Information security experts highlight emerging threats during Davis College of Business Cybersecurity Trends panel

In the last 30 days, Jacksonville University blocked nearly 43,000 password attacks, in which attackers attempted to access password-protected accounts. In July, multiple attackers, primarily from China and Korea, unsuccessfully tried to log in more than 275,000 times over seven hours.

As a result of emerging cyber threats, a group of information technology security professionals recently gathered at the Davis College of Business and Technology for a panel discussion, presented by the Department of Homeland Security and Florida Blue, to discuss the latest trends and best practices in cybersecurity with local companies and organizations.

The panelists included JEA Chief Information Officer Brad Krol; Guidewell Vice President and Chief Information Security Officer Jason Raymond; Senior Cybersecurity Manager Taryn Swietek; and Department of Homeland Security Supervisory Protective Security Adviser Kirby Wedekind.

Moderated by Dr. Mini Zeng, Jacksonville University's Center for Cybersecurity director and associate professor of computing science in the Davis College, the panel opened by discussing the most significant emerging threats organizations should be aware of this year.

According to Brad Krol, some of the top threats are phishing, ransomware and vulnerability management. "In regard to ransomware, it's not a matter of 'if' but 'when' it will happen. Being able to detect and respond to cyber events is critical," he said, noting that offline and out-of-region backups are essential.

Raymond agreed that organizations need to keep an eye on AI but stated that the greatest threat is people. "If you think about the IBM breach report published in 2024, the No. 1 factor for companies that fared better after being victimized was that they were heavily invested in employee training."

Wedekind shared that China remains the most active and persistent cyber threat to U.S. government, private-sector and critical infrastructure networks. "Beijing's cyber espionage pursuits and its industry's export of surveillance, information and communications technologies increase the threat of aggressive cyber operations against the United States and suppress the free flow of information in cyberspace," he said.

The panel then moved to best practices for organizations facing recent IT disruptions.

Swietek emphasized the importance of redundancy. "Don't rely on one tool to do everything, and have that redundancy to protect your infrastructure should your primary systems go down," she said. "Run updates in a test environment before moving them to production. If you don't have a test environment, I'd suggest setting one up."

"Cybersecurity is everyone's responsibility," Wedekind said. "Providing interesting and compelling stories that demystify how IT works, and the cybersecurity measures required to protect it can help people understand why it's so important to use complex passwords and a password locker, update operating systems, implement multifactor authentication wherever possible, and know how to identify and report phishing."

Ultimately, the panel's insights offered a valuable glimpse into the complex nature of cybersecurity and raised awareness of how organizations might begin to address these threats and challenges in the year ahead.