[00:00:00] Speaker A: We cannot ask a customer to trust us and give us their data unless we have the foundation of security in place. And so the more we do to help create capabilities that provide the ability to share information, but share it in a safe way, the more that we can build the business and build opportunities for customers to use our product and our platform.
[00:00:26] Speaker B: This is katiecast.
[00:00:29] Speaker C: As a primary target for ransomware campaigns.
[00:00:32] Speaker A: Security and testing, and performance, risk and compliance. We can actually automate that, take that.
[00:00:37] Speaker C: Data and use it.
Joining me today is Chris Peake, Chief Information Security Officer from smartsheet. And today we're discussing what's ahead for cyber security in Australia and its impact on businesses in 2025. So, Chris, thanks for joining and welcome.
[00:00:55] Speaker A: Thank you. Yeah, thanks for having me. Looking forward to it.
[00:00:58] Speaker C: Okay, so let's start right now. So, obviously, at the time of this recording, it's relatively new into the year. So maybe what's in your mind for 2025? What do you think lies ahead? Keen to really hear your thoughts.
[00:01:11] Speaker A: I think I have to start with artificial intelligence. There's just so much going on right now in the space and across all technologies and environments. So I think that's just going to be a really exciting space. And obviously I stay focused on the security side. And so I see both some challenges that might come with the onset of artificial intelligence, but also some great advantages. So, you know, thinking of things like there's going to be a lot of potential attacks that evolve using artificial intelligence, we're already starting to see some of these things come about with more sophisticated phishing campaigns and that kind of thing. But also I think there's going to be some amazing advancements to help us address security challenges with using, using AI and agents and all kinds of technologies that are coming out now. So I think that's going to be one of the top things that I think we see in 2025 coming forward.
[00:02:00] Speaker C: Okay, so there's a couple of things in there. You said challenges. I'd love to explore that. And then once we do that, I'd love to then flip over to talk about, you know, how AI can be leveraged, like you said, like agents, etc.
[00:02:11] Speaker A: With any new technology, especially in the security field, you know, we're going to start seeing how the adversaries, the attackers are going to start leveraging these things. So, as I mentioned, the phishing is going to be one of those first ones that we're seeing arise. The quality of those phishing emails are getting better because they're able to use technologies to target individuals or organizations, you know, the deepfakes. We're already starting to see some of the deepfakes out there. But also researchers are now proving that AI can actually build code to exploit vulnerabilities and known vulnerabilities. I think the time to attack is going to shorten significantly once we start seeing adversaries use those technologies to build and craft their attacks or use vulnerabilities. So I think that's the challenge space that I see.
[00:02:56] Speaker C: And just before we sort of flip over to the other side, you said time was shortened in terms of attack. So, I mean, depending on what attack, some of these time frames are relatively short already. So now we're even increasing and putting the, you know, the proverbial, you know, gas on the fire. What do you think that'll look like now with leveraging AI? And like you said, like, people who don't even understand technology can, like, build code themselves, et cetera. So how. I mean, I know it's a bit of a hard question to answer, but, like, what. What are the sort of time, sort of increase. Like, are we talking like seconds, milliseconds, minutes?
[00:03:29] Speaker A: You know, think of if we take just the phishing scenario, you know, think of how much easier, easier it will be to target a variety of people simultaneously or very quickly bounce from one type of phishing attack to another. So that time delay, in terms of how long it takes to craft certainly is going to get much shorter. And in some cases, as you said, it could be, could be minutes or even seconds to pivot from one attack to another or to use bots and other technology to blast things out across a wide spectrum of targets. So in other cases, and that reference I said about researchers being able to use AI to write code to exploit vulnerabilities, as the technology gets better, it'll be very quick. Already we're seeing developers, you know, just write code and very quickly be able to script using artificial intelligence. So I think as the, as the adversary community starts adopting these, we're going to see that, that time window close for some of the attacks as well.
[00:04:27] Speaker C: And then, I know, unfortunately, depending on, you know, which mainstream media or certain media outlets sort of position AI, artificial intelligence, more specifically in a bad way. But on this show, people like yourself come on here and really talk about the good things that it's doing. So I always want to look at both sides to ensure that it's well balanced. And there's level of neutrality in terms of the questions that I'm asking. So I'm really curious. Now, from your perspective, where do you see the advancements with AI and security teams, et cetera, given the role that you're doing today?
