Virtualization Technology News and Information
Article
RSS
DMI 2025 Predictions: Cyber Innovations Will Enable Both Opportunities and Vulnerabilities

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Ben Mourad, Senior Director - Solution Architecture, DMI

From the National Public Data breach exposing billions of personal records to the alleged Chinese-based group Salt Typhoon infiltrating major U.S. telecom firms, 2024 has been an explosive year for cyber.

Despite the high-profile attacks, there were also tremendous strides in cyber defense, with the passing of OMB's 2024 zero-trust deadline and the rapid advancement of AI being used for cyber. More significant shifts are still underway as automation, AI, and other technologies continue to pave the way for various cyber-related innovations.  

As we look ahead to 2025, we can expect the cybersecurity landscape to evolve rapidly as previously unattainable capabilities such as quantum computing, micro-segmentation and agentic AI introduce opportunities-and create vulnerabilities.

Here are a few key cybersecurity trends to watch out for in 2025: 

Post Quantum Cryptography: 

The protection of data from threats posed by quantum computing will emerge front and center, particularly for organizations like the Department of Defense and federal government agencies that routinely handle sensitive information. 

Quantum computing is advancing at a rapid pace and will soon only require months to be capable of breaking most traditional keys. This has created opportunities for foreign adversaries and bad actors potentially seeking access to government-encrypted secrets.

Government leaders are aware of this threat and are taking it seriously; they have begun to incorporate measures and guidelines for using and implementing quantum computing in legislation, including the proposed 2025 National Defense Authorization Act. 

As quantum computing becomes more powerful and widespread, we can expect agencies to prioritize post-quantum cryptography algorithms that are resistant to these attacks.  

Micro-segmentation: 

Traditionally, malicious actors attempting to gain access to your network-whether to steal confidential data or deploy malware-start with reconnaissance to understand the environment and protective measures in place, identify assets and expose user accounts. Lateral movement follows reconnaissance to identify high-value assets and privileged user accounts to pivot and increase access to endpoints, applications, and data within the organization.   

Micro-segmentation creates a default gateway to endpoints, effectively creating a segment of one, removing the risk of east-west and north-south lateral movement on local networks, and eliminating the complexity of firewalls. Least privilege access to endpoints is dynamically controlled through continuous assessment (authentication and authorization) and context-based access policies, limiting attackers' reconnaissance and lateral movement. This strategy contains internal and external threat actors and prevents them from obtaining information or accessing vulnerable endpoints, applications or data. Granular network policies linked to specific users, applications and data can significantly reduce the attack surface, contain breaches, and improve overall security posture.     

Just three years ago, setting up these policies was considered more trouble than it was worth, as any change in an application or environment could break micro-segmentation policies and disrupt application availability. However, thanks to recent advancements, new agentless, dynamic micro-segmentation capabilities can now learn the environment as well as recommend and implement appropriate policies as applications change and evolve.   

Agentic AI: 

We are all familiar with the use of traditional generative AI to create new and original content. However, 2025 will see a new wave of AI capabilities with agentic AI. This advanced form of AI is capable of independently making decisions or executing tasks within established boundaries.

Unlike generative AI, which requires constant guidance to assist with tasks, agentic AI can operate autonomously.   

For example, if you told generative AI to help set up an inter-agency leadership meeting at a conference, it will likely give you steps to take or a vague outline of what a good meeting includes. If you give agentic AI the same prompt, it can identify a specific conference room, coordinate schedules with attendees and send calendar invites with detailed directions.  

While this can be a powerful tool to streamline workflows, it can also be leveraged for malicious purposes. Threat actors could use it to run scripts that search for vulnerabilities on company or agency websites or to execute harmful code. On the positive side, we'll also likely see agentic AI being employed for activities like mock penetration testing and identifying and patching vulnerabilities.

2025 Will Be the Year We Start to Reap the Benefits of Technologies We've Spent Years Developing

The past few years have seen a rapid acceleration of groundbreaking cyber and technology innovations driven by increased R&D investment, cloud democratization and cross-industry collaboration. New technologies like agentic AI and quantum computing, once unfeasible, are now viable. As we continue to accelerate into the future, we will undoubtedly become more efficient and productive; however, we will also encounter increasingly sophisticated cyber threats.

To keep up with these evolving cyber threats, the government must work with trusted industry partners to proactively and continuously adapt to these new challenges.

##

ABOUT THE AUTHOR

Ben-Mourad 

Mr. Mourad is the Senior Director - Solutions Architecture at DMI, who leads DMI's Cyber practice supporting Federal and Commercial clients.   He has over 30 years of experience in a variety of roles, including Chief Architect at SAIC and Lead Solution Architect roles at Veriflow, Allegis Group, AT&T, Verizon, Qwest, and Citigroup.  He has played a crucial role in leading zero trust reference architectures supporting customers' adoption of public cloud, context-based identity access management, operational technology security, and migration from reactive security operations to become more proactive and predictive.

Published Friday, December 13, 2024 7:36 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2024>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234