Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By
Michael Baker, VP and Global CISO, DXC Technology
While
AI dominated the spotlight in 2024, cyberattacks continued to evolve and
accelerate, impacting business operations and sensitive information. The new year brings massive
opportunities with the rapid acceleration of AI technology but also presents
significant challenges, including the need to protect growing volumes of AI-model
data, the maturation of AI-driven cyberattacks, and the ever-increasing
decentralization of data flowing from on-premises systems, the cloud, and edge
devices. Organizations
will have more a larger digital footprint, exacerbating security gaps and
making them more vulnerable to attack.
The stage is set, and the battle lines have been drawn. Here are five cybersecurity trends to watch
in 2025:
1. AI will be the
proverbial wildcard in the fight against cybercrime
AI has the potential to be the knight in shining armor for
organizations for its
ability to process vast amounts of data, identify patterns and detect signs of
an attempted attack in machine time. It's also a useful tool for detecting
malicious activity in a system or network, and spotting anomalies or suspicious
behaviors. Additionally, AI automates many manual and laborious cybersecurity
tasks, freeing up time and resources for cybersecurity teams to focus on other
key aspects of their work.
But unfortunately, AI can be used
against organizations as well. While the
cybersecurity industry is focused on how to use AI to stop bad actors,
cybercriminals often use AI itself to increase the speed, scale and intensity
of their attacks.
For example, phishing emails have
evolved from simple deceptive emails to ones that have become more advanced,
harder to spot and significantly more dangerous. Attackers are also successful
at using deepfakes-a form of AI that can be used to create
convincing hoax images, sounds and videos-to perpetrate fraud or manipulate an
audience into action.
AI's adaptive nature is one of its
most potent features in social engineering attacks, which
manipulate people into giving away sensitive information or compromising
security through
company email but also through other methods like text messages and social
media.
By using AI in these attacks,
cybercriminals can appear more credible and trustworthy, leading more victims
to fall for fraud attempts or manipulation, which could lead to system
compromise and data loss. It will be interesting to see how AI impacts the
cyber war with both sides on the battlelines using it to their advantage.
2. Fostering innovation and the rise in shadow AI
The uptick in cybersecurity incidents
has coincided with the shift to remote working, as criminals seek
to take advantage of the increased attack surface available to target.
Perimeter security deployed at the office is no longer suited to adequately
defend employees in this new environment or with modern interconnected
capabilities.
Our increased reliance on phones,
messaging, and social media for news, live updates and texts from friends on social
media, job updates to gaming, has increased the opportunities for attackers to
gain your attention and target you or your family members for online fraud or
abuse.
For years we have looked to
control Shadow IT devices and systems in the workplace that
are connected to networks without permission, which can lead to security
vulnerabilities, compliance issues and an increase in the risk of data
breaches. Now, we are faced with Shadow AI, or the use of AI
systems and tools within an organization without formal approval or oversight. This is a growing problem and has real
consequences around the confidentiality of our data.
On the flip side, organizations must
balance control of AI with fostering a culture of innovation that can take
advantage of all the business benefits AI can provide. To do this, we must implement sound
governance to continuously new vectors for attack and continuously evaluate the
risk to an organization aligned with business goals.
3. Critical
infrastructure-and our homes likely targets for mass disruption
Operational technology will continue to be a battleground
for cyberattacks with the systems that control and automate factories and
critical civil infrastructure (including power stations, water-treatment plants
and dams) continuing to be a high value target for our adversaries looking to
disrupt our way of life.
With threat actors motivated to drive
mass disruption within our businesses and society, organizations have to be
ready to detect, respond, and recover from these attacks effectively as
possible while minimizing loss.
And with ongoing geopolitical
tensions, the OT cyber threat will continue to grow, putting pressure on
industries to ensure they stay one step ahead by baking in cybersecurity
protection across their entire attack surface and utilizing tailored strategies
for OT systems.
4. Global events can
increase the threat level through our supply chain
Threat actors are often hard at work
taking advantage of vulnerable individuals, systems and government resources
for financial, political or economic gain.
Many cyberattacks are the result of
criminals or state-sponsored adversaries wanting to do harm.
Such attacks can have profound
implications for critical infrastructure and industrial sectors around the
world. For example, instead of targeting end-users directly, attackers now
compromise the supply chain itself, taking advantage of our interconnected
digital ecosystem to compromise data or services entrusted to third parties.
These supply chain effects have a profound effect on our collective national
risk and requires continuous attention, analysis, and cooperation to avert or
respond to any issues that may arise.
5. Better recruiting, training
and use of AI to address cyber skills gap
With the global cybersecurity
skills gap widening, organizations are starting to look at news ways
to address the shortage of talent.
One way around this is to broaden
the candidate pool to bring junior candidates into the fold and grow
them with on-the-job training. This can include candidates who might not have
the specialized skills required, but come with analytical potential,
problem-solving skills and technical promise. By providing proper training to
existing employees, organizations can empower them with career mobility and to
become the first line of defense and next generation of cyber leaders.
In addition, AI and machine learning
can work as a force multiplier for smaller security teams,
which gives organizations a better chance against the growing volume of alerts needing
to be analyzed by security teams.
This is not meant to replace valuable and scarce expertise
but rather augment it by
using AI to support overtaxed security analysts, identity management
professionals and incident responders who need to sort through an increasing
amount of information to do their jobs. And with the help of AI to automate
analyst functions at machine speed, security teams can focus their attention
on higher-value tasks.
##
ABOUT THE
AUTHOR
Michael Baker currently serves as Vice President & IT
Chief Information Security Officer for DXC Technology. An accomplished cyber
security executive, Baker brings over 20 years of experience in the field
across cyber leadership, talent development, risk management, audit, and
compliance serving the aerospace and defense industry as CISO along with a
variety of clients across industries as a seasoned consultant. As CISO, he
manages a team of professionals across internal cyber operations, network
defense, policy, awareness, incident response, threat intelligence, secure
architecture, and reputational protection. Baker is also a current member of
the Cybersecurity Maturity Model Certification Accreditation Body Industry
Advisory Group (CMMC-AB IAG).