On the other hand, there is still a gap between the complexity of the environment (hybrid, SaaS, multi-cloud) and the maturity of identity controls. Likewise, many organizations still do not consistently apply intelligent privilege controls, while the need to automate the identity and permission lifecycle indicates that current investment is not always sufficient or well targeted.
And not only does this gap exist, but there is also a cultural gap, as Salvador Sánchez Taboada points out. “Many management teams see cybersecurity as an expense, not as a lifesaver,” he acknowledges. In Spain and Latin America, we are working to change that view, relying on integration through AI between existing risk plans and new threats: investing in resilience is like investing in good foundations before building a house. Every change of cycle reminds us that the invisible—like foundations—supports everything we value.”
Increased spending “is often diverted toward AI hype and supposedly miraculous solutions driven by marketing, rather than addressing real risks,” argues Martin Zugec. That’s why he believes attackers have evolved toward simpler, harder-to-detect techniques, such as LOTL or ClickFix, which weaponize legitimate system tools and user interactions to bypass security layers.
“This disconnect between where defenders invest and how attackers evolve is a dangerous trend, clearly visible when comparing the findings of real forensic investigations with the narratives popularized in professional networks. This disconnect is reckless,” he warns.
CISO priorities
In this context, CISOs are forced to continually rethink their defense strategies. “Beyond having solid internal teams and adequate prevention tools, it is increasingly necessary to complement these capabilities with trusted technology partners and insurers capable of managing cyber risk in a more holistic way,” says Vincent Nguyen, director of cybersecurity at Stoïk.
As attackers professionalize and scale their operations, Nguyen believes that effective defense requires a proactive and integrated approach that combines advanced cybersecurity solutions, risk transfer through cyber insurance, and operational support when an incident occurs. “Strategic partners with a cross-functional view of risk can accompany organizations before, during, and after an attack, strengthening resilience without replacing internal security leadership,” he adds.
In any case, Martín Trullas acknowledges that there is no single winning strategy for the CISO, but rather a set of different strategies focused on different areas. “On the one hand, identity security must be strengthened, as it can become a gateway for more serious attacks. And this identity security should no longer be understood only as ‘human identity’ but must also focus on the identity of connected devices, which can also become vectors for attack,” he explains.
“At the same time, it is necessary to implement organizational and mindset changes within the company: proper governance, cybersecurity training for all employees, promotion of best practices to reduce risks, and a culture of proactivity to reduce detection and response time in the event of an attack. The entire company must be involved in these processes, because leaving cybersecurity as the sole responsibility of the CISO or the department on duty is a mistake that can be very costly.”
Of course, this requires CISOs to have the right resources. “And they don’t have it easy, with often unrealistic expectations that cause them to experience signs of burnout,” says Fernando Anaya, general manager of Proofpoint for Spain and Portugal.
Anaya cites this data: “In Spain, 51% of security managers say they still lack the necessary means to meet their objectives. Similarly, it is crucial to strengthen incident response capabilities, especially considering that a third of Spanish organizations admit to being unprepared. A much more proactive approach is also needed to foster a culture of cybersecurity that goes beyond simply trusting users and includes concrete and effective actions to reduce data loss. The pressure on CISOs is increasing as these resource constraints are combined with such a rapidly changing threat environment, making it imperative that they work to align themselves strategically with their organizations’ boards of directors, seeking a shared vision that ensures the necessary support and appropriate decision-making.
At the same time, Abraham Vázquez believes that it will be essential to advance zero–trust models and perimeter hardening, eliminating legacy VPNs and accelerating patching processes in edge environments, as well as ensuring proven resilience through immutable backups and isolated recovery environments. “The automation of detection and response, supported by SOAR and AI platforms, will enable the cycle between detection and containment to be closed efficiently, effectively reducing response times. Added to this is the need for more mature third-party and supply chain management, based on continuous assessment of cybersecurity posture and minimal but relevant telemetry.”
“It will be key to conduct internal crisis management exercises that consider realistic scenarios, such as ransomware attacks without payment, fraud using deepfakes of management, or outages of critical suppliers.”
