Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Ihab
Shraim, CTO, CSC Digital Brand Services
From surges in
AI-generated malware and phishing scams to the rise of supply chain attacks on
third party vendors, organizations are gearing up for the new year by analyzing
what internal and external threats they will need to prepare for and adapt to.
Here are my top
predictions for how security teams will shift their strategies in 2025 to
better protect their digital ecosystems from more advanced threats to domains
and Domain Name Systems (DNSs).
Zero-Trust
Models (ZTM) & DNS
As organizations
adopt zero-trust security models, more will include continuous verification of
DNS requests and queries. This reduces the risk of malicious bad actors
bypassing traditional network perimeters and gaining access to critical
infrastructure.
With hybrid work
environments and growing cyberattacks on corporate exposed attack surfaces, ZTM
will dominate enterprise security programs. Moreover, there will be stronger
emphasis on the continuous authentication and stricter access control of
various corporate networks in managed data centers and cloud environments.
Attack Surface
Management (ASM) & Domain Portfolio Management
Organizations
will expand their focus on attack surface management to protect their online
presence (i.e. their global portfolio of domain names and brands online) by
using AI and many other vulnerability assessment and penetration testing tools
to identify and mitigate vulnerabilities across all assets exposed to the
Internet. This approach ensures comprehensive visibility and protection for
hybrid and multi-cloud environments.
Quantum-Resistant
Algorithms related to Domain Names Management & DNS
As quantum
computing keeps evolving, traditional encryption methods used in DNS will be
vulnerable and risky. To address this, there will be a shift toward
quantum-resistant algorithms to secure DNS queries and prevent future exploits
of the imminent threats of quantum computing capabilities. Therefore, a shift
towards post-quantum cryptography (PQC) to future-proof critical online
infrastructure, including global domain name portfolios, will begin related
daily domain management operations and securing DNS queries.
Attack Surface
Management (ASM) & AI-Driven DNS Security
Organizations
will expand their focus on attack surface management by using AI-Driven
technologies to identify and mitigate vulnerabilities across all assets such as
DNS. With the rise of AI and machine learning, DNS security will become
increasingly automated. AI will help identify and mitigate cyberattacks such as
DNS tunneling or DDoS attacks by analyzing large amounts of data to predict
vulnerabilities. This will enhance real-time defense mechanisms against
sophisticated targeted cyber threats.
Increasing
sophistication in cyberattacks will drive the adoption of more robust DNS
security protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) to
safeguard domain data privacy and prevent man-in-the-middle attacks. As privacy
regulations like GDPR evolve, DNS privacy will be a critical aspect of securing
user data.
Government
Regulations & DNS Compliance
Governments
worldwide are expected to introduce stricter regulations regarding DNS
security, requiring stronger measures to ensure the resilience and privacy of
DNS infrastructure. These regulations may include mandatory encryption and
monitoring to prevent cyberattacks.
Global privacy
laws and frameworks like the EU Cyber Resilience Act and the NIS2 directive
will push to adopt stricter cybersecurity and data protection measures, with
strong penalties for non-compliance.
##
ABOUT THE AUTHOR
Ihab
Shraim is the chief technology officer (CTO) at CSC, responsible for
the vision, innovation, and product revenue growth within our company’s
cyber security, domain security, fraud protection, and brand protection
lines of business. Ihab has a proven track record in devising business
strategies to consistently deliver strategic growth through focused
technology innovation, go-to-market product strategies, and customer
service excellence.
His background includes strong expertise in
facilitating the alignment of corporate business vision with
information technology strategies to achieve measurable results with
successful outcomes. Ihab has developed cutting-edge, patented
disruptive technologies and services to deliver consistent
year-over-year product revenue growth. Additionally, he is named as a
primary inventor on 10 U.S. patents.
Prior to joining CSC, Ihab
was on the Board of Binary Guard while also serving as their CTO. Prior
to that role, he was the general manager for Presidio’s managed
security service, and the vice president of engineering (anti-fraud) and
chief information security officer at Mark Monitor (Clarivate
Analytics). Ihab is a graduate of George Washington University and holds
a BS in electrical engineering and computer science.