Virtualization Technology News and Information
Article
RSS
Symbiotic Security 2025 Predictions: Decentralization of Cybersecurity Takes Off

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Jerome Robert - Co-founder and CEO, Symbiotic Security

I believe we'll see that 2025 marks a pivotal year with the industry fully embracing decentralized risk management in cybersecurity. This shift began years ago, driven by increasingly complex infrastructures that exceed the capacity of single security teams to manage effectively. Increasingly, there is the realization that as cyber threats grow in scale and sophistication, and as cybersecurity expertise remains a limited resource, organizations face an urgent need to scale security by equipping various departments with essential cybersecurity knowledge.

Decentralized risk management enables organizations to respond more nimbly by empowering teams to make security decisions at the point of action, while central oversight provides critical guidance and support. Centralized departments are necessary for consistency, but struggle to keep up with the constant and growing flow of security incidents. This underscores the importance of empowering other functions and users to act swiftly in response to cybersecurity issues.

Still, in many places, decentralization can -- and likely will -- be met with resistance. Security teams worry about relinquishing control to less-experienced departments, as their view shifts from "humans are the weakest link" to "humans can be my best defense"; and employees may feel burdened by new responsibilities that detract from their primary roles. To counter this:

  • Risk owners must have the will to implement security measures;
  • They must have tools that don't hurt their KPIs;
  • They need the knowledge to make proper security decisions.

This leads to my second prediction that instilling a culture of security means that those people who own the risk embrace security as an integral part of their workflow. Instead of viewing it as a burdensome corporate obligation or someone else's responsibility, they see it as a natural extension of their process. Security becomes a point of pride, reflecting their commitment to producing work that is not only high-quality but also highly secure. One example is developers shipping code clean of vulnerabilities - as opposed to leaving it to someone else downstream to resolve security issues. To do that, developers must be given tools that align with their workflows, not those that are at odds with them. When cybersecurity feels like a barrier, it's less likely to be adopted. Decentralized strategies have already proven successful in areas like user authentication. For example, complex password policies are essential, but require unique, long passwords that change regularly. To ease this friction, technologies like fingerprint readers allow secure access without impeding productivity.

The current level of cybersecurity knowledge is insufficient to face enhanced threats. With every employee now a potential front-line defender, organizations must empower them with the sound security judgment to make discerning decisions on cybersecurity. This is accomplished by providing robust, practical training in cyber threats and countermeasures to make security a shared, proactive responsibility.

The urgency to decentralize is growing, and with that I predict that investing in this approach to decentralized cybersecurity in 2025 will increase. Today's cybercriminals are highly organized, with capabilities once reserved for state-sponsored attacks. AI will enable them to launch increasingly sophisticated and targeted attacks at scale, putting many more organizations at risk.

Now, it's essential for every organization to take the necessary steps that ensure that everyone is equipped with the knowledge and the tools to become front-line defenders of cybersecurity. Decentralization is the only way to win the cybersecurity battle.

##

ABOUT THE AUTHOR

Jerome Robert 

Jerome Robert is the co-founder and CEO of Symbiotic Security, maker of the first real-time security for software development that combines detection and remediation with just-in-time training without breaking developers' workflows. With over 20 years of experience in cybersecurity and 15 years as a CxO, Jérôme has a proven track record in driving successful outcomes that include five successful exits, such as Lexsi (acquired by Orange in 2016) and Alsid (acquired by Tenable in 2021). Starting his career in deep-tech, mathematics, and engineering, Jérôme transitioned into business leadership, leveraging his technical roots to guide strategic decisions and foster innovation in the cybersecurity landscape.

Published Thursday, December 05, 2024 7:32 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2024>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234