Mark Jow, cloud and network security product firm Gigamon’s Technical Evangelist from EMEA, offers some cyber predictions for 2025. First, he says that there will be an AI tug of war between attack and defence.
Organisations will increasingly gravitate towards implementing AI-powered technologies into their operations to improve security measures. At the same time, threat actors will continue to use the technology to launch novel and adventurous attacks. However, AI also has the potential to democratise and lower the barrier to entry for less skilled threat actors, which will likely raise the overall volume of attacks as we head into 2025. The success of ‘AI in defence’ will therefore be determined by the quality and quantity of data available to feed the AI engines, such as network telemetry, which will be critical for AI technologies. Those organisations who can properly embrace and integrate AI powered technologies into their defense solutions will be pulling the rope in the AI tug of war in favour of the home team.
2. Insider threats will increase with AI: Impending cybersecurity legislation such as DORA, and the already in situ NIS2, will change the way hackers operate as they are forced to deploy new techniques to circumnavigate the stringent regulatory environment. As organisations continue to lean into AI adoption, this growth may prompt a rise in unconscious human error as individuals unwittingly grant access to systems and expose sensitive information to erroneous sources. AI chatbots pose a significant threat not only from a data privacy perspective, but also due to the potential for injection attacks. On the other hand, social engineering tactics such as whaling – an elaborate form of phishing using high-level executives – are made more targeted and dangerous by AI by automating and personalising the messages based on extensive online searches. The growing sophistication of AI technologies will prompt the proliferation of ‘unconscious’ insider threats and make it easier to exploit unsuspecting professionals who believe the credibility of requests being made over the network.
3. The rise of the “business strategist” CISO: The CISOs of 2025 and beyond increasingly will be business strategists who have a good grasp of security and security principles. and can articulate to the board and C-Suite the value and benefit to the business in terms they understand, in order to prioritise security centric investments. With 6 in 10 CISOs claiming they would feel empowered by cyber risk becoming a boardroom priority, their ability to engage the board will be crucial in securing the resources necessary to protect the company.
4. The old ways into the network will continue to be the most popular: The old ways that hackers have gained access to the network over the last few years – such as phishing, smishing, spear phishing, compromising credentials, sharing passwords and incomplete MFA – will continue to dominate headlines in 2025. However, organisations can change this narrative and reduce the effectiveness of these attacks, particularly within public cloud environments, with real-time visibility and insights into lateral and encrypted traffic, as opposed to traditional security tools that provide incomplete visibility. Having a holistic view of all the activity within their network would enable organisations to respond to suspicious activity, both on the perimeter of their networks and within them, before it becomes an active threat. This would effectively render any traditional attack methods obsolete.
5. Core collaboration across teams will be a priority: An appropriate balance of power within organisations between cloud development and security teams must be established, with security teams leading the way. Cloud application developers must collaborate with security experts that can deploy necessary tools and techniques to monitor network traffic, as without airtight security, any investment in cloud environments is effectively redundant.
A similar level of collaboration must also be established between the CISO and CFO. CISOs should be more solution-oriented when approaching the CFO, demonstrating why and how an investment in a specific technology will make a difference to the safety of an organisation, rather than leading with a technically dense and inaccessible sales pitch. Working together in the right way will catalyse long-term business success and security.
6. Supply chain attacks will persist: According to Forrester, a staggering 91 per cent of enterprises have fallen victim to software supply chain breaches and incidents in just a year, underscoring the need for better safeguards. Organisations will therefore have to take a much more thorough and robust approach to validating and assuring the security integrity of their suppliers. This includes extending the visibility solutions implemented within the parent organisation to gain insights into activities occurring within their supply chain partners. With only 40% of IT and security leaders claiming to have visibility into laterally moving traffic, down from last year’s 48 per cent, organisations are leaving themselves vulnerable to threat vectors that gain access through their third-party suppliers and move laterally along their interconnected networks. Without proper monitoring, this movement can be entirely silent and deadly, enabling living off the land attacks and data exfiltration.
