Introduction
Infosecurity Europe 2025 highlighted the critical importance of mastering cybersecurity fundamentals amidst evolving threats [3], with a particular focus on human behaviors and identity controls. The event underscored the necessity for organizations to adopt multi-layered security measures and foster a security-conscious culture to effectively mitigate risks.
Description
Infosecurity Europe 2025 underscored the critical importance of mastering cybersecurity fundamentals in the face of evolving threats, particularly emphasizing the role of human behaviors and identity controls [1]. Industry experts highlighted the alarming rise in voice phishing attacks, where cybercriminals impersonate internal IT departments using deepfake technology to trick employees into disclosing sensitive information [3]. This situation reinforces the necessity for organizations to implement multi-layered security measures, including unique verbal passcodes [3], to enhance their defenses.
With over 56% of attacks in Q1 2025 attributed to credential theft, the absence of multi-factor authentication (MFA) remains a significant vulnerability. Experts advocate for moving away from SMS-based two-factor authentication (2FA) due to its susceptibility to SIM-swapping [3], recommending more secure alternatives such as FIDO-based security keys and biometrics. Additionally, the rise of advanced social engineering techniques and vulnerability exploits necessitates a proactive approach to risk management and clear communication within organizations.
Creating a security-conscious culture involves reducing friction and protecting users [2], as employees face both external threats and internal pressures that can lead to errors [2]. Organizations should focus on minimizing the impact of mistakes [2], ensuring that if one person clicks on a malicious link [2], the entire organization is not compromised [2]. As traditional awareness training proves inadequate, organizations are urged to adopt real-time behavioral nudges and cultivate a culture of human risk management [3]. Encouraging employees to report mistakes in a non-punitive environment is essential for building resilience [3].
A positive security culture can be fostered by emotionally resonating with employees [2], as simply implementing controls is insufficient [2]. Incentives [2], such as cash rewards for reporting phishing attempts [2], can bridge the gap between intention and action [2]. Engaging employees in the security narrative is crucial; if they feel involved [2], they are more likely to adopt secure behaviors [2]. The transition towards a “Just Culture” model [3], where errors are perceived as learning opportunities [3], is vital for bridging the gap between technical controls and human reliability [3].
Key pillars for building a supportive security culture include creating security champions [2], sharing impactful stories [2], balancing intensity with consistency [2], employing choice architecture [2], and focusing on user-centric security [2]. In this context, security leaders must prioritize foundational elements [1], including effective spending strategies and mature vulnerability management processes, to effectively address ongoing challenges amidst rapid technological advancements. Evaluating whether security strategies adequately prioritize these areas is crucial for organizational success.
Conclusion
The insights from Infosecurity Europe 2025 emphasize the need for organizations to strengthen their cybersecurity frameworks by integrating advanced authentication methods and fostering a culture of security awareness. By addressing human factors and implementing robust security measures, organizations can better protect themselves against the increasing sophistication of cyber threats. As technology continues to evolve, maintaining a proactive and adaptive approach to cybersecurity will be essential for safeguarding organizational assets and ensuring long-term resilience.
References
[1] https://www.infosecurity-magazine.com/news/cyber-trends-cisos-know/
[2] https://insight.scmagazineuk.com/infosec2025-building-trust-and-culture-with-employee-adoption
[3] https://undercodenews.com/top-cybersecurity-trends-from-infosecurity-europe-2025-human-behavior-identity-and-ai-frontlines/
