As organisations race to modernise their digital operations, many still harbour the belief that more tools, more dashboards, and more AI will automatically make them more secure.
According to Sasha Slankamenac, architect in the office of the chief technology officer and practice lead: AI at Dariel, that belief is misguided.
“Security today isn’t failing just because attackers, are in fact, brilliant,” he explains. “It’s failing because environments have become so sprawling and fragmented that teams can no longer see what they own. You can’t protect what you don’t know exists and visibility, not volume, is the real battleground”
The security challenges that faced organisations in 2025 are increasingly tied to complexity:
- Shadow SaaS apps bought on company cards
- Forgotten cloud environments left running after projects end
- Legacy systems nobody wants to retire
- Dashboards multiplying faster than insights
Slankamenac says the first step to resilience is brutally simple: create a living, continuously updated inventory of the organisation’s digital estate. “Every other control — whether AI-driven or traditional — sits on top of that foundation,” he notes. “If your inventory is wrong, every dashboard, alert and risk model built on top of it is wrong too.”
Many organisations respond to rising threats by adding more tools. Slankamenac warns that this often creates security sprawl, where duplicated controls, overlapping features, and unintegrated data produce noise instead of protection.
“Security tooling shouldn’t be a landfill,” he says. “If your teams are drowning in alerts, you’re not safer — you’re blind. Consolidation is the new strategy: fewer systems, shared data models, open integrations, and clear ownership.”
Slankamenac believes the biggest cyber shift of 2025 is cultural, not technical. Organisations are beginning to recognise that cybersecurity is no longer a specialised IT problem — it is a business resilience function.
“Resilience grows when small incidents trigger learning, not blame,” he says. “A near-miss phishing email or a misconfiguration is not an inconvenience — it’s a rehearsal. The businesses that treat these moments as learning opportunities grow stronger every month.”
Instead of tracking abstract cyber metrics, he argues that the key measure for CEOs should be Mean Time to Detect and Respond (MTTDR) — the clearest indicator of readiness, fragmentation, and operational maturity.
Outdated systems are among the biggest security liabilities in South Africa.
Unsupported platforms, brittle integrations, and ageing data pipelines create governance gaps and widen attack surfaces.
“Modernising isn’t a vanity upgrade,” he says. “It’s a security strategy. The longer outdated systems sit in production, the harder they become to secure — and the cost of that risk compounds quietly over time.”
While cybersecurity technologies continue to evolve, Slankamenac emphasises that the organisations thriving today are the ones focusing on execution. “Security isn’t about the next big tool,” he says.
“It’s about consistently doing the basics well — visibility, integration, governance, recovery, and learning. Innovation is exciting, but discipline is what keeps businesses safe.”