In the rapidly advancing realm of technology, IT and security teams across the UK are confronted with significant hurdles, notably the challenges posed by outdated legacy systems and the burgeoning impact of generative AI. To explore these pressing issues, I recently engaged in an insightful discussion with Mark Thompson, an experienced IT manager at a prominent financial services firm in London. Our dialogue revealed the increasing pressures faced by his team and the broader implications for the industry.
Mark began by articulating the relentless struggle with legacy technology. He likened it to “keeping an old car running on a modern racetrack,” a metaphor that encapsulates the frustrations felt by many IT professionals. In an environment where cyber threats grow more sophisticated by the day, outdated systems represent a glaring vulnerability. “These systems were never designed with today’s threats in mind,” Mark noted. As a result, his team devotes a disproportionate amount of time to patching and reconfiguring, rather than innovating, which is a sentiment echoed by 75% of UK security leaders. Their reluctance to overhaul these systems stems from a tendency to expand existing tools rather than invest in modern, secure-by-design alternatives. Mark described this as “a piecemeal approach,” akin to constructing a precarious house of cards.
Compounding the complexity is the rapid ascent of generative AI, which, while offering transformative potential, introduces new risks. Mark characterised AI as a “double-edged sword,” capable of enhancing defences but also opening new avenues for attacks. The phenomenon of ‘shadow AI’—the deployment of unvetted AI tools by employees—has proven particularly challenging. “It’s like trying to keep track of a ghost,” Mark lamented, highlighting the difficulty of protecting assets one cannot see. This concern is shared by 77% of UK security leaders, who have observed a rise in security incidents linked to generative AI.
The cumulative pressure of these challenges has inevitably taken a toll on Mark’s team. “The burnout is real,” he confessed. “We’re constantly firefighting, and it feels like we’re always one step behind.” With 43% of UK IT and security leaders reporting similar feelings of being overwhelmed, it is evident that the current trajectory is unsustainable. Mark described the emotional toll on his team, noting that many talented individuals are “running on fumes” under the constant stress of potential breaches with catastrophic consequences.
Despite the formidable challenges, Mark remains hopeful about the future. He advocates for embracing change, not by discarding everything but by finding a judicious balance between maintaining essential elements and upgrading critical aspects. He supports a phased approach to modernisation, aiming to enhance security measures with minimal disruption. Prioritising account security, he insists on the necessity of robust authentication processes, such as two-factor authentication and security keys, to mitigate identity-based attacks. Mark also sees AI as a potential ally in defence, capable of proactively identifying and neutralising threats before they manifest.
Fostering a culture of security throughout organisations is another crucial aspect Mark emphasises. “Security isn’t just IT’s job,” he stated. “It’s everyone’s responsibility.” Empowering teams and educating them on best practices is essential for creating a secure environment. As our conversation drew to a close, Mark reflected on the broader implications for the industry. “We have to stay agile,” he stressed. “The threat landscape is constantly shifting, and we need to be ready to adapt.”
For organisations across the UK, the message is unequivocal: the time for decisive action is now. By addressing the dual challenges of legacy technology and generative AI, and by cultivating a pervasive culture of security, IT and security teams have the potential not only to withstand the pressures of this new era but to flourish within it. The industry stands at a pivotal juncture, and the path forward demands both resilience and adaptability. Through strategic modernisation and a unified approach to security, the future holds promise for those willing to embrace change.
Be the first to comment