[Interview] Canon’s Quentyn Taylor on Cybersecurity and Current Vulnerabilities

October is Cybersecurity Awareness Month which aims to enhance global awareness about the importance of cybersecurity.

Celebrated annually, this international initiative educates everyone about online safety and empowers individuals and businesses to protect their data from cybercrime. But how can they actually do that?

In this short interview, TechTrends Media speaks to Quentyn Taylor, Senior Director – Product, Information Security, and Global Incident Response for Canon EMEA on cybersecurity and current vulnerabilities facing African businesses.

What are the top IT security threats affecting businesses today?

In today’s digital world, the threat landscape is expanding at a rapid rate and if security weaknesses are identified and exploited by hackers, this can have devastating consequences for businesses. According to the World Economic Forum, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025. Ransomware remains one of the top threats facing companies today, as cyber criminals continue to test how much businesses are willing to pay for their most valuable asset – data. 

With the value and the volume of data held by businesses ever increasing, as well as the dependency on IT systems, ransomware attacks continue to be an attractive method for cyber criminals to extort money from organisations. These tried and tested techniques are targeting data across environments, and are continuing to offer cyber criminals returns, as demonstrated by the record $1.1 billion in ransomware payments made in 2023 globally. 

One of the best ways businesses can look to combat this growing threat is by developing a detailed understanding of their security perimeter and the assets that need to be protected. This is because, attackers usually only need to exploit one small vulnerability to be able to gain access to a wealth of information that can be leveraged for ransomware attacks. One area that IT leaders may overlook is print. Despite 70% of organisations being reliant on printing, over a quarter (27%) of IT security incidents on average are related to paper documents. To tackle this issue, companies must conduct thorough security assessments to identify potential weak points and bolster their defences accordingly. 

Only by understanding the existing security infrastructure can organisations optimise their resources and implement appropriate preventive measures.

What are the key vulnerabilities/ gaps in the defences of today’s businesses?

In line with technological innovation, the number of applications and software businesses rely on grows more complex. As such businesses depend on the information security measures of software providers, making vulnerability within the supply chain an increasing concern. This not only presents a security risk, but presents a wider resilience challenge, especially as companies continue to look to facilitate hybrid working. To address this complexity, IT decision makers (ITDMs) are dedicating more time to information security than ever before, with Canon research showing that 50% of ITDMs reporting this as their most time-consuming task – up from 44% in 2021. 

Businesses are only as secure as the software they use, meaning managing risk in the digital supply chain is a growing concern, with many lacking visibility. Vulnerabilities can linger in software that have unknown or unaddressed flaws. Devices and software which haven’t been regularly updated and where available patches have not been applied, can present ongoing security challenges. When we look at the largest attacks in recent years, many have been a result of small errors such as this. Staying up to date on the Cybersecurity & Infrastructure Security Agency’s (CISA) list of vulnerabilities can be a valuable tool to inform priorities and allocate resources to the vulnerabilities that pose the greatest threat. 

Another factor contributing to cybersecurity issues is the lack of transparency in security practices. With the rise of hybrid work models, employees using off-site printers and scanners without notifying IT pose a risk to sensitive corporate data. In fact, a recent IDC report found that 43% of respondents cite security vulnerabilities and the ability to ensure that at-home print devices are compliant with corporate governance and security policies as a top challenge. 

Network connected printers can be a gateway for cyberattacks, allowing hackers to access your network. It is not uncommon to find network enabled printers exposed to the Internet with little or no authentication acting as a gateway into an organisations network as well as exposing the sensitive documents that are printed and scanned on that device. Understanding the perimeter of a company’s network and what devices are exposed is critical for anybody working in it.

Secure cloud printing should form an integral part of the document security chain, ensuring control what devices have access to business networks. This shows the need for employees to be aware of the risk remote working can bring to a company, and the importance of only using corporate approved devices when accessing secure networks.

How has the cybersecurity landscape evolved in recent years?

