Cybersecurity is a business issue, not just a technology issue anymore
Corporate cybersecurity is facing one of its most challenging periods. Today, protection is no longer limited to the organization’s traditional perimeter. Opinion piece by Néstor Markowicz, COO of CertiSur.
Starting February 24, 2026, TLS/SSL certificates issued through DigiCert CertCentral will have a maximum validity of 199 days, instead of the current 397 days.
This modification also applies to EU Qualified Website Authentication Certificates (QWAC) and QWAC PSD2.
Corporate cybersecurity is currently at a critical juncture. It’s not just about defending the traditional company perimeter, but about confronting a reality where supply chain attacks have reached record levels. Malicious actors have changed their strategy: they no longer target only core organizations, but are instead seeking vulnerabilities in their suppliers, SaaS integrations, and third-party services.
This external scenario is compounded by a critical internal weakness: organizations are facing a growing shortage of specialized talent. The lack of professionals capable of anticipating and managing interconnected risks leaves internal teams overstretched, trying to do more with fewer resources. This double pressure – supplier insecurity and skills shortage – is emerging as the most urgent challenge for CISOs heading into 2026.
The reality is that each new technology partner we add to our operations introduces a potential entry point, forcing us to strengthen audits and establish much stricter security agreements. A recent BrandShield report, which surveyed 200 CISOs, confirms this dispersion of threats. From phishing and ransomware to deepfakes and the risks associated with generative AI, the conclusion is clear: there is no single dominant threat.
Levels of concern are evenly distributed, indicating that we now face an ecosystem of interconnected risks that reinforce each other. Cybercrime no longer operates in silos. A phishing campaign can simply be the prelude to ransomware; a digital identity manipulated through deepfakes can enable critical access; and a breach at a vendor can compromise our entire organization.
Therefore, it’s crucial to understand that cybersecurity is now a business issue, not just a technology issue. A successful attack can halt a company’s entire operations, generate significant financial losses, and irreparably damage its reputation. Given such diverse and interconnected threats, a single incident can escalate with alarming speed.
What’s the way forward? We must abandon the traditional approach of prioritizing a single risk and move toward a comprehensive defense. The priority should be gaining visibility and automating processes. The first step is to know exactly which certificates, access points, and systems are exposed. Next, we must automate the management of those certificates, implement multi-factor authentication (MFA), and raise awareness among our teams.
This combination of visibility, automation, and access control is the only way to immediately reduce the attack surface and prepare the organization to respond swiftly to any incident.