[00:04:59] Speaker A: Yeah, yeah. And that there's absolutely a flip side to this. The technology and artificial intelligence is going to be a huge help. For example, we've already seen how the language models are able to take natural conversation to help search through a large amount of information. We know that organizations and vendors and researchers are already looking at how do we search through large amounts of data for like, security anomalies, so events. So making the job of the incident responder or your security operations center easier by digging through all that information with, by, by being aided through artificial intelligence tools. So I think there is definitely a flip side here that we'll see advancements and that will help the security. The organizations and the folks that are trying to defend and protect. We'll see advancements there that are going to help us confront some of those threats that I mentioned just a minute ago.
[00:05:52] Speaker C: So can I ask maybe a rudimentary question? So would you say with where we are today, with AI and as you said, with the advancements and things like, evolving so quickly, do you think we're in a better position today, or do you think we're in a better position like 20 years ago? Because, yes, like, the, you know, preliminary sort of AI was around, but not to the same sort of level it is today. Wasn't as ubiquitous. It wasn't as every. The everyday person could use it. What would you say if you were to sort of reflect on, you know, your career?
[00:06:21] Speaker A: Great question. I mean, I think it's interesting because the information that we have available to us today, in terms of detecting and finding the holes, if you will, in terms of infrastructure, we've got great tools to help us find vulnerabilities and detect them across, you know, distributed network. So there's a lot of capability. So we have more information than we've ever had before. But, but that is also part of the challenge, as I said. I think asking a human to consume all of that information and look for the proverbial, you know, needle in the haystack is a really tough job. And so I think we are better equipped today than we've ever been to address attacks. But again, that, that challenge is, is that there, the technology is being used against us in some cases, you know, with, with the adversary.
[00:07:08] Speaker C: So focus and maybe go into this a little bit more around security vendor and their tools. There's a lot of them out there. I'm really I'm at the coal face of this industry and even I get confused sometimes around, you know, delineating between one vend next. So you said before there is a lot of information. Now I know that, you know, the buyers have changed, they like to do their own research, etc. It's not sort of how it was like 10, 15 years ago, because the information is more readily available than it was obviously, as, you know, 10, 15 years ago. But with the whole, like, vendor community and the tools, where do you think that then sits? Because, I mean, I'm speaking to, you know, internal sizos and they're like, you know, we're going more towards platformization. We're doing a reduction in our tools, we're consolidating. You would have heard all of this stuff being said and thrown around in the industry. But then every time I look open LinkedIn, there's like a new vendor that's out there doing some tool. So do you think people feel overwhelmed? I think is is probably a given, but perhaps like confused around who's doing what, what capability, the overlaps, et cetera. Like, how does that then sit with you when I ask you that question?
[00:08:16] Speaker A: Yeah, it's really tough. I mean, on one hand, it's great to see so much innovation in the security space. I mean, it's fantastic. But you're right, it's. It's very difficult to keep up. So one of the things that I like to talk about is, and you might remember, I think it was a big thing for security teams probably a couple of years ago, maybe five, six years ago, we were all very proud to have our, our vendor slide. We had a slide that we would show. We've got 50, 60, you know, cybersecurity tools out there that we use to defend our environments and our networks. What we started learning was we couldn't get the true value out of all of those products. We couldn't actually keep up with maintaining them and configuring them and honing them so that we could use them effectively. And so now, the way I like to look at it is the ecosystem is actually more about the partnerships that the vendors have amongst each other so that we actually can use the products more efficiently as a team. So, you know, for example, at Smartsheet, we don't have a huge team, but we have a big job. We have a lot of cloud environment that we have to protect. We have a lot of customers we have to protect. So I'm really dependent upon the relationships that our vendors have with one another. To help me do and my team do the job that we need to do in order to protect customers. So I think that what the real pivot that I'm seeing is the collaboration among security products among those companies to build capabilities that work together. And that's why I call it this ecosystem. I think that as this ecosystem evolves and we get. Pull those capabilities closer together, that we'll, we'll start seeing the real power of how multiple tools kind of fit together to fill all those gaps and address the overall, you know, cybersecurity challenge of how we're addressing the threats.
[00:09:59] Speaker C: Would you also say that vendors are more willing to sort of work together? They don't see it as like a rivalry or they don't see it as like a competition. Are you seeing more of that in terms of camaraderie between the vendors working together?
