Cybersecurity in Flux: Brian Wagner on Human Risk, Quantum Threats, and GDPR’s Impact

Brian Wagner stands as a distinguished authority in cybersecurity and compliance, with a career spanning over two decades at the forefront of technological innovation. His notable tenure includes serving as the Head of Compliance for Amazon Web Services’ Financial Services division, where he played a pivotal role in shaping security protocols for the financial sector.

Currently, as the Chief Technology Officer at Revenir, Brian continues to lead advancements in security and technology transformations. His extensive experience encompasses key positions at industry giants such as Cisco Systems and Ford Motor Company, underscoring his profound expertise in cloud computing, risk management, and security architecture.

In this exclusive interview, we delve into Brian’s insights on the evolving landscape of cyber threats, strategies for businesses to fortify their defences in a perimeter-less environment, and the critical importance of human factors in cybersecurity.

Q: From your experience, what would you say is the primary factor behind data breaches in modern organisations?

Brian: “Sadly, it’s human beings. Humans are inherently trusting by nature—it’s something ingrained in us. Statistically, it’s factual that the biggest vulnerabilities are related to phishing, and ultimately, people are the weakest point.

“Traditionally, before email became a major attack vector, exploits were more physical. For example, someone could walk into a front office claiming they were late for a job interview and ask for a CV to be printed. They’d hand over a USB stick, and once it was plugged in, the system would be compromised.

“Nowadays, especially with remote working, phishing has surged. But I don’t want to lean on phishing for every answer. More broadly speaking, people unfortunately remain the weakest link in any organisation when it comes to data security.”

Q: For businesses looking to strengthen their defences, what practical steps would you recommend as top priorities to guard against cyber attacks?

Brian: “I think the absolute top tip is something easy to implement and realistic. So, number one: use a password manager. Many of the breaches we see now are due to reused passwords or passwords already leaked on the internet. That’s probably the simplest and most effective step you can take.

“Another critical area is vigilance with emails. If you’re unfamiliar with the term, phishing is when attackers trick individuals into revealing information—usernames, passwords, bank details, etc. In a business context, it’s usually credentials they’re after, which are then used to gain access and cause chaos.

“There’s no single action to stop phishing completely, but the key takeaway is to be sceptical of all emails.

“One more very useful tip is to enable multi-factor authentication (MFA), especially now that nearly every tool is subscription-based with online logins. MFA means that even if your password is compromised, the attacker would still need that second layer of verification. Without it, the password alone is effectively useless.

“There’s definitely more to say, but if we’re talking about simple, actionable steps you can take today—those are among the most effective.”

Q: In what ways did the Covid-19 pandemic and the shift to remote working increase cybersecurity vulnerabilities for businesses?

Brian: “Absolutely—it had a significant impact. Remote work is definitely on the rise. I work from home myself.

“When you’re in an office, you’re on a known network, in a known space. Is it always the best setup? That varies, but at least it’s predictable. You know where the perimeter is, and how the internal communications are structured.

“When working from home, that perimeter disappears. It’s dissolved. There is no perimeter anymore.

“To use an analogy—it’s like a fortress. In a fortress, you protect the walls, and anyone inside is assumed to have some level of trust. It’s the same in an office—if you’re physically there, you’ve probably passed some security checks or are recognised by others.

“But without that physical perimeter, the digital attack surface expands dramatically. More devices, more access points, more risk. And with that comes greater opportunity for attackers.”

Q: Looking ahead, what do you anticipate will be the next major evolution or style of cyber attack that organisations need to prepare for?

Brian: “That’s a big one. I think we’re making real progress in areas like quantum computing and other future-focused tech.

“As computing power grows, there will come a point where our current encryption mechanisms may no longer hold up. I’m not saying it’s the very next style of attack we’ll see, but it’s on the horizon.

“If you look at how encryption works today and how we protect digital data, there’s a point in the not-too-distant future where these protections could be broken—either by quantum computing or by significantly more powerful systems.

“It’s not about panic, but preparation. These evolutions are coming, and we need to be ready.”

Q: Since its introduction, how has GDPR influenced the way businesses handle and safeguard personal data?

Brian: “GDPR has introduced a significant level of responsibility—and that was the point.

“Before GDPR, data was often treated very casually. Companies would think, “Let’s collect as much as we can—maybe we can monetise it.” For many, data was simply a revenue stream.

“But GDPR forces you to really think about how that data is used and shared. It’s caused inconvenience for businesses that weren’t managing data properly—they’ve had to restructure how they store and process it.

“Asking for explicit consent from individuals wasn’t something most companies were used to. But now, with GDPR in place, there’s a new level of accountability and consideration in infrastructure design and data protection.

“Ultimately, that’s a good thing—for everyone. It benefits individuals and businesses alike, and it’s pushing the whole world towards better data hygiene and digital responsibility.”

This interview with cybersecurity expert Brian Wagner was conducted by Mark Matthews.

The post Cybersecurity in Flux: Brian Wagner on Human Risk, Quantum Threats, and GDPR’s Impact appeared first on European Business & Finance Magazine.