Nico Chiaraviglio, Chief Scientist at Zimperium:
Mobile Security Platforms Will Increasingly Address Data Privacy Concerns, Not Just Security
Mobile security plays a crucial role in addressing the needs of data privacy. However, we often see mobile security with the lens of threat defense and application security. But regulatory compliance is a key piece of the mobile security function. I predict that in 2025, we will see mobile security prioritizing data privacy needs by implementing robust privacy-preserving technologies. According to Zimperium’s 2024 Global Mobile Threat Report, 82% of organizations allow bringing your own device (BYOD) to work. And a recent survey from Tableau found that 63% of Internet users believe most companies aren’t transparent about how their data is used, and 48% have stopped shopping with a company because of privacy concerns. We will likely see more regulatory compliance baked into mobile security solutions, particularly around data handling and encryption standards. We are already seeing regulatory shifts in the financial sector, holding app developers accountable for any harm towards their end users due to external attacks. Businesses are recognizing that regulatory compliance features are a necessary piece of the mobile security stack, and they are seeking mobile security platforms that address both privacy and security needs.
Andrew Harding, VP of Security Strategy, Menlo Security
Zero Trust Network Architectures (ZTNA) will evolve into a more flexible and adaptable security model
Zero Trust Network Architectures (ZTNA) will evolve into a more flexible and adaptable security model. This evolution will enable organizations to adopt a “Secure by Design” approach and deploy Zero Trust Access even when they do not control and manage the network infrastructure. By eliminating the need for traditional network infrastructure controls, ZTNA will simplify access management and reduce the attack surface. This shift will empower organizations to secure their digital assets more effectively, regardless of user location or device type.
Devin Ertel, CISO, Menlo Security
CISOs Will Be More Mindful of Aligning Security Policies to Business Goals
In most organizations, the security team has historically been viewed as a restrictive function – limiting what employees can and can’t do, the access they have, what tools can be used, how information is shared both internally and externally, etc. This is often seen by others within the organization as a hindrance – an obstacle to be overcome in the pursuit of achieving company goals. In 2025, CISOs will need to be much more cognizant of aligning initiatives of the security team with the overall business goals and needs. A key part of this shift will be looking for products that naturally provide both a security gain and an improved experience for end users. For example, using biometrics such as fingerprints for Multi-Factor Authentication (MFA) is a way that ease of use and security can join together, benefitting the security function and business success.
Doug Murray, CEO, Auvik
The Hybrid Workforce Becomes Permanent
Since the pandemic receded, businesses of all kinds have pursued a hybrid path – with some work being done from offices, and some from home or other remote locations. On one extreme are companies such as JPMorgan, which requires senior leaders to return to the office five days a week – but they are now an outlier.
Some large technology companies have implemented policies requiring their people to spend at least two days per week in the office. But that means people are free to work from remote offices like a WeWork or a home office for the other three days. This increases the need for secure endpoint protections to safeguard those remote employees.Even in this scenario, employees are working outside of the office more often than in the office – a big shift from pre-pandemic working environments.
Many observers thought there would be a big return wave when everyone goes back into the office, but that is not happening. Hybrid work is here to stay, whether at big, midsize, or small companies. That poses a real challenge for IT teams to manage endpoint devices and ensure that everyone has a consistent experience no matter where they are working.
Philip George, Executive Technical Strategist, InfoSec Global Federal
Updating the Shared Responsibility Model to Account for Cryptographic Posture Management
In 2025, the cloud service providers (CSPs) who are able to adapt quickly to the new world reality of post-quantum cryptography (PQC) standards will have an enormous leg up on the competition. This is because PQC will have a huge impact on how CSPs operate, and changes to common practices, policies and service level agreements (SLAs) are essential. Although this issue applies to all organizations, let’s look at the relationship with federal government customers in particular, since these groups will be the first required to adhere to the new guidelines regarding PQC standards. Imagine a government agency is mapping its cryptographic exposure and discovers an issue related to how its data is stored in a FedRAMP authorized public cloud. Who is responsible for this remediation?
Similarly, we have never before required from CSPs such granular and detailed information on the type of encryption in use, but customers (government and non-government customers alike) will require this level of detail to ensure their encryption standards are being met. The CSPs that figure out how to offer this detailed view securely and consistently to customers will be highly appealing to customers in both the public and private sector.
Stephen Kowski, Field CTO, SlashNext Email Security+
Attackers Get More Creative with Exploitation of Trusted Infrastructure
Another part of this evolution involves the growing abuse of legitimate trusted infrastructure and trusted services to distribute attacks and host the malicious payloads. All the resources the attackers are building, whether it’s malware, destination pages, audio voices and images, all those things rely on different bots and interaction services. We have seen attackers find clever places to insert their attacks between a vendor’s technical services and the user’s destination, such as on trusted file-sharing sites or collaboration platforms.
Eric Schwake, Director of Cybersecurity Strategy, Salt Security:
APIs will continue to be prime targets for attackers
In 2025, the cybersecurity landscape will continue to evolve rapidly, with a growing focus on API security. As APIs become essential to business operations and digital transformation efforts, they will likely become prime targets for attackers. We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures. One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security.
To stay competitive, businesses must prioritize API security, recognizing that APIs have become crucial IT assets requiring the same scrutiny and protection as any other valuable resource. This involves implementing robust API posture governance to ensure consistent security configurations and reduce vulnerabilities to lower risk. AI-powered API security solutions, particularly those with strong behavioral threat detection capabilities, are essential for identifying and responding to sophisticated threats in real-time. These solutions can analyze vast amounts of API traffic and highlight genuinely malicious activities within the overwhelming amount of anomalous traffic that might otherwise go unnoticed. By proactively addressing API security challenges, businesses can safeguard their critical assets and ensure the ongoing success of their digital initiatives in the face of evolving threats.
Agnidipta Sarkar, Vice President, CISO Advisory, ColorTokens:
In 2025, the focus will be on combating sophisticated cyber threats like ransomware and phishing, while enhancing defensive strategies to ensure operational resilience and security
As we look ahead to 2025, the digital business landscape is poised for significant cybersecurity challenges and advancements.
On the offensive front, ransomware will continue its destructive path, causing substantial disruptions across both Industry 4.0 and the emerging Industry 5.0 sectors. This persistent threat underscores the evolving tactics of cyber attackers, who will likely increase their focus on breaching hospitals to demonstrate their continued relevance and impact.
We will see a growing specialization among cyber attackers in Operational Technology (OT) and Cyber-Physical Systems (CPS). Nation-state actors will try to leverage these specialized attack vectors to target Critical National Infrastructure in other countries, posing significant risks to national security.
Phishing will remain a dominant method for initiating cyberattacks, a trend that shows no signs of abating. Additionally, cybercrime will continue to exploit the most vulnerable sections of society, particularly in developed countries, highlighting the need for robust protective measures.
On the defensive side, the continuity of digital operations will become a paramount concern in boardroom discussions. As digital business becomes increasingly integral to organizational success, the ability to continue business operations despite cyber attacks will encourage investments. Effectively reporting breaches will emerge as a highly sought-after capability for CISOs.
Passwordless authentication will become the future benchmark for access to enterprise assets. By moving away from traditional one-time passwords and enhancing security, newer platforms will cease to store credentials, reducing breach exposure when providers are attacked.
Microsegmentation will transform, with AI playing a central role in reducing deployment times from months to minutes and in integrating with existing cybersecurity investments. This shift will enable more agile and responsive breach containment, ensuring operational resilience during cyber attacks.
Finally, CISOs will gravitate towards integrated cyber defense platforms, seeking cohesive and comprehensive security strategies to address the multifaceted nature of modern cyber threats.
Ken Dunham, Cyber Threat Director for Qualys Threat Research Unit
Nation-state cyberattacks, long-term cloud compromises, and data leakage risks will increase, making recovery from breaches harder
“Nation-state attacks and cloud-based compromises with extremely long dwell times will continue to emerge at an increasing rate with large scale impact as security catches up with post-Covid and digital transformation efforts from the last few years, where adversaries are increasingly able to maintain ‘stealth for survival’.
Beyond that, complex DevSecOps, API, and integrated cloud solutions will emerge as one of the leading threats as an attack vector for significant impact. We’re also going to see more accidental disclosure and insider threat risks for exfiltration, and challenges with preventing data leakage, due to how companies are still adopting technology without adequate security controls and architecture in place.
Recovery from incident and breach will become increasingly difficult and take longer for organizations as adversaries become efficient at destroying backups and other resiliency measures that are in place, in an attempt to improve extortion payouts.”
Richard Seiersen, Chief Risk Tech Officer, Qualys:
Cyber risk quantification (CRQ) will be a core organizational practice for most CISOs in the next five years
“Measuring risk is a core capability, not a product. As cybersecurity maturity grows, the integration of financial metrics with technical security data will become critical. The industry calls this “CRQ” but I call it cybersecurity risk management. You can’t extract quantitative measurement from the broader domain of cybersecurity risk management – they are one and the same. The good news is that the majority of CISOs will have CRQ capabilities in 2025 – in part or wholly integrated into their cybersecurity risk management programs.”
