Virtualization Technology News and Information
Article
RSS
SonicWall 2025 Predictions: Navigating Quantum Risks, AI and Evolving Threats

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Douglas McKee, Executive Director of Threat Research at SonicWall

The cybersecurity landscape in 2025 will be marked by unprecedented challenges and transformative innovations. As advances in quantum computing edge closer to reality, organizations must anticipate hybrid attacks combining traditional tactics with cutting-edge technology - all while prioritizing the development of quantum-resistant cryptography. The blurred lines between state-sponsored and criminal cyber activities will further complicate attack attribution, driving the need for stronger international collaboration and proactive intelligence sharing. Meanwhile, AI will continue to redefine cybersecurity by augmenting human expertise with automation and predictive analytics. Additionally, shifts in enterprise priorities-such as the rise of service-based security solutions and increased automation to manage growing alert volumes-will reshape industry practices. Amid these trends, cyber insurance and 24x7 monitoring will become standard defenses against an evolving threat landscape that demands both resilience and innovation.

What to Expect from Advances in Quantum Computing

In 2025, the intersection of evolving cyber threats and quantum advancements will redefine security strategies, pushing innovation and international policy developments to safeguard critical systems and data. The focus will be on anticipating hybrid attacks that combine traditional tactics with advanced technology, reshaping the global cyber landscape.

Detecting Attack Origins Will Become Increasingly Difficult 

The line between state and criminal operations will continue to blur, making it increasingly challenging to pin down who is responsible for attacks. This may prompt stronger international collaboration on cybercrime policy, but effective attribution will remain a core challenge. Governments and private organizations must adapt to this evolving threat landscape, focusing more on proactive intelligence sharing and threat-hunting to disrupt collaborative efforts before they impact critical sectors.

2025 Will See the Rise of Quantum-Resistant Cryptography

While large-scale quantum decryption of algorithms like RSA or AES is unlikely in 2025, targeted attacks on specific or older cryptographic implementations may become more advanced. Despite ongoing "quantum apocalypse" fears being overstated, developing quantum-resistant cryptography will remain a priority for researchers and organizations as part of long-term resilience planning. Governments and private sectors will boost investments in post-quantum solutions, emphasizing broader cybersecurity measures to address potential early threats.

AI Will Augment Cybersecurity Protection Efforts Without Replacing Humans

Artificial intelligence (AI) will be a defensive tool and a strategic force multiplier in 2025. It will enable organizations to stay one step ahead of state-sponsored criminals, adapt to quantum threats and protect critical infrastructure in an increasingly hostile threat landscape. AI's continuous learning, predictive power and automation will continue to redefine cybersecurity without replacing the human element, making it essential for both offense and defense to embrace and leverage as a tool in their tool belt.

My colleague, Matt Neiderman, Chief Strategy Officer at SonicWall, had a few predictions that I thought should make the list including:

Reverse Trending

Although cybersecurity developments tend to start at the enterprise and work down to small- and medium-sized enterprises (SMEs), several growing SME developments will increasingly trend up into the enterprise. These include:

1) Favoring opex over capex by consuming more security as a service or a managed offering rather than maintaining internal SMEs and making large purchases to continuously refresh hardware.

2) Favoring ease of implementation and management over best of breed by consolidating from numerous vendors to a small number of vendors that offer a platform approach.

3) Outsourcing or offloading IT and cybersecurity work by favoring service providers over traditional consulting firms or resellers. 

Cyber Insurance and 24x7 Monitoring Will Become the Norm

After a short post-COVID dip, the number of cyber-attacks continues to grow at an alarming pace, but more importantly, the average cost of a successful attack is growing at a higher pace and is predicted to grow at a high rate through at least 2029 (the average cost of a data breach in 2024 is $4.88 million). This will put pressure on firms of all sizes to have cyber insurance in place or risk a potentially existential crisis. Insurance rate differences driven by best practices requirements will in turn put pressure on firms to adopt 24x7 monitoring of their security infrastructure, such that MDR, NDR and other SOC services will become the norm, particularly as the number of vendors providing those services grows.

Automation

A recent study of 3,000 global firms by Accenture found that the share of cybersecurity-related AI patents increased 2.7X between January 2017 and October 2022. The growing number of cyberattacks and attack vectors due to remote work and IoT as well as the increase in cybersecurity tools and telemetry and the resulting number of alerts generated by cybersecurity tools will drive the need for more SOC services. This will in turn increase demand for significantly increased automation to manage alerts, block attempted intrusions, respond to successful intrusions and investigate incidents at a daunting scale. Both cybersecurity skills shortages and simple economics will require a combined human and machine approach to cybersecurity.

As we look toward 2025, the cybersecurity landscape will demand a proactive and adaptive approach to safeguard critical systems and data. Organizations must prepare for the convergence of quantum computing and cyber threats, invest in quantum-resistant cryptography and embrace AI as a strategic ally in both offensive and defensive strategies. The rising complexity of attack attribution underscores the importance of global collaboration and intelligence sharing, while shifts in enterprise security priorities-such as service-based models, automation and 24x7 monitoring-highlight the need for scalable, efficient defenses. By staying ahead of these trends and fostering innovation, businesses and governments alike can build resilience in an increasingly interconnected and hostile cyber environment.

##

ABOUT THE AUTHOR

Douglas McKee, Executive Director of Threat Research at SonicWall

Douglas McKee 

Douglas McKee is the Executive Director of Threat Research at SonicWall, where he and his team focus on identifying, analyzing and mitigating critical vulnerabilities through daily product content. He is also the lead author and instructor for SANS SEC568: Product Security Penetration Testing - Safeguarding Supply Chains and Managing Third-Party Risk. Doug is a regular speaker at industry conferences such as DEF CON, Blackhat, Hardware.IO and RSA, and in his career has provided software exploitation training to many audiences, including law enforcement. His research is regularly featured in publications with broad readership, including Politico, Bleeping Computer, Security Boulevard, Venture Beat, CSO, Politico Morning eHealth, Tech Republic and Axios.

Published Wednesday, November 27, 2024 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567