[00:10:13] Speaker A: I do, I do see a lot more collaboration and there's a bit of coopetition, you know, that, that idea that there's collaboration and competition among some of the vendors. But, but overall, I think they realize that the space is now so big that they can actually focus on a particular area, leverage capabilities of another product to, to, to be married together and to provide, to provide better overall value to a customer. So I see a lot more of that collaboration happening today.
[00:10:42] Speaker C: So at the top of the interview, I sort of introduced what we're going to be discussing today. And part of that was impact on businesses in 2025. So I want to sort of go into this a little bit more. So when you say impact, what do you mean by this?
[00:10:57] Speaker A: Yeah, impact. You know, similar to how we were talking about artificial intelligence, there's a, there's a positive and a negative side of it. And I think typically in security, we like to think when we say impact, we're thinking of the more negative connotation, meaning if there is a security incident or a breach, this has an impact to the negative impact on a business and a negative impact on the data and security. But impact also can be a positive thing, meaning security can be a business enabler. So many organizations, if you think again, we've, for the last, but, you know, maybe call it 10 years, we've been going through this thing that we refer to as a digital transformation, meaning basically every business has had to take more of their processes and more of their procedures and digitize them systems to make them more effective and efficient. As we're doing that, the security has to come along with it. And so if we secure these capabilities, secure the systems in A way that enables businesses to use them more comprehensively throughout the business, you know, protect the critical information. Then actually security can, can enable that business to do more and be more effective and efficient with whatever their, their goals are and whatever business is focused on. So I do think that impact has that still that same, you know, traditional sense of, you know, boy, a cybersecurity incident could be massive impact to a business, to a brand. But I like also this flip side of it that, that it can be really a positive thing as well.
[00:12:26] Speaker C: Okay, so people in the industry do talk about business enablement. Do you think, though, in your experience with your role, do you think executives think that though, or do they just think that I'm just spending a lot of money on this security area? And I asked that only because that is, that can be the talk track of the reality of some of these people that don't understand it. So it's more so to understand from your perspective how that set sits with people, because again, we're insecurity. We're always going to think it's like the most priority, but then everyone's going to think what they do in HR and finance, you're going to think what they do is the most important thing.
[00:13:02] Speaker A: Yeah.
[00:13:03] Speaker C: So how does that sort of sit with an executive? Because some people have come on here and really just said to me, Chris, like, well, I'm just spending a lot of money on stuff that I can't see.
[00:13:13] Speaker A: It's a fair perspective. But I think really that's the job of the CISO today, to also present security from a frame of reference that by securing systems, by protecting data, by creating what I call guardrails for an organization, you know, how users will operate, that it can actually enable the business to move faster. So, and even, you know, in our business, we, as I said, we're responsible for a lot of customer information, a lot of customer data. The more security that we can provide and enable folks to use the product and the platform more freely across multiple use cases, it actually helps their business, which helps our business. So I think it's, it is a big part of the, of the CISO's role today to be able to talk with executives about how security can be beneficial for the organization, for the business.
[00:14:00] Speaker C: So what would you say CISOs in your experience are doing well when they're communicating with their executives around the whole business enablement thing? Because I know again, I've interviewed people that have said, you know, people historically haven't done a great job at this. They can't not really good at explaining it or, you know, building trust, perhaps. So is there anything you can sort of share?
[00:14:22] Speaker A: You can, you can tell the security programs that are successful at this because they tend to not have challenges with getting funding from the board, with getting support from executives, with getting partnerships from internal stakeholders. So you, you can kind of tell where, where it is successful because you can see these programs start moving even, maybe even faster than peers. But I think it's really about trying to explain the context for the threat that we're operating in and how security can actually by providing as, again, I'll use that term, guardrails, by protecting information in a way and giving some controls around how this information will be shared and maybe how it won't be shared, because that's an important part of it too, that the business can actually move forward knowing with the confidence that the information is being protected at the way it's being protected. It's a tough conversation for sure, not, not an easy one. But I think it's using those opportunities to explain how security can actually help the business. And bit by bit, it grows. It becomes part of just the, the common framework for conversation at the executive level.
