EMA Research Blog: Navigating IT and Security Horizons

The Nobel Committee has spoken, and for those of us living in the bright lights of the cybersecurity world, it is a day of celebration. The 2025 Physics Prize, awarded to John Clarke, Michel H. Devoret, and John M. Martinis for their work on "macroscopic quantum mechanical tunnelling and energy quantisation," isn't just a headline; it is a validation of the potential of the Quantum Age.

The world of digital marketing thrives on data, and for years, Google Search Console (GSC) and third-party SEO tools have been our compass. But as an industry analyst, I can tell you that the past few weeks have felt like driving a car without windows! What initially appeared as inexplicable fluctuations in our SEO dashboards has coalesced into a clear, albeit unsettling, picture: Google quietly pulled the plug on a foundational data-gathering mechanism, unleashing a wave of disruption that impacts everyone from enterprise marketers to cybersecurity businesses.

The digital threat landscape is accelerating, making it critical for security leaders to prioritize the most impactful shifts. Instead of trying to tackle every emerging threat, focus your strategy and budget on these five essential cybersecurity trends that will dominate 2026, forcing a fundamental change in how your organization protects its assets.

The recent conclusion of Black Hat USA 2025, which saw over 20,000 security professionals converge in Las Vegas, served as a powerful barometer for the state of the cybersecurity industry. The event, with its more than 100 briefings and 115 in-person tool demos, underscored the continued evolution of the threat landscape. The conversations in the business hall and around the conference revealed a cybersecurity world trying to grapple with new forms of risk, a shifting vendor landscape, and an ever-expanding attack surface that now extends to every corner of our digital lives.

Organizations are constantly dealing with rapid shifts toward cloud computing, escalating security threats, and regulatory frameworks that have necessitated more robust solutions in data governance. As they continue to accumulate more and more sensitive data, the need for visibility into data assets becomes obvious. Moreover, regulations such as GDPR, HIPAA, ITAR, and PCI impose stringent compliance requirements, compelling organizations to ensure that they can not only manage, but also protect, their data effectively.

Welcome to the recap of the Enterprise Management Associates (EMA) Cybersecurity Awesomeness (CSA) Podcast. Hosted by Chris Steffen, Vice President of Research and Ken Buckler, Research Director at EMA, the CSA Podcast covers a wide range of cybersecurity topics, from cyber workforce talent shortages to cyber threat intelligence, to current events in technology and security. This short, laidback podcast is for listeners of all skill levels and backgrounds.

Fresh off a week at the Splunk conference (called .conf24), I want to share a few insights about my time at the show.

Another RSA conference (not RSA, not #RSA, but “THE RSA Conference” – those that bought the conference do not want it to be associated with RSA the company, which leads me to wonder why they didn’t just rename the thing to something else more securityish) is in the books, and I thought I would share a few thoughts about things I saw and vendors that I met with at the conference.

In 2024, we will continue to see globally significant advancements in information security and regulatory compliance spending for organizations of all sizes. From zero trust architecture to the integration of AI-driven solutions and the growing emphasis on regulatory alignment, 2024 will redefine how organizations safeguard sensitive information, navigate compliance complexities, and fortify their API ecosystems. Understanding and adapting to these transformative trends will be pivotal for businesses aiming to stay resilient, secure, and compliant in a time noted for rapid technological advancements and stringent regulatory landscapes. Here are our predictions for information security in 2024.

To celebrate Star Wars Day, I thought I would share a few ways in which the Empire did not adhere to information security best practices, and that enabled the Rebels to win.

To be clear: I do not support the Empire, the Sith Lords, or any other types of scum and villainy. Nor am I trying to portray the Rebel Alliance as a weird, Force-wielding, Galactic hacker consortium or something. But had the Empire not been so lax in their security controls, Emperor Palpatine and his buddies might have been able to bring their “order and peace” to the galaxy.