Addressing the intersection of cyber and physical security threats

In this Help Net Security, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity. He shares his perspective on the new threats these advancements bring and offers practical advice for organizations to stay prepared.

What emerging technologies or trends could introduce entirely new types of cybersecurity threats?

Emerging technologies such as AI, quantum computing, and IoT are reshaping the cybersecurity landscape. AI enables adversaries to launch automated, adaptive attacks that can bypass traditional defenses easier, including deepfake-based scams and automated phishing with increased language proficiency.

43% of the IT and security professionals in the UK, surveyed in the 2024 Cybersecurity Assessment Report, stated that they perceive Generative AI technology as a very significant threat in the cybersecurity landscape when it comes to the manipulation or creation of deceptive content.

Quantum computing, while still in its infancy, poses a future threat to cryptographic protocols by potentially breaking widely used encryption algorithms.

Additionally, IoT devices introduce vulnerabilities to environments due to their lack of standard security measures, creating opportunities for large-scale attacks exacerbated by the increasing remote workforce. Technologies like blockchain, though secure by design, are increasingly exploited through vulnerabilities in smart contracts.

To combat these threats, organizations must consider proactive measures such as quantum-safe cryptography, improved IoT security practices, and AI-enhanced threat detection systems. The pace of innovation necessitates adaptive, forward-looking cybersecurity strategies to protect against these evolving threats.

Are we seeing a convergence of cyber and physical threats? If so, what are the implications for cybersecurity strategies?

The convergence of cyber and physical threats is becoming a pressing concern as industries integrate operational technology (OT) with IT systems. Critical infrastructure such as power grids, water supplies, and healthcare systems now face dual risks – cyber-attacks can have substantial impacts on the availability of material or production lines and even cause physical harm.

This convergence requires a holistic approach to security, combining cybersecurity measures with physical security protocols. Organizations must adopt integrated risk management frameworks, conduct joint cyber-physical threat assessments, and invest in real-time monitoring tools for detecting anomalies across interconnected systems. Moreover, regulatory compliance for industries handling critical infrastructure should mandate minimum cybersecurity standards (e.g. NIS2 and CAF). The implications are clear: failing to address these risks could lead to significant financial, operational, and societal consequences.

How soon do you think quantum computing will become a practical concern for encryption and cybersecurity, and how should organizations prepare?

Quantum computing is expected to pose a practical concern for cybersecurity within the next 5–10 years. Once mature, quantum computers will have the ability to break widely used cryptographic algorithms, such as RSA and ECC, undermining the security of data transmission, storage, and authentication systems. These algorithms are baked into systems globally and would cause significant repercussions.

Organizations must begin preparation to quantum-resistant encryption standards, like those currently being developed by the NIST, however, this is complex. Preparation will include thorough inventorying of existing cryptographic assets and protocols, awareness and training on post-quantum cryptography and investigating solutions that utilise quantum-resistant standards. Although quantum computing is not yet a mainstream concern, early preparation is essential to avoid reactive, costly measures when the technology reaches practical application – invest once.

How can organizations address the growing skills gap in cybersecurity to prepare for emerging threats?

The cybersecurity skills gap is a growing challenge, with an estimated shortage of millions of professionals globally. To address this, organizations should adopt a multi-pronged approach. Investing in continuous training programs for existing staff is essential to keep pace with evolving threats. Collaborate with universities and other institutions to develop tailored curriculum focused on current and future industry needs.

Organizations should offer more apprenticeships, internships and cybersecurity boot camps as these are effective ways to bring new talent into the field quickly. Instead of focusing on the skills gap or shortage of skills, we should also be leveraging AI and machine learning tools to bring efficiency and automate repetitive tasks, allowing security practitioners to focus on higher-level problem-solving.

Consider incorporating the managed detection and response (MDR) model into operations or utilizing any third-party support, to augment internal security team capabilities and/or bridge any immediate skillsets that are lacking.

Furthermore, creating inclusive hiring practices that encourage diversity can help to tap into a broader talent pool, to change what is currently a relatively male dominated industry.

On a scale of 1–10, how prepared are organizations globally to face these threats, and what factors contribute most to this assessment?

I would argue that global preparedness for cybersecurity threats averages around 4. While some organizations, especially in finance and defense, demonstrate robust security postures, many industries lag behind due to limited resources, insufficient training, and inadequate focus on emerging threats.

Contributing factors include the rapid adoption of new technologies without comprehensive security frameworks, a global shortage of skilled cybersecurity professionals, and the growing sophistication of adversaries leveraging AI and advanced malware.

Smaller organizations often lack the understanding of risk associated with cyber, as well as the budget for advanced cybersecurity tools or managed services, leaving them highly vulnerable. To improve preparedness, businesses need to prioritize cybersecurity at the board level, invest in proactive measures such as red teaming and threat hunting, and comply with evolving regulations.

Collaborative efforts between governments, private sectors, and international organizations will also play a critical role in elevating global cybersecurity readiness. Collaboration is key and regulations such as the newly introduced Digital Operational Resilience Act (DORA) will help with this.