[00:15:33] Speaker C: Do you think people get caught up in the wrong thing and presenting the wrong facts? And I say this because I was a reporting analyst back in the day, so I actually used to write the reports for the siso in a bank who would report into, you know, getting more funding and stuff like that. So that I think this really sits close to me. Would you say that people, like, people come out and say, oh, we blocked X amount of threats, like at the end of the day, I don't think an executive really cares about that. And so I've seen people in my career has focus on the wrong thing. Not like they've meant to, but again, maybe they've lost perspective of what the person who they're talking to what, what they actually care about.
So is there things that you've seen that has really worked for you even with within Smartsheet or perhaps previous roles that you think that, yeah, this has really sort of moved the needle internally?
[00:16:23] Speaker A: Yeah, I mean, yeah, to use an example, I mean, I talk frequently with fellow stakeholders in the organization, with the board, with executives about how the maturity of our security program actually unlocks business with customers, for example, because the better security that we have, the more trustworthy our security program is, the more likely we are to be able to bring, you know, customers specifically in regulated markets. And you think of all the requirements that the healthcare and banking and government have, you know, how it opens up the opportunity for more business and so making it real and saying in some cases, like here's a customer that was very concerned about these things. And because we had these security capabilities that enabled them to expand, you know, in using our product or our platform. Those are very helpful contexts and conversations to have at the executive level because it helps translate. Here's all these very specific things we're doing in security. But this is ultimately what the outcome is for the business and how it helps us. And that's when the unlock comes.
[00:17:24] Speaker C: Something I've observed recently is I'm an Australian, as you probably tell, but there's a lot of billboards around, like near the airport. And what I've noticed is banks, one of the banks I used to work for, they're actually now pushing hard around security and like where your partner in terms of security. So I've seen that in terms of a marketing strategy which I have spoken to internal Sisos about historically actually, so I'm starting to see a bit of an emergence on that front. So to your point, do you think that now businesses potentially could leverage how good their security is to market that in order to build that trust with their customers, et cetera. Because as you know, like, we've seen so many things happen lately and people are not as loyal perhaps as they used to be in terms of, for example, a bank. You know, it's not like you stay with the same bank for your entire life. People are switching. Loyalty just doesn't exist. So is that something that we'll start to see perhaps come into play in 2025 and beyond?
[00:18:22] Speaker A: It's all about trust. And so you're right, you mentioned, you know, that we're seeing a lot in the news, like there's been some really amazing, in not a good way, breaches of, you know, the public information over the last couple of years. And that, that has a significant impact on not just the organization that was breached, but, but the general, you know, public's perception of businesses who are managing data. So I do think that the more organizations come across as being trustworthy, having controls, caring about, honestly caring about the information that they have of their customers and, or their employees or just the public, I think that will start regaining. I think we have to earn it back. Right. It's not something that we instantly get, but we have to earn back that trust from the end users. So I think trust is going to become the thing that we talk more and more about. I don't think we're going to solve it in 2025 by any means, but I think it's something that is going, going to start seeing a lot more.
[00:19:19] Speaker C: Of in terms of consumers. One thing that I've also observed is depending on which generation, I'm a millennial, but specifically, I think Generation Z are very focused on companies that are, like, more sustainable, you know, more, you know, reducing the carbon footprint, et cetera. So do you think, like, now consumers are going to be focused on what company cares about security, would you say? Or would you. Do you think that I'm dreaming in this sense? Because we're obviously in security and we care about it. But you mean that people will be more looking closely at what sort of security precautions companies take?
[00:19:53] Speaker A: There's a link for companies that are, that are spending time on, you know, environment and talking about that. I think it's a. It's part of this piece of rebuilding, the. Rebuilding and regaining trust with the consumer because it shows that we care about other things than, well, money. So I think that's. That's never a good selling point. So the more that we can show, you know, that there's other things that we're trying to do, be good, you know, global citizens, all of those things are going to be important as the trust. I don't necessarily see it as a tie, meaning security and, you know, some of the environmental things. I don't. I don't think those two necessarily go together. I think security has to be something we have to show that we care about. And I think, you know, also caring about other things is important. But it's all. I do think that all of that relates back to building trust with the consumer.
[00:20:42] Speaker C: So can I just ask, how do companies show that they care about security? Now, I'm going to give you an example. So I've seen, like, tiny little font on a website saying, you know, we care about your security, or some lock on our website that we used to see in, like, the early 2000s, like, you would have seen that. And now obviously, like, that's still there or, you know, the capture. How do people demonstrate that with it being a genuine we care. You know, there's someone in marketing that just puts up something and they think, oh, you know, we've demonstrated trust now because we've, we've written something in some annual report that no one reads somewhere hidden somewhere. So how do companies do this effectively?
