Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive.
By Curtis
Simpson, CISO & Chief Advocacy Officer, Armis
As the end of year approaches, we all begin to
strategically forecast what is to come, what our goals for the year will be,
and what obstacles we may need to deter.
Below are several themes I believe will occupy
the cybersecurity space for security and IT leaders in 2025, which I hope will
help teams prioritize their efforts when tackling the ever-changing cyber
threat landscape.
Proactive Defense Against Advanced
Persistent Threats (APTs)
APTs will continue to grow in sophistication
and state-sponsored motive, making early-stage detection and disruption
crucial. In 2025, we'll see a growing investment in technology to identify
lateral movement and prevent attackers from gaining a foothold, a common tactic
used by APTs to spread throughout an organization. By detecting and disrupting
lateral movement, CISOs can prevent attackers from establishing a foothold and
minimizing the potential damage caused by a breach. Additionally, implementing
robust security measures such as network segmentation will be essential to
thwarting APT attacks and protecting critical infrastructure.
The Allure of AI: Separating Fact
from Fiction
AI has the potential to revolutionize
cybersecurity, but it's essential to understand its capabilities and
limitations. A new working paper from the National Bureau of
Economic Research revealed that more than 50% of companies with more than 5,000
employees were using AI in some form. With this new adoption, there's an
inherent risk of over-reliance on AI, which has led to false positives or
missed threats. While 2024 saw a boom in general AI adoption, we'll gain
further perspective on likely scenarios where AI experimentation has high
potential to go right, and better understand where it can go wrong or provide
limited real world operational value.
Shifting Focus from Prevention to
Cyber Resilience
As CISOs recognize the inevitability of cyber
breaches, they will increasingly prioritize resilience over prevention. This
shift in mindset will involve implementing strategies that enable rapid
detection, containment, and recovery from attacks. By focusing on resilience,
organizations can minimize the disruption to their operations and protect their
critical assets. This includes developing robust incident response plans and
fostering a culture of security awareness among employees. Additionally, CISOs
will need to establish strong partnerships with external stakeholders, such as
law enforcement, to facilitate effective incident response and recovery
efforts.
Increased Demand for Comprehensive
Asset Visibility
The escalating complexity of environments
across IT, OT, IoT, IoMT, and cloud has ignited a pressing need for
comprehensive and contextual asset visibility. As organizations grapple with
the proliferation of connected devices, networks, and applications, the ability
to accurately identify, track, and understand their assets will become even
more critical in 2025. This demand is driven by a multitude of factors that
include increased security risks, compliance mandates, operational efficiency,
and cost optimization.
Automated Threat Detection and
Response Become a Requirement
The increased volume of cyber threats is
fueled by the adoption of AI and the growing attack surface. As these
interconnected systems become more prevalent, they will present new attack
vectors for malicious actors. We can expect to see a rise in sophisticated
AI-powered attacks that further shorten the timeline from when a vulnerability
is disclosed to active exploitation.
To effectively combat the escalating cyber
threats of 2025, CISOs will need to leverage the power of AI and machine
learning-driven solutions. These technologies can analyze vast amounts of data
in real-time, enabling rapid detection of emerging threats and anomalies. By
automating threat detection, prioritization and response processes, IT and
security leaders can reduce the mean time to detect (MTTD) and mean time to
respond (MTTR) to effectively contain incidents and minimize their impact to
the business. By streamlining security operations, security teams will focus on
continuous improvement and shift towards proactive security.
Proactive Monitoring of Third Parties
and Supply Chain Risk Management
As global supply chains become more
interconnected, the risk of cyberattacks targeting third-party vendors and
partners also increases. CISOs are increasingly recognizing the critical
importance of proactively managing these risks to protect their organizations
from potential breaches and disruptions.
With increasing cyberattacks on supply chains,
CISOs will emphasize continuous monitoring of third-party vendors and partners.
This involves regularly assessing their cybersecurity practices, identifying
potential vulnerabilities, and ensuring that they comply with the
organization's own security standards. Their ecosystems being secure through
continuous monitoring ensures their supply chains do not become an entry point
for cybercriminals.
Next-Gen
Quantum Preparation Will Finally Begin
With the next-gen quantum readiness timeline
becoming increasingly fuzzy and being potentially closer than we like to think,
this will be the year that enterprises begin formally testing the
implementation of quantum-ready encryption in the cloud.
In parallel, the inability to deploy
quantum-ready encryption against legacy areas of enterprise environments will
begin to be used as additional justification criteria to accelerate the
decommissioning of legacy assets, post-transformation.
With Y2K, there was a deadline. When it comes
to adversaries unlocking next-gen quantum capabilities with the potential for
destruction, there is no deadline and it's no longer being considered too soon
to make progress.
Addressing the Cybersecurity Talent
Shortage with Managed Security Service Providers
Hiring cybersecurity talent continues to be a
challenge driven by several factors such as rapid advancements in technology
struggling to keep pace with demand, increased complexity of threats, and
uneven geographic distribution of talent across the globe.
As organizations struggle to find and retain
qualified security talent, they will increasingly turn to managed security
services and automation tools to bridge the talent gap. Managed Security
Service Providers (MSSPs) can offer specialized expertise and round-the-clock
monitoring, allowing CISOs to augment their internal security teams and address
critical security needs. Additionally, automation tools can streamline routine
tasks, freeing up security professionals to focus on more strategic initiatives.
By investing in managed security services and automation, CISOs can ensure
robust security operations while mitigating the impact of the talent shortage.
Growing Pressure to Proactively
Demonstrate Compliance
Regulatory environments will continue to
tighten globally and CISOs will need to ensure their organizations meet
evolving compliance requirements across industries (GDPR, CCPA, NERC CIP,
etc.). In 2024 alone, we saw several high-profile fines across major healthcare
providers, financial institutions, and retailers after cyberattacks compromised
the personal data of their customers. The penalties can be severe, both
financially and reputationally, emphasizing the importance of prioritizing
compliance. Adopting platforms that provide automated compliance tracking and
reporting will be essential.
Altogether, 2025 will underscore that
corporate boards will have increased responsibility for cybersecurity through
an expanding threat landscape, critical cybersecurity talent shortage, and
increased regulatory pressure. As security and IT professionals prepare for the
year ahead, it is crucial to prioritize the ability to see, protect, and manage
the entire attack surface. Safeguarding mission-critical assets from cyber
threats remains paramount.
While this may seem like a daunting task,
partnering with the right cybersecurity solution provider can make this
resolution not only achievable but a reality.
##
ABOUT THE AUTHOR
Curtis Simpson, Armis CISO and Chief Advocacy Officer
As CISO and Chief Advocacy Officer, Curtis guides and advances the Armis enterprise vision, ensures the protection of the company’s information assets, and serves as a vital resource to his counterparts at Armis customers and throughout the technology sector.
Curtis brings more than 15 years of diversified information technology experience, with direct information security and management experience in positions of increasing responsibility at Sysco, a Fortune 50 corporation. As vice president and global CISO at Sysco, Curtis directed a portfolio of cost effective, business-focused security programs responsible for reducing security risks faced by a global organization. Curtis is an award winner of the Cyber Influencer Top 10 list by Enterprise Security Tech.