Virtualization Technology News and Information
Article
RSS
DXC Technology 2025 Predictions: AI Set to Transform Cyber Warfare - Five Security Trends to Watch in 2025

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Michael Baker, VP and Global CISO, DXC Technology

While AI dominated the spotlight in 2024, cyberattacks continued to evolve and accelerate, impacting business operations and sensitive information. The new year brings massive opportunities with the rapid acceleration of AI technology but also presents significant challenges, including the need to protect growing volumes of AI-model data, the maturation of AI-driven cyberattacks, and the ever-increasing decentralization of data flowing from on-premises systems, the cloud, and edge devices.  Organizations will have more a larger digital footprint, exacerbating security gaps and making them more vulnerable to attack.  The stage is set, and the battle lines have been drawn.  Here are five cybersecurity trends to watch in 2025:

1.  AI will be the proverbial wildcard in the fight against cybercrime

AI has the potential to be the knight in shining armor for organizations for its ability to process vast amounts of data, identify patterns and detect signs of an attempted attack in machine time. It's also a useful tool for detecting malicious activity in a system or network, and spotting anomalies or suspicious behaviors. Additionally, AI automates many manual and laborious cybersecurity tasks, freeing up time and resources for cybersecurity teams to focus on other key aspects of their work.

But unfortunately, AI can be used against organizations as well.  While the cybersecurity industry is focused on how to use AI to stop bad actors, cybercriminals often use AI itself to increase the speed, scale and intensity of their attacks.

For example, phishing emails have evolved from simple deceptive emails to ones that have become more advanced, harder to spot and significantly more dangerous. Attackers are also successful at using deepfakes-a form of AI that can be used to create convincing hoax images, sounds and videos-to perpetrate fraud or manipulate an audience into action.

AI's adaptive nature is one of its most potent features in social engineering attacks, which manipulate people into giving away sensitive information or compromising security through company email but also through other methods like text messages and social media.  

By using AI in these attacks, cybercriminals can appear more credible and trustworthy, leading more victims to fall for fraud attempts or manipulation, which could lead to system compromise and data loss. It will be interesting to see how AI impacts the cyber war with both sides on the battlelines using it to their advantage.

2.  Fostering innovation and the rise in shadow AI

The uptick in cybersecurity incidents has coincided with the shift to remote working, as criminals seek to take advantage of the increased attack surface available to target. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.

Our increased reliance on phones, messaging, and social media for news, live updates and texts from friends on social media, job updates to gaming, has increased the opportunities for attackers to gain your attention and target you or your family members for online fraud or abuse.

For years we have looked to control Shadow IT devices and systems in the workplace that are connected to networks without permission, which can lead to security vulnerabilities, compliance issues and an increase in the risk of data breaches. Now, we are faced with Shadow AI, or the use of AI systems and tools within an organization without formal approval or oversight.  This is a growing problem and has real consequences around the confidentiality of our data. 

On the flip side, organizations must balance control of AI with fostering a culture of innovation that can take advantage of all the business benefits AI can provide.  To do this, we must implement sound governance to continuously new vectors for attack and continuously evaluate the risk to an organization aligned with business goals.

3.  Critical infrastructure-and our homes likely targets for mass disruption

Operational technology will continue to be a battleground for cyberattacks with the systems that control and automate factories and critical civil infrastructure (including power stations, water-treatment plants and dams) continuing to be a high value target for our adversaries looking to disrupt our way of life.

With threat actors motivated to drive mass disruption within our businesses and society, organizations have to be ready to detect, respond, and recover from these attacks effectively as possible while minimizing loss.

And with ongoing geopolitical tensions, the OT cyber threat will continue to grow, putting pressure on industries to ensure they stay one step ahead by baking in cybersecurity protection across their entire attack surface and utilizing tailored strategies for OT systems.

4.  Global events can increase the threat level through our supply chain

Threat actors are often hard at work taking advantage of vulnerable individuals, systems and government resources for financial, political or economic gain.

Many cyberattacks are the result of criminals or state-sponsored adversaries wanting to do harm.

Such attacks can have profound implications for critical infrastructure and industrial sectors around the world. For example, instead of targeting end-users directly, attackers now compromise the supply chain itself, taking advantage of our interconnected digital ecosystem to compromise data or services entrusted to third parties. These supply chain effects have a profound effect on our collective national risk and requires continuous attention, analysis, and cooperation to avert or respond to any issues that may arise. 

5.  Better recruiting, training and use of AI to address cyber skills gap

With the global cybersecurity skills gap widening, organizations are starting to look at news ways to address the shortage of talent.  

One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training. This can include candidates who might not have the specialized skills required, but come with analytical potential, problem-solving skills and technical promise. By providing proper training to existing employees, organizations can empower them with career mobility and to become the first line of defense and next generation of cyber leaders.

In addition, AI and machine learning can work as a force multiplier for smaller security teams, which gives organizations a better chance against the growing volume of alerts needing to be analyzed by security teams.

This is not meant to replace valuable and scarce expertise but rather augment it by using AI to support overtaxed security analysts, identity management professionals and incident responders who need to sort through an increasing amount of information to do their jobs. And with the help of AI to automate analyst functions at machine speed, security teams can focus their attention on higher-value tasks.

##

ABOUT THE AUTHOR

Michael-Baker 

Michael Baker currently serves as Vice President & IT Chief Information Security Officer for DXC Technology. An accomplished cyber security executive, Baker brings over 20 years of experience in the field across cyber leadership, talent development, risk management, audit, and compliance serving the aerospace and defense industry as CISO along with a variety of clients across industries as a seasoned consultant. As CISO, he manages a team of professionals across internal cyber operations, network defense, policy, awareness, incident response, threat intelligence, secure architecture, and reputational protection. Baker is also a current member of the Cybersecurity Maturity Model Certification Accreditation Body Industry Advisory Group (CMMC-AB IAG).

Published Wednesday, January 08, 2025 7:40 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2025>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678