
Resilient backup strategies remain one of the most effective defenses against ransomware. Offline or air-gapped backups ensure that even if attackers compromise an organization’s systems, critical data remains secure and recoverable. But it’s not enough to have backups – organizations need to plan for worst-case scenarios by regularly testing their recovery processes. Simulations that assess how quickly systems can be restored after an attack are essential for identifying gaps and ensuring preparedness.
Employee education also plays a critical role in ransomware defense. Most attacks begin with social engineering, such as phishing emails, that exploit human error. Training employees to recognize these threats and understand how they originate is one of the simplest and most effective ways to strengthen security. It only takes one person falling for a phishing attempt to compromise an entire organization. This is why widespread awareness can make a significant difference without adding extra back-end work.
Advances in AI are adding another layer of defense by enhancing detection capabilities. AI systems can analyze data in real-time to identify suspicious activity or ransomware installation attempts, allowing organizations to act before significant damage occurs. By combining resilient backups, proactive planning, employee training, and cutting-edge AI tools, organizations can stay ahead of increasingly sophisticated ransomware threats and build stronger, more adaptive defenses.
- As organizations adopt more resilient cybersecurity strategies, what ethical considerations and governance standards do you think will be necessary to guide these efforts, particularly when implementing AI and decentralized systems?
It is clear that we will need answers for AI-based security systems very soon. AI can be great for finding out if a system has been compromised, or if there is a vulnerability in a system that is known, or unknown. However, we will need some humans in the loop to determine if the actions that AI suggests or takes are indeed correct and ethical. For example, imagine if an AI or decentralized system decides, based on its analysis, that a certain country is risky, and in turn cuts off all that country’s users. Is this ethical? Also, could this analysis be a false positive because the AI system had a dataset that was incorrect? The overall cybersecurity and technology industry will need to think hard about these questions. In the near future, regulations and governance standards will play an important role in these discussions.
- Artificial intelligence is quickly becoming a valuable tool in threat detection and prevention. How can AI-powered systems be integrated effectively into existing cybersecurity strategies without becoming overly reliant on them? Are there any potential risks these technologies might introduce?
AI-powered systems have revolutionized cybersecurity by automating the detection of threats and anomalies at a scale and speed that humans simply can’t match. However, effective integration of AI into cybersecurity strategies requires balance. While AI can handle much of the heavy lifting, humans must remain involved in the decision-making process to ensure the accuracy and integrity of critical actions.
This doesn’t mean organizations need hundreds of people monitoring every AI system at all times. Instead, it’s about maintaining strategic oversight – allowing AI to automate routine tasks and flag potential issues, while human experts step in to review and act on high-stakes decisions. This hybrid approach ensures that the system remains both efficient and accountable.
One of the key risks of over-reliance on AI is that it’s only as good as the data it’s trained on. If the data is biased or incomplete, the system might make flawed decisions, leading to missed threats or false positives. Additionally, cybercriminals are increasingly targeting AI systems, looking to manipulate their algorithms or exploit vulnerabilities.
To mitigate these risks, organizations must focus on regular validation and auditing of AI systems to ensure they operate as intended. Clear protocols should be in place for when and how human oversight is applied, ensuring that critical actions remain grounded in both technological precision and human judgment. By integrating AI as an enhancement rather than a replacement, organizations can harness its full potential while avoiding pitfalls.
- With modern digital ecosystems becoming more complex, how can organizations identify and address interdependencies in their systems to prevent failures?
To stay ahead, organizations need to actively look for these interdependencies by running regular “war game” type of simulations that can show how a failure in one area might cascade through the system and help teams plan for worst-case scenarios.
It’s also important to think about interdependencies from the start, building systems with redundancy and fail-safes baked in. Regularly testing these systems and making adjustments as they evolve can prevent small issues from becoming big problems.
The key here is to make this kind of testing and planning a regular part of operations – not something you only think about after an issue arises. By being proactive, organizations can build resilience into their systems and reduce the risks that come with today’s interconnected digital world.
About the Author
Engin Kirda is a Program Co-Chair of ACM CCS 2024. He is also a professor at the Khoury College of Computer Sciences and the Department of Electrical and Computer Engineering at Northeastern University in Boston. Previously, he was tenured faculty at Institute Eurecom (Graduate School and Research Center) in the French Riviera. Prior to that, he was faculty at the Technical University of Vienna where he co-founded the Secure Systems Lab. The lab has now become international and is distributed over nine institutions and geographical locations.
Engin’s current research interests are in systems, software and network security (with focus on Web security, binary analysis, and malware detection). Before that, he was mainly interested in distributed systems, software engineering and software architectures. Engin can be reached online at [email protected] and at ACM’s website https://www.acm.org/.
