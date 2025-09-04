Brian Wagner is a globally recognised cybersecurity expert and dynamic keynote speaker, currently serving as Chief Technology Officer at Revenir and formerly heading compliance for Amazon Web Services' Financial Services division in EMEA.

With a career spanning over two decades—from early roles at Cisco and Ford to leadership in fintech and cloud security—Brian has consistently shaped how organisations protect themselves in today's volatile digital economy.

His writing—including the influential book Redefining Information Security—and speaking engagements at major events like RSA, AWS Re:Invent, and ISC2 showcase his talent for making complex cyber concepts accessible and business-relevant.

This exclusive interview, made possible through the Champions Speakers Agency, explores Brian's urgent recommendations on blocking ransomware, defending against human-centered attacks, preparing for quantum-era threats, and navigating the far-reaching impact of GDPR in safeguarding client data.

Q1. Cybersecurity spending is at record highs, yet breaches continue to climb. In your view, what are the most effective, practical defenses businesses should prioritize today?

Brian Wagner: "Well, I think absolute top tips should be easy to implement and realistic. So, I think number one: use a password manager.

"A lot of the breaches that we see now are commonly used passwords, or passwords that are leaked on the internet, things like that. So that's probably the absolute number one easiest way to prevent a breach.

"Another one is to be vigilant on the email side. Phishing – if you're not familiar with the term, phishing is a way to get people to send information, either your username, password, or bank details.

"When we're talking about businesses, if someone gets phished it's typically for their credentials, and then somebody uses those credentials to log in and wreak havoc.

"There's really not an individual action item there, but just being sceptical of all emails is the takeaway.

"And then I think one more very useful tip for businesses is if they can enable multi-factor authentication. Everybody's using third-party services these days; everything is subscription now, you pay monthly for just about every software we have and there are logins everywhere.

"If you do lose your password to somebody else or the password is given up, with multi-factor authentication in place even someone with that password – if they don't have that second factor – then that password is effectively useless.

"Like I said, there's probably more to it, but from a realistic "what can I do right now, what can I do tomorrow" point of view, those are absolutely the best we can do."

Q2. When it comes to data breaches, statistics often point to human error. From your experience, why are people still the weakest link in security?

Brian Wagner: "Sadly, it's human beings. Humans are sort of trusting by nature, it's just ingrained into our being.

"Statistically, it's factual that it's all about phishing – people are the weakness. Traditionally, before email was even a big thing, the exploit would be something more physical.

"For example, someone might walk into a front office and say, "I'm late for a job interview, can you please print my CV?" and then hand over a USB stick. That's what would breach the system.

"These days, with remote working especially, phishing is absolutely on the rise. To answer your question more broadly, people are unfortunately the weakest link in any organisation when it comes to data security."

Q3. Looking ahead, what emerging technologies or trends do you believe could define the next wave of cyber-attacks?

Brian Wagner: "Ooh, the next… wow.

"I think it's going to be related to the strides we're making in terms of things like quantum computing and futuristic computing. As our compute power gets more and more powerful, there'll be a time where our current encryption mechanisms will be rendered useless.

"I don't know if it's going to be the very next one, but if we look at how encryption is done today and how data is protected digitally, there's a time in the not-so-distant future where that's going to be… I wouldn't say obsolete, but it will be able to be broken within a reasonable amount of time by things like quantum computing, or just generally more powerful compute."

Q4. Ransomware has become one of the costliest threats in recent years. If a business finds itself financially extorted by hackers, what steps should it take?

Brian Wagner: "First of all, do not pay them. That is the absolute number one thing to do – do not pay them. That is why we have cyber-crime, we have ransomware attacks, because it is lucrative. If it didn't make anyone any money, no one would actually do it.

"That is absolute number one. I think number two would be to figure out what the impact is.

"Ideally, if you've already been backing up and archiving data, then it would be an inconvenience at worst. If you had backed-up data, you wouldn't theoretically lose data. Once that data never becomes unencrypted, you would ideally have a backup of it.

"The inconvenience from the business side is that it will take time to restore that data – that's an outage for some period of time, which again is an inconvenience at worst.

"The other side of it is it depends on what data is being stolen or ransomed. If that attacker decides they want to exploit that data, is it personal information? Is it information about your customers? Or is it internal information?

"If it's external customer data, if they stole logins, passwords, personal data, things like that, then you as a business have an obligation to notify those people.

"Not just under GDPR, but even as a respectable business you should absolutely reach out and say, "Look, this is what's happened, here's what we think they took, and you as an individual need to be vigilant."

"But like I say, rule number one: don't pay them."

Q5. Since the introduction of GDPR and similar regulations worldwide, how has the way businesses manage and protect client data fundamentally changed?

Brian Wagner: "It's really put a lot of responsibility on how data is handled. That was the whole point.

"Before GDPR was a thing, globally data was treated very casually. Companies would say, "Wow, we can just look at all this data, we can make money from this data" – it was a revenue stream for a lot of companies.

"But GDPR makes you really think about how that data is being used and shared. It's inconvenienced a lot of companies who weren't really looking after their data, because they've had to restructure the way they store and share it. Asking for consent from every individual is not something that a lot of companies were used to doing.

"What it's really done is it's brought a lot of responsibility and consideration into how you build infrastructure and how you protect data, which I think is good for everybody. It's beneficial for the whole world – businesses and individuals alike."

This exclusive interview with Brian Wagner was conducted by Tabish Ali of The Motivational Speakers Agency.

