Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Jerome Robert - Co-founder and CEO,
Symbiotic Security
I believe we'll see that 2025 marks a pivotal
year with the industry fully embracing
decentralized risk management in cybersecurity. This shift began years ago,
driven by increasingly complex infrastructures that exceed the capacity of
single security teams to manage effectively. Increasingly, there is the
realization that as cyber threats grow in scale and sophistication, and as
cybersecurity expertise remains a limited resource, organizations face an
urgent need to scale security by equipping various departments with essential
cybersecurity knowledge.
Decentralized risk management enables
organizations to respond more nimbly by empowering teams to make security
decisions at the point of action, while central oversight provides critical
guidance and support. Centralized departments are necessary for consistency,
but struggle to keep up with the constant and growing flow of security
incidents. This underscores the importance of empowering other functions and
users to act swiftly in response to cybersecurity issues.
Still, in many places, decentralization
can -- and likely will -- be met with resistance. Security teams worry about
relinquishing control to less-experienced departments, as their view shifts
from "humans are the weakest link" to "humans can be my best defense"; and
employees may feel burdened by new responsibilities that detract from their
primary roles. To counter this:
- Risk owners must have the will to
implement security measures;
- They must have tools that don't
hurt their KPIs;
- They need the knowledge to make
proper security decisions.
This leads to my second prediction that
instilling a culture of security means that those people who own the risk embrace security as an integral part of their
workflow. Instead of viewing it as a burdensome corporate obligation or
someone else's responsibility, they see it as a natural extension of their
process. Security becomes a point of pride, reflecting their commitment to
producing work that is not only high-quality but also highly secure. One
example is developers shipping code clean of vulnerabilities - as opposed to
leaving it to someone else downstream to resolve security issues. To do that,
developers must be given tools that align with their workflows, not those that
are at odds with them. When cybersecurity feels like a barrier, it's less likely
to be adopted. Decentralized strategies have already proven successful in areas
like user authentication. For example, complex password policies are essential,
but require unique, long passwords that change regularly. To ease this
friction, technologies like fingerprint readers allow secure access without
impeding productivity.
The current level of cybersecurity
knowledge is insufficient to face enhanced threats. With every employee now a
potential front-line defender, organizations must empower them with the sound
security judgment to make discerning decisions on cybersecurity. This is
accomplished by providing robust, practical training in cyber threats and
countermeasures to make security a shared, proactive responsibility.
The urgency to decentralize is growing,
and with that I predict that investing
in this approach to decentralized cybersecurity in 2025 will increase.
Today's cybercriminals are highly organized, with capabilities once reserved
for state-sponsored attacks. AI will enable them to launch increasingly
sophisticated and targeted attacks at scale, putting many more organizations at
risk.
Now, it's essential for every
organization to take the necessary steps that ensure that everyone is equipped
with the knowledge and the tools to become front-line defenders of
cybersecurity. Decentralization is the only way to win the cybersecurity battle.
##
ABOUT THE AUTHOR
Jerome Robert is the co-founder and
CEO of Symbiotic Security, maker of the first real-time security for software
development that combines detection and remediation with just-in-time training
without breaking developers' workflows. With over 20 years of experience in
cybersecurity and 15 years as a CxO, Jérôme has a proven track record in
driving successful outcomes that include five successful exits, such as Lexsi
(acquired by Orange in 2016) and Alsid (acquired by Tenable in 2021). Starting
his career in deep-tech, mathematics, and engineering, Jérôme transitioned into
business leadership, leveraging his technical roots to guide strategic
decisions and foster innovation in the cybersecurity landscape.