Cybersecurity Insights with Contrast CISO David Lindner | 01/24/25

Insight No. 1: DORA’s knocking at your door

DORA is already in effect! For those who haven't started, playing catch-up could be a costly mistake. Organizations that fail to comply with the established ICT risk management framework could face significant fines and reputational damage. Beyond your own company risk profile, you need to ensure that your third-party providers — particularly those classified as “critical” — are in compliance with these key processes:

• ICT risk management.
• Incident reporting and management.
• Information sharing and cybersecurity.
• Supervisory framework for third-party providers

Insight No. 2: Stop wasting job candidates’ time

As noted by articles such as this one, the cybersecurity hiring process is broken. Companies are drowning in resumes, filtering out qualified candidates with rigid Applicant Tracking System (ATS) systems and relying on recruiters who lack cybersecurity expertise. It's time to ditch the buzzword bingo, streamline the interview process and prioritize clear communication. Ditch the "ghost jobs" and endless interview cycles — or risk losing top talent to companies that value their time.

Insight No. 3: Make 2025 the year to lay off lame-o security relics

Passwords are relics of the past, mandatory pen-testing is a compliance charade, and conventional firewalls are just expensive roadblocks. It's time to embrace a new era of security — one that prioritizes dynamic authentication, continuous testing and cloud-native solutions. Let's face it, clinging to legacy tech isn't security; it's just nostalgia. The future of cybersecurity hinges on visibility, transparency, behavioral analysis, and cutting-edge application detection and response (ADR).