On March 10-11, 2025, the 18th edition of the SEMAFOR 2025 – IT Security and Audit Forum took place in Warsaw, gathering professionals from across the cybersecurity, auditing, and IT governance sectors. As a must-attend conference for BitPeak, we participated in two days of presentations and panel discussions focused on emerging threats, regulatory changes, and practical strategies for building cyber resilience.

From deepfakes to RaaS: facing the new frontlines of cyber threats

The first and one of the most thought-provoking sessions was delivered by Ramona Ratiu, Head of Cyber Resilience Testing at Zurich Insurance. Her presentation, „Cyber Resilience in the AI Era: Adapting to Emerging Threats,” explored how new technologies, such as generative AI, are fundamentally reshaping the threat landscape. It was emphasised that deepfakes and synthetic media now pose a serious threat to both corporate security and trust. These tools are no longer confined to disinformation campaigns — they are being used in targeted phishing, voice fraud, and even the impersonation of executives in real-time. She highlighted the growing need for deepfake identification mechanisms and internal awareness to recognise manipulated content. She also explored the rise of Ransomware-as-a-Service (RaaS) — a commodified form of cybercrime that makes advanced attack tools available to virtually anyone. This model significantly lowers the barrier to entry for malicious actors, allowing them to orchestrate sophisticated attacks with minimal technical expertise.

 

One of the key points from her talk was the mindset shift she proposed: organisations must stop treating cybersecurity regulations as a checklist. Instead, they should „act like a fraudster” — proactively seeking out vulnerabilities like a cybercriminal would. She urged CISOs and resilience officers to adopt a continuous, scenario-based testing model that assumes attackers are already inside the system.

 

Cyber Resilience in the AI Era: Adapting to Emerging Threats

 

Bruno Horta Soares, President of the ISACA Lisbon Chapter, brought humour and urgency to the stage with „The Nigerian Prince on GenAI Steroids: Strategic Playbook for Tackling AI-Driven Fraud”. He explained how classic social engineering schemes are being supercharged by generative AI, and offered actionable strategies to mitigate these smarter, more scalable scams.

 

The Nigerian Prince on GenAI Steroids: Strategic Playbook for Tackling AI-Driven Fraud

How DORA and NIS2 are reshaping audit and risk practices

On the regulatory front, Marcin Sereda, CISO at Credit Agricole Bank Polska, presented „The Impact of the DORA Regulation on Internal Audit – New Challenges, New Opportunities”. He broke down the practical consequences of the DORA directive and emphasised the importance of aligning internal audit functions with operational resilience goals. His talk included real-world insights on compliance tools and organisational awareness.

The Impact of the DORA Regulation on Internal Audit – New Challenges, New Opportunities

 

Robert Ługowski, Cybersecurity Architect at Safesqr, presented another compelling regulatory-focused session. In „NIS2 …And What Next? Using Risk Analysis to Build Effective Protection”, he discussed how organisations can move beyond regulatory checklists to develop adaptive, risk-informed cyber strategies.

 

NIS2 …And What Next? Using Risk Analysis to Build Effective Protection

Securing the future: cyber resilience, fraud defense, and trust-building tactics

Ameet Jugnauth, Vice President of ISACA London Chapter, shared a strategic vision in his keynote „From Cyber Resilience to Digital Trust: Enhancing Brand Value through Security”. He demonstrated how cybersecurity could be reframed as a value driver rather than a cost centre, showing how digital trust initiatives influence reputation, customer retention, and long-term brand equity.

 

A very practical and eye-opening session was „HVT OSINT – How to Ensure the Security of Key Individuals Using OSINT”. The session highlighted tools and methods for identifying threats to high-value individuals, leveraging public data and social media to identify exposure and risks preemptively.

 

The session titled „Dear Money, Send Parents! – Protection Against Fraud with the BIK Group” offered a deep dive into fraud prevention. Featuring a collaboration with the BIK Group, the presentation highlighted current tactics employed in financial scams and how institutions can safeguard individuals and enterprises against financial loss.

 

The session „Building Safe AI Solutions with Small Language Models” underscored how smaller, focused AI models can support secure and compliant AI development. The speaker emphasised their advantages over larger models, especially in regulated sectors.

BitPeak embraces the future of AI and cybersecurity

Participation in SEMAFOR 2025 reinforced BitPeak’s commitment to staying at the forefront of cybersecurity, regulation, and AI-driven change. The event was not only an opportunity to absorb expert knowledge but also a space for exchanging perspectives, sharing challenges, and forging stronger connections within the professional community.

 

Participation in SEMAFOR 2025 reinforced BitPeak’s commitment to staying at the forefront of cybersecurity, regulation, and AI-driven change.

 

Sessions throughout the two days showcased how rapidly the cyber landscape is evolving, particularly in the context of AI, deepfakes, and regulatory shifts such as DORA and NIS2. What became clear is that true resilience goes beyond tools or frameworks. It lies in mindset, adaptability, and readiness to think like an adversary before one strikes.

 

BitPeak

Value from Data

longArrow Back to the list
Hi-Tech Pharmacy Energy IT technology