Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Harlin Lipman, Senior Manager
Information Security, Chronosphere
In the world of information security, staying ahead of
emerging threats and new technologies isn't just important-it's essential. As the year draws to a close, now is the perfect time for security
professionals to reflect on the past year's challenges and gear up for what's
coming next.
In this spirit, I'm sharing my predictions for
the top five security trends we will see more of in 2025 - and some practical
tips on how to prepare for them:
1. Evolving Technologies and Threats: As security professionals, we are accustomed to ever-changing
technologies and threats. Just uttering the words critical zero-day
vulnerability is probably enough to make most security individuals show
signs of fatigue. 2024 has been the year of AI, and I predict we will see
even more next year. From standalone new products to existing SaaS
products, AI will continue to be a focus for companies to implement,
enhance, and increase user engagement.
Much like the
innovative new features AI brings, we must assess and mitigate against a host
of new security threats. These threats include data leakage, threat actors
utilizing AI tools to implement more sophisticated attacks, and lack of
adherence to compliance and regulatory frameworks such as GDPR and the EU AI
Act.
Next year, we will
continue safeguarding businesses from these threats by increasing user training
and awareness around AI, better monitoring of AI tools being utilized, and
increased focus on Data Loss Prevention systems to prevent leakage of sensitive
or prohibited data.
2. Leadership and Accountability: CISOs have been under immense pressure from the evolving security
threats, increased sophistication of attacks, and ever-changing technology
changes. Historically, most CISOs have not been given a seat at the table
regarding strategic and board-level conversations. As more attacks become
widespread and widely known, more CISOs will push for and receive a seat
at the table.
When security is
baked in by design across the company, and risks are communicated clearly to
the board, organizations will be set up for greater success. Giving CISOs a
seat at the table shows that the company's management and board of directors
are committed to being honest and ethical and that security is a strategic
priority. Having leadership buy-in and
then vocalizing and acting on security initiatives naturally sets the tone,
allowing for easier buy-in for security
initiatives among individual teams.
3. Collaborative Security: Security
mustn't be siloed within organizations. At the end of the day, security is
everyone's responsibility, and an organization can only be fully protected
when its employees follow all standards and policies implemented. I
predict that we will see a greater emphasis on breaking down these silos
and reaching further into the organization.
At Chronosphere,
we are identifying and creating more security champions to help drive our
mission forward. We are also increasing our training and awareness by doing
regular, timely, and informative bulletins and reminders.
4. Foundational Security: Data
is the lifeblood of any organization. Whether that is a technology
company's source code that it develops or a healthcare company's patient
data that it stores, data is the pinnacle for companies. Still, it is also
the prime target for the bad guys. The grave situation is that many
companies still operate without basic or foundational security practices
implemented. This is especially true for earlier-stage organizations. I
foresee that 2025 will be the year to focus on building out the
foundational security practices that need to be implemented for those
types of organizations. This includes having better visibility, creating
security standards, and adhering to said security standards against all
data stores and infrastructure.
5. Proactive Security: Far too
often, organizations wait until they have a security vulnerability or,
worse, a breach to learn from their security program. Many organizations
have good detective controls around security but need better proactive
security practices. There will likely be a greater emphasis on proactively
identifying and addressing potential areas of weakness before they impact
the business or customer experience. Organizations will get better at
doing this by conducting penetration tests, threat models, and conducting
tabletop exercises.
Although
security professionals will encounter many challenges and changes in 2025, one
thing will remain the same - there will be no shortage of threats security
professionals must protect businesses from. By
staying informed, advocating for security at all levels of the organization,
and continuously educating ourselves and our teams, we can navigate the
challenges, build a more secure future for everyone, and stay one step ahead of
the bad guys.
##
ABOUT THE AUTHOR
Harlin
Lipman helps lead the Information Security and Privacy programs at Chronosphere, the observability platform built for control. Harlin's career has
been a mixture of being an external consultant and auditor as well as leading
internal security programs for cloud-native companies.