As technology continues to advance, the role of artificial intelligence (AI) in the cybersecurity landscape will grow significantly. AI’s emergence in this space may initially create challenges for businesses as cyber attackers look to use it to their advantage. For example, we are already seeing AI altering the threat landscape through sophisticated social engineering and phishing attacks. These include the use of AI to make phishing attempts more effective through auto translation, enhanced targeting, and localisation, and even audio creation. The emergence of AI will also enable threat actors to more effectively write malware and shorten the exploitation time of zero-day software vulnerabilities. AI is no longer a future challenge but is intensifying attacks today.

AI has democratised hacking, making sophisticated attack techniques more accessible to malicious actors. Robust information security policies have always been important, but in the age of AI, it is critical organisations remain extra vigilant to threats.  Embracing zero-trust principles and prioritising a high level of employee education will be crucial in fortifying defences against AI-powered threats.

It should be noted however that at this present time attackers are not using AI widely in their attacks only because they do not need to. While some attackers have embraced AI the vast majority haven’t as their existing tools and techniques continue to work. As soon as their existing attack methods start to show a reduction in efficacy it is certain that they will move across to AI based tools to maintain their profit margins. 

Now more than ever, ensuring that you foster a culture of good cyber hygiene is crucial. Employees are the first line of defence against AI enhanced phishing attacks, so providing comprehensive training on what workers need to look out for in AI phishing methods will be crucial. Making multi-factor authentication (MFA) the enforced standard adds another barrier for attackers to overcome, by requiring the verification of login credentials and increasing visibility of entry attempt. MFA is a key tool to bolstering perimeter defences and enforcing zero-trust principles. These actions may seem simple, but most attacks are the result of hackers exploiting a single vulnerability to gain widespread access into systems.

How can regulations help IT leaders combat threats?

In today’s cybersecurity landscape, the escalating frequency and severity of cyber-attacks calls for a robust framework to guide businesses with the implementation of security. As part of an effort to enforce cross-national cybersecurity standards, the European Union has introduced cyber directive NIS2, as well as a number of sector specific regulations such as DORA which covers the financial services sector.  By mandating capabilities and setting minimum standards, regulations are designed to support businesses develop a robust security strategy and increase business resilience. The introduction of mandatory reporting requirements and data sharing provide greater transparency and can help other businesses enhance their strategies.

For example, the European Union’s Cyber Resilience Act (CRA), which will likely come into full effect in 2027, ensures that products with digital capabilities are placed on the market with fewer vulnerabilities and that manufacturers take security seriously throughout the lifecycle of a product. 

By establishing reporting requirements, and penalties for non-compliance, legislation puts new emphasis on information security. This not only strengthens security within individual businesses but also bolsters IT leaders’ confidence in outsourcing security to third-party software and hardware, as all businesses have a set framework to guide them. 

What does a strong cybersecurity strategy look like in 2025?

In 2025, a strong cybersecurity strategy is characterised by ensuring that CISOs are paying constant attention to the basics such as, managing the perimeter of a company, multi factor authentication (MFA), security patches, and a robust recovery action plan. While ensuring that good cyber practices are the enforced default with MFA and automated updates, educating employees on how to work in a secure way is crucial to mastering the cybersecurity basics which pose a persistent thereat to organisations. 

Employees are a company’s greatest strength in detecting cyber threats, especially as advanced phishing attacks continue to probe business defences. Fostering a company culture of zero blame, that embeds good cyber hygiene into all business operations is critical. 

Empowering and educating employees to recognise and report potential risks is critical in maintaining a robust cybersecurity posture. To safeguard against evolving threats effectively, employees need to be taught how to implement this methodology in daily routines. Making multi-factor authentication the enforced default is an easy first step to ensure data is accessed securely and reduces the risk of human error compromising systems. 

While the probability of a cyber-attack causing the demise of a company is relatively low, organisations must not underestimate the risk and its potential impact. Even a single successful attack could lead to significant operational disruption, forcing the temporary shutdown of the company. As a result, preparedness, good cyber hygiene, and response plans should be in place to ensure swift and effective recovery.

Follow us on Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke