What cyber threats should IT teams prepare for in 2026? How are both attackers and security professionals using AI today? And what do Swiss companies need to know about data security in the Cloud?
To explore these questions, we spoke with Nadir Jabiyev, Head of IT Security at Xelon. With more than two decades of hands-on IT experience and a career that spans system engineering, FinTech compliance, and modern cybersecurity leadership, Nadir offers a grounded and forward-looking perspective on what Swiss IT leaders should know and what they should be doing right now.
You’ve been working in IT for more than 20 years and are now Head of IT Security at Xelon. How did your career in IT begin, and how did you get into cybersecurity?
Nadir: I entered the IT field more than twenty years ago. At that time, cybersecurity wasn’t yet a clearly defined discipline. Roles like Security Engineer or Cloud Security Analyst simply didn’t exist. You were just “the IT person”, and you handled everything.
During those early years, I built broad technical experience across multiple areas, from helpdesk and system administration to networking and Linux engineering. In short, I stepped in wherever help was needed. That broad, hands-on foundation still shapes how I look at technology today.
What ultimately motivated you to specialize in cybersecurity?
Nadir: About ten years ago, it became clear that security was increasingly separating from traditional IT operations. Cybersecurity evolved into its own complex field with dedicated methodologies, processes, and technologies.
I quickly realized that IT security was no longer just a compliance task or a secondary responsibility. It had become a core element of modern IT strategies and required specialized expertise. That’s where I saw the greatest opportunity to make an impact.
How has the threat landscape changed? What new cyber threats have emerged in the last two years?
Nadir: The threat landscape has become faster, more precise, and strategically more damaging than ever before. A key driver behind this development is the rapid spread of artificial intelligence, combined with the growing professionalism of cybercriminals.
One major factor is speed. Malware, phishing campaigns, and exploits can now be developed, tested, and refined in a very short amount of time. For security teams, this means facing a constantly increasing number of threats that often evolve faster than traditional security processes can keep up with.
At the same time, we’re seeing a clear shift toward much more targeted attacks. Instead of broad campaigns, attackers are increasingly focusing on individual companies, specific systems, or even particular employees. These attacks are often multi-stage operations aimed at long-term access, data exfiltration, and maximum impact.
Another major development is the sharp rise of highly automated reconnaissance. Cyber attackers use AI to systematically scan IT environments, identify vulnerabilities, and tailor attacks precisely to those weaknesses.
What role does AI play today in cyber defense and cybercrime?
Nadir: AI is now firmly embedded on both sides of the cybersecurity landscape.
For attackers, it significantly lowers the barrier to entry. AI can be used to develop malware, generate phishing content, automatically discover vulnerabilities, and create convincing social engineering messages — often without deep technical knowledge. As a result, cyberattacks are becoming faster, cheaper, and easier to scale. More advanced threat actors also use AI to identify particularly valuable assets and tailor attacks precisely to the target organization’s IT environment.
On the defensive side, AI is playing an equally important role. Modern security solutions rely on machine learning to detect behavioral patterns, identify anomalies in real time, and correlate large volumes of events across endpoints, networks, and cloud platforms. AI also helps automate routine tasks such as prioritizing alerts, classifying security incidents, and recommending response actions. This allows cybersecurity professionals to focus their attention on more complex and critical threats.
In short, AI is strengthening the capabilities of both attackers and defenders. Organizations that use AI strategically and responsibly gain a clear advantage. Those that ignore it risk falling behind in an increasingly automated and dynamic threat landscape.
What are the signs that a company isn’t taking IT security seriously enough?
Nadir: One major warning sign is the absence of a structured and continuous security awareness program. If employees don’t understand the risks associated with their everyday actions — whether that involves handling credentials, misconfiguring systems, or falling for social engineering — the organization’s first line of defense is effectively blind. Without awareness of the potential consequences of security mistakes, even well-designed technical safeguards can fall short.
Another clear indicator is when IT security is handled reactively rather than proactively. In many organizations, meaningful security measures are only implemented after damage has already occurred. When investments, policies, and processes are introduced only after a security incident, it means security is not part of the company’s overall strategy — it is simply a reaction in crisis mode
👉Want to prevent security risks instead of reacting to them? Would you like to better understand how secure your data and systems really are in a Swiss Cloud? Are you looking for ways to reduce the complexity of compliance and regulatory requirements without compromising on security?
Schedule a free, no-obligation consultation with our Security or Cloud Architecture team.
📘Reading tip: In our download center, you can get the complete interview with Nadir.