[00:21:20] Speaker A: It's funny because I think for both of us being security professionals, I think we will immediately recognize maybe more technical things like, oh, here's multi Factor Authentication. So this is a service or system that I'm more willing to trust than something else. So I do think that users are becoming more aware of some of the technical controls. At one point I think there was a lot of concern over is this going to impact the end user. If I add multi factor authentication, if I create another step that they have to go through, is this going to, is this going to impact the user experience? I see less of that now. I think actually those things are becoming more recognized as value by the consumer saying, yeah, actually I know this is sensitive information that I'm putting into the system. I want it protected and I want some of those guardrails to be in place, knowing that my privacy is protected, knowing that my data is going to be secure, knowing that this company actually cares about some, the threat and the attackers that are out there. So I think that the, that's probably the good thing that's happening right now is we're seeing some of that awareness from the consumer side and they're recognizing the things that probably, you know, us on the security side have, have known for a while, but now it's becoming much more prominent. And I think those kinds of things, seeing those on websites to your point, showing that we're, that organizations and products have security controls in place is actually going to be something that I think consumers start looking for.
[00:22:46] Speaker C: The other thing that was coming to my mind as you were speaking is some services that we just have to use. So whether it's, I don't know, private health insurance, whatever it is, and you know, some of these things are a little bit arduous to sort of switch because maybe their security's sketchy, for example. But do you think that some companies, they know that they're so big, they know that they have consumers, they're probably not going to switch. Do you think some of them perhaps gamble on that fact? Because they kind of know while we have, you know, millions and millions of people, maybe some of them, 10% of people, whatever it is, may get a little bit upset because we're not doing the best security practices, but because we're so big that, and it's too hard to move, we're not going to pay as much attention. Because I've, I've probably seen more up and coming companies very focused on it. And I've seen perhaps large, big mammoth beasts, not as good, which is concerning. But then I'm like, well, is that because they're like, well, we've got so many people anyway, so if you drop off, who cares? And the cost of a few people dropping off versus investing a bunch of money into it actually doesn't. Doesn't make sense in terms of our financial outcome. Do you see anything like that?
[00:24:00] Speaker A: What I'm seeing actually, and you mentioned that the up and comers, they're actually using security as a competitive advantage. And so I don't see as many. I think maybe, maybe the larger organizations and products and services, they might be a little bit slower to some things just because, you know, if you've got, you know, tens of thousands of employees, it's going to be a little bit harder to coordinate and manage and maybe be, and be innovative and get things out quickly. But I do see that there's a, that competitive nature of other new products coming out, leading a little bit more into. I think that, like, for example, you know, passkeys in the adoption, we see that much faster in some of the new products and capabilities coming out as opposed to some of the capabilities that have been out for quite a while.
[00:24:46] Speaker C: Yeah, okay, that's really interesting. So I, I was on Instagram the other day. I was watching Instagram reel and I, I was trying to save it and I couldn't find it anyway. I wanted to share it on my LinkedIn. It was just so interesting. There was this a random woman that started like having a meltdown around. I'm sick of pass keys. I'm sick of mfa. I don't care. I don't care if my account gets sort of, you know, breached. Like, I'm sick of it. Like, why are these people, like, she was like going nuts. I wish I found, I can't find it. How do we balance that? Because I get it, we're trying to keep people safe, but then again, it creates friction. People hate it. You know, they, they don't want to use these things because, you know, maybe, you know, they don't know how to manage these things effectively. And then they don't want to install two FA or mfa, but they have to because it's a requirement. How do we find that balance?