Mayuresh Dani, Manager, Security Research for Qualys Threat Research Unit (TRU)
The attack surface will expand in 2025 as AI/ML adoption grows, with greater risks from emerging threats and data exposure.
“As AI/ML adoption grows, so does the attack surface, with new components, open ports, and shadow accounts, leading to more vulnerabilities and insecure environments. AI is also being used by cybercriminals, enabling AI-generated attacks that bypass traditional security measures. The release of new models increases the risk of jailbreaking, exposing sensitive data.
To secure these systems, organizations should:
- Test shared data rigorously.
- Implement a zero-trust environment.
- Monitor components and their interactions.
- Conduct frequent testing and updates.
2025 will also see an increase in multi-cloud setups processing AI/ML data, exponentially increasing the attack surface.”
George Jones, Chief Information Security Officer at Critical Start
Personal Liability Will Reshape the CISO Talent Market
With liability risks on the rise, organizations will make bold moves to attract top security talent. In response, organizations will implement stronger protections, including indemnification clauses and enhanced Director & Officer (D&O) insurance, to shield CISOs from undue personal risk. To further distribute accountability, companies will expand leadership structures by introducing roles like Chief Risk Officers (CROs) and Data Protection Officers (DPOs), ensuring clear role delineation. These measures will not only attract top cybersecurity talent but also create a more secure professional environment, enabling CISOs to prioritize risk resilience and regulatory compliance without fear of excessive personal exposure.
Jose Seara, founder and CEO at DeNexus:
Securing Modernized ICS/OT/IIoT Systems: Balancing Innovation with Cyber Resilience in Today’s Landscape
The inevitable modernization of ICS/OT/IIoT systems for efficiency, easier operations, maintenance, or even automation, means that connectivity between such systems and corporate/IT networks will only multiply, bringing additional threats and exposures. If adequate cybersecurity monitoring is also deployed, this threat increase can be compensated by the opportunity to upgrade antiquated systems that can no longer be patched.
Also, ICS/OT/IIoT are at the crossroads of several governmental initiatives to improve the cyber resilience of critical infrastructures that operate with such systems: the critical infrastructure designation for many sectors operating with ICS/OT/IIoT; the “Secure by Design” mandate from CISA; the SEC cybersecurity regulation (S/K) that demands better governance of cyber risk; and, most recently, November 2024 being designated as Critical Infrastructure Security and Resilience Month, to name a few.
Balazs Greksza, Threat Response Lead, Ontinue
Ransomware-as-a-Service (RaaS) and specialized subservices will further commoditize the criminal marketplaces.
The importance of Initial Access Brokers will continue to rise due to the success of Information stealers and Loaders. Additionally, in 2025, we’ll likely see larger and more successful ransomware groups enjoy heightened international attention from law enforcement organizations. With the increasing number of successful takedowns, extraditions, and arrests, some groups are expected to further fragment and rebrand themselves, but only a small percent might be deterred from continuing their cybercrime activities.
Seth Spergel, Managing Partner at Merlin Ventures
The Best Use Cases for AI will be Blended With Humans
As a VC firm specializing in cybersecurity innovation, we (like every VC in every segment) have observed a huge influx in startups touting AI technology – to varying levels of success. It’s easy to get lost in a sea of undifferentiated solutions touting AI as a cybersecurity panacea. Instead, we look for companies that have a clear vision and use case for how AI can help make humans more effective, productive and/or efficient, and are poised to make a meaningful contribution to the cybersecurity community.
When considering AI innovations, I like to use the Iron Man analogy. On its own, Iron Man’s suit has some pretty cool functions. But to truly have an impact, the suit needs Tony Stark inside. He’s the one with the vision of what needs to be accomplished and how. Today, our best AI models still need human oversight and input, but together, AI and humans can accomplish far more than either could on their own. AI technology can significantly offset the burden on humans when it comes to more mundane tasks like data cleansing and basic correlation, freeing up skilled operators to tackle higher value projects while making more informed decisions. In a sense, AI is helping to scale humans and help them reach new levels of productivity and ingenuity. One example of the type of cybersecurity technology that is leveraging AI in meaningful ways is Tamnoon’s human/AI hybrid cloud management and remediation platform that is significantly changing the equation on the number of FTEs required to successfully manage cloud security environments. Tamnoon is not only reducing the number of humans needed to do the work, but it is allowing those few humans that are doing the work to be far more effective than operators working without such an AI platform will ever be.