Earlier this year, we announced our partnership with Remitech, a leading software partner specialising in security and workplace technology for disruptive, cloud-first businesses. 

At this year’s Black Hat Europe 2024, we sat down with David Remington, the founder and CEO of Remitech, to address some of the most pressing challenges in IT security. With Black Hat being the go-to event for the latest in cyber threats and solutions, there’s no better backdrop for this conversation.

We asked David what he sees as the most pressing challenges of the next twelve months, especially when it comes to staying one step ahead of evolving threats, and how organisations can better safeguard their systems and data. 

Let’s dive in.

Hey David, thanks for joining us today! How’s Black Hat Europe going so far, especially with everything we’ve been doing together at the Metomic booth?

It’s been great, thanks! It’s always an interesting experience being here and speaking with such a wide range of cyber professionals, but this year, the partnership between Metomic and Remitech has made it even more exciting. It’s been a great opportunity to share how we’re addressing the latest data security challenges in the SaaS space together. 

What are the most significant cybersecurity trends you’ve observed in recent years, and what do you think we'll be seeing more of in 2025? 

The rise of generative AI is one of the biggest concerns that people have had, in terms of people uploading company data into publicly available models that are being trained on business data, some with very sketchy privacy rules. That has been a big issue for businesses - trying to secure what end users were loading into these models and trying to avoid public AI models from being trained on company data. 

Looking forward to next year, I think one of the biggest concerns is going to be around the area of AI video and audio creation. AI models are now so good that they can create very realistic-looking video and audio. When this can be done in real-time, trust in who you’re speaking with remotely will be completely eroded. Imagine that a model that's so good that you can't tell if the other person at the end of a Zoom, Teams or Google Meets call is who they say they are: You won't know if it is actually the CFO that's telling you to pay that million-pound invoice, or if it's a sophisticated social engineering scam, using advanced AI video generation and a model that has been trained on public-facing company data and social media accounts. 

So I think one of the trends we're going to be seeing next year is the continued moved towards physical tokens and biometric verification. 

We're currently at Black Hat Europe. Could you tell us more about the conversations you've been having, and what people are looking for right now? 

It's a real mix. A lot of people are here to learn, to see what the latest trends are, and see how they can protect themselves going forward as well. But the problem with security nowadays is that there’s such a plethora of different categories that it's impossible to keep on top of it all.

One example is that there are all of these amazing SaaS technologies that allow people to share data, collaborate on projects and just generally get work done. The problem is that people are loading sensitive information into all of these different platforms, which makes it very easy for slip-ups to occur and for people to unknowingly share sensitive information with the wrong people.

We’ve been speaking with people a lot about how a tool like Metomic can mitigate that risk by securing your company data and making sure that you're not sharing anything sensitive via a public-facing Google link.

Metomic is talking about the ever increasing risks of Insider Threat at Black Hat this year. Do you see a lot of Remitech customers requiring support with insider threats? 

A lot of the mistakes that employees make are just that—mistakes. They're not malicious. They're not intended to cause huge breaches. But it happens by accident because you don't necessarily have security or privacy by design baked into your system. So I think anything that can prevent that inadvertent breach of sensitive data is going to be really, really key, particularly in this new compliant world.

Insider threats which are of a more nefarious nature are much more difficult to secure. We saw in the news recently that a very well-known cybersecurity company inadvertently hired a North Korean spy who tricked them using AI-generated images. Thankfully they had technology in place to alert them to unusual behaviour and prevent real damage…but if they can be fooled then the risk is 100x greater for companies not specialising in cybersecurity. 

As global regulations like GDPR, DORA, and others become more prominent, how are businesses adapting their security practices to stay compliant while maintaining productivity? 

When these regulations come about, a lot of people feel hesitant or frustrated, but the reality is, that regulation is there to protect people. Without regulation, it’s the Wild West. Anything can happen, and people can and will use your data however they want or budgets won’t be allocated to important security projects as they’re not seen as mission critical. 

So regulation is really important and a very positive thing for ensuring that businesses act in the right way and that end users are protected from both internal and external threats. Regulations like DORA are going to be a real enabler for IT and Security folk to unlock new budgets and finally get approval for the deployment of security tools that they’ve been asking for for years. And we at Remitech can help businesses figure out which SaaS tool is right for them and ensure they’re buying it at a savvy price. 

Whilst we’re on the shameless plug, we at Remitech do a lot on the compliance automation side of things too — helping businesses who are trying to be compliant with GDPR or DORA, so they don’t have to manually do tasks every single year. 

With the proliferation of SaaS applications including GenAI, how can organisations stay ahead of risks associated with misconfigurations or shadow IT?

What's happened in the last decade is that the usage of SaaS applications has absolutely exploded in organisations. Now, it's not uncommon to find over 1000 different SaaS applications. 

People want to use any tools that will help get their work done quickly and efficiently, but ensuring that it's done in a secure and compliant way is also really important. It’s a fine line between ensuring the business can continue to operate efficiently and not be at risk of a regulatory penalties for loading sensitive information into a new SaaS tool that has very poor security or privacy rules around it. 

It's a really challenging line that the CISOs or the IT security team have to walk between control, security and enabling work to get done. There's not one right answer for that. Every organisation is going to have a different risk versus reward profile, and there’s a plethora of different tools out there that can help monitor what SaaS applications are being used.

I would say it's a difficult conversation to have, but ensuring that you provide your end users with a set of compliant best-of-breed tools will avoid them having to go out and find their own tools.

Thanks so much for taking the time to chat with us today, David. It’s been a pleasure hearing your insights.

You’re very welcome! It’s been great to be here with you at BlackHat, and I’m excited to see what we continue to achieve together.

Conclusion

With so many emerging threats and regulations in play, it’s clear that staying ahead of the curve is no easy task. 

But with the right partnerships and tools, businesses can safeguard their sensitive data and stay compliant, while enabling their teams to work securely.

If you want to learn more about how Metomic can help your organisation protect sensitive data in SaaS applications, reach out to our team today.

‍