[00:25:37] Speaker A: I get that too. You know, there is frustration and with any new, you know, technology like the passkeys, and there's plenty of frustration around. I just don't quite understand this yet. So I'm not sure I like it. But I do think that the security professionals understand the risk that's out there. And so I think by forcing the issue a little bit, by, by pushing, you know, the consumer, by the pushing the end users to use these capabilities Even though they're, they might push back a little bit, it's actually the right thing to do to protect them. So I know some of the services and some of the peers that I've talked with now like doing things, just kind of staying with this multi factor authentication theme for a minute, you know, starting to enforce it. When they know that an end user has put sensitive information into their service and saying, you know what, this we know you just put in sensitive information in here, we want to make sure that it stays protected. We're going to force you to use multi factor. And that's that piece where I feel like that's where the trust comes from. And the user may not notice it up front, but if there is another breach of some other data, they'll be like, oh, I see why it was really important for me to protect this information. It may not be upfront that they, that they appreciate and respect it and trust, but I do think we, we again in the field, we understand the threat, we understand the attacks that are out there, we understand the risks that users take every single day that they're on the Internet and exposed. So, so trying to be more thoughtful and protective, Um, I still think it's the right thing to do and we'll pay dividends in the end.
[00:27:08] Speaker C: So one of the analogies that I was drawing upon when you were speaking as I think in Australia, it was like late, late 80s, early 90s, they enforced that if you're riding a bicycle you must wear a helmet. If you're not, you'll get fined if you know, someone catches you, for example. Now obviously that is because of the risk, right. I'm just trying to draw an analogy against what you've just discussed. So again like, people like, oh well, it's dorky, I've got to wear a helmet or whatever it is, right. But again it was saving people's lives. If they fell over, they hit by a car, it's going to protect them. Do you sort of think that there's going to be a little bit of people that get a bit upset, Like I mentioned the lady on Instagram losing her mind, but eventually people are just going to say, well I kind of get it now because you know, as we this year, but beyond there's going to be more and more breaches etc, so people will sort of just adapt to this is just how it is now. So like here in Australia, you know, you probably get the occasional couple of people that still don't like it, but majority of people are okay with it. Because they understand it's for their safety. Do you think we'll get to that stage in, you know, in this space?
[00:28:06] Speaker A: I do, I do, yeah. I mean, yeah, the analogy, the, the helmets for motorcycles, the seat belts in cars, you know, ask anybody that's that their life has been saved by those things. They have a complete and total appreciation for those things. And obviously I don't want to go too far down that analogy because, you know, security isn't quite the same. But, but the reality is, is there, the, there's significant impact individuals when they're, they're privacy, their information has been breached or stolen, their financial information or just their, their data is exposed. So I think, you know, as more people feel the impact of these things then that that kind of tide will change. We'll start seeing people with the adoption of motorcycle helmets and seatbelts will see an appreciation that this is actually just necessary because there is inherent risk.
[00:28:56] Speaker C: So now I want to sort of flip over and talk about, we sort of discuss at length around, you know, security and like you said before, competitive advantage, et cetera, security enablement within organizations. But you sort of talk about security being the foundational aspect of a business strategy. So walk me through your thoughts here.
[00:29:14] Speaker A: Yeah, and I guess I come from a perspective of where security is foundational to the business that my company's in. And because we, we are responsible as a cloud service, we're responsible for protecting customer information. And so it does have to be a foundational component to not just the security program, but to the business itself. So the things that we do to secure the cloud environment, to protect our, even our corporate environment, the products and capabilities that we put into our platform, all of those things are necessary in order to do, to do business, essentially. I mean, we cannot ask a customer to trust us and give us their data unless we have the foundation of security in place. And so the more we do to help create capabilities that provide the ability to share information, but share it in a safe way, the more that we can build the business and build opportunities for customers to use our product and our platform.
[00:30:19] Speaker C: And then you also talk about integrating security across all operations. So obviously, you know, finance, hr, et cetera. How do you do that effectively? And that way everyone's sort of on the same page.
[00:30:32] Speaker A: Well, and it's not necessarily the same for every function. I mean, I think, you know, we're seeing a lot of attacks against organizations specifically to get money. Right. Cyber crime is, is on the rise from a financial perspective. So organizations being targeted with social engineering Campaigns to try and get somebody to, you know, purchase a bunch of gift cards, for example, we're seeing a lot of those things. So it's about making sure that security, appropriate security controls for each function of the business are applied to protect that specific function. So that I, you know, you talk about finance, but just the same, this past year we've heard about in HR and recruiting having people impersonate, you know, legitimate users, but actually, in fact being, you know, hackers themselves. So I think there's a, there's a whole new method of operating that impacts every part of the business that we have to look at from a security lens. And so it's about not applying the same security controls to the entire business, but looking at every part of the business and making sure that the appropriate controls are in place.
[00:31:39] Speaker C: So recently, in a few, last few years, we've had these major breaches in Australia, which you've probably heard about. And some of the commentary online that I read, etc, was like, people were saying, oh, well, my data's already out there, so who cares now? So do you think people are becoming desensitized because they're like, well, I wasn't in that other breach and, oh, well, it doesn't matter now. I mean, like, in some of these breaches obviously were quite like, they're like medical records, for example. So it wasn't just, you know, your name and your email, et cetera. So how does that then sit with you? Do you think people, like companies are gonna be saying, like, you know, we obviously care about data. Oh, then a breach happens. But do you think that people are getting to the point that it doesn't impact them as much?
[00:32:23] Speaker A: I do think that there's a bit of the, the surprise is gone in terms of, you know, we, we see that there's been another, you know, million records released or something like that, and it doesn't quite have the same impact or shock that it first had. So I do think there is a bit of, we're getting a little bit desensitized because it's happening so frequently and we're also, you know, not holding a grudge as much on brands. So if one company, organization had a breach, we don't hold it against them for as long as maybe we did when we first saw some of the early breaches back years ago. So there is a bit of that. As far as the concern around data, though, I think there's probably a couple things that are happening. I do think we're putting a lot more information that's personal to us out in social media. So on one hand we're freely sharing the information ourselves, but we also don't want it abused. So obviously, you know, throughout Europe and a lot of countries are developing their own privacy laws to specifically protect, you know, citizen rights, you know, as it comes to the use and, or in potential abuse of their information. There's a bit of a balancing act to this. So I don't, I don't necessarily see that people are getting used to the idea of their information being abused. I see still quite a bit of concern there, but maybe, maybe, you know, not quite as shocked that when we do see these, these significant breaches happen, that we're surprised that it happened. It' more of a realization that what I'm hoping is that folks realize that the, that the risk is, is very prominent and the threat is prominent.
[00:34:04] Speaker C: Yeah, that's interesting because it's just obviously I'm doing research and stuff online for my job. I'm noticing that from people and I like to look at all angles. I don't just like to focus on what a security person thinks, like, you know, an everyday sort of person, like what do they think about, what do they care about? Because these are ultimately the customers that, you know, people like Smartsheet, but also other businesses out there that are dealing with. So I think that, I think that's a really good point. And then in terms of if you were to zoom out with, you know, 2025, as, you know, obviously we're new into the year, but is there anything else? I know we spoke about AI etc, but what else do you think will. Will come up in terms of on the horizon for 2025?
[00:34:43] Speaker A: I think it's going to be a year of a lot of innovation and it's, it's going to be hard to qualify that because I feel like, you know, prior years have also seen a lot of innovation. But it's interesting the spark that AI has started and admittedly, I think you said it earlier, machine learning has been around for a while and we're kind of flipping. I see a lot of organizations and products kind of changing that machine learning language to AI. And so now it's looking like everybody's doing AI when in fact a lot of organizations were doing machine learning for quite a while. But the spark of innovation is pretty impressive right now and the speed at which products are being released in the technology is pretty impressive. So I think 2025 is going to be another year of just impressive innovation across the technology space. I hope that translates to a lot of very useful capabilities that people will adopt in their daily lives. I'm seeing that already, I think again with the AI and how people are using ChatGPT and other capabilities just in the consumer space in daily life. So I think that's going to be really interesting and I think it will shape, you know, maybe some of the jobs and we'll start seeing how that's going to impact how people look at, you know, career fields, for example, and what they want to do professionally. So I think, yeah, I think in general it's just going to be a very interesting time.
[00:36:11] Speaker C: And Chris, do you have any closing comments or final thoughts you'd like to leave our audience with today?
[00:36:16] Speaker A: I just think that the more folks can lean in on security, learn it, use AI to learn more about it, you know, the better equipped we're going to be. There's a lot of risk out there, but I think the more informed we are, the better off we are. Maybe that's my final thought is just to just to hope that folks hear things like this and dig in a bunch deeper.
[00:36:38] Speaker B: This is KBCast, the voice of Cyber.
[00:36:42] Speaker C: Thanks for tuning in for more industry leading news and thought provoking articles, visit KBI Media to get access today.
[00:36:51] Speaker B: This episode is brought to you by MercSec. Your smarter route to security talent Mr. Executive search has helped enterprise organizations find the right people from around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently. Find out
[email protected] today.
