As we look to a New Year on the calendar, it is safe to say that many of the same challenges from 2024 will remain – especially in the world of cybersecurity. Artificial intelligence (AI), machine learning (ML), and large language models (LLM) will offer new opportunities, yet, remain tools that can be exploited for nefarious purposes.
Likewise, many of the same threats from 2024 will remain.
That means ransomware attacks aren’t going away nor are phishing schemes. Careless employees who click the wrong link are likely to remain the weakest links in any cybersecurity plan.
ClearanceJobs talked to experts in the field, and we look forward to what the New Year could bring.
“Hackers will likely continue to refine their techniques, leveraging advanced tools and strategies to exploit vulnerabilities and bypass security measures. This includes utilizing AI and machine learning to automate attacks and make them more effective,” warned Lawrence Pingree, vice president at Dispersive.
AI vs. AI
AI will remain a buzzword, even as it is so much more, as 2025 could be the year that we see true AI vs. AI showdowns.
“The good guys will use AI to defend against AI-powered cyberattacks,” suggested Chris Hauk, consumer privacy champion at Pixel Privacy.
“It will likely be a year of back-and-forth battles as both sides put to use the information they’ve gathered from previous attacks to set up new attacks and new defenses,” Hauk continued.
AI will continue to be employed to generate ever-convincing deepfakes, which will make the rounds on social media – where misinformation and disinformation will continue to spread. Yet, here too AI could become a tool for good.
“We’ll see more and better cybersecurity AI-enabled defense tools fighting back. AI is the one technology where the defenders will finally get the edge on attackers,” said Roger Grimes, data-driven defense evangelist at KnowBe4.
“As AI continues to accelerate every organization’s access to and use of an ever-increasing amount of data, the approaches used to ensure the access to this data is secure, compliance to legal and regulatory requirements are going to come under the spotlight,” added Simon Gooch, field CIO at Saviynt.
AI and Data Management
In the New Year and beyond, organizations may need to be able to police the use of AI and data at a scale, scope, and speed that most tools deployed today won’t be able to scale to cover. This may also require better use of data management.
“Unless an organization has a robust, digital, adaptive and dynamic approach to cataloging, tracking data usage and consumption in an ecosystem that increasingly moves data around through interconnectedness of the cloud and SaaS, it will face significant consumption and operational issues,” Gooch continued.
He said that this “triumvirate of challenges” is yet another construct created out of the needs driven by AI consumption.
“People and processes are not able to take actions with the speed and dynamism required to allow the potential of AI investments to be effectively realized at a scale to justify those investments. To solve this, we have turned to non-human constructs to speed up this processing and consumption in a dynamic and infinitely configurable way,” said Gooch. “Without investment in non-human identity security systems, we run the very real risk of deploying new AI-based systems without effective controls that perform poorly understood and managed actions on data enabled at a speed and complexity through non-human constructs that we don’t understand and securely manage.”
Open Source Will Bring Opportunities and Challenges
Chris Hughes, chief security advisor at Endor Labs and Cyber Innovation Fellow at the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA), suggested that in 2025 we could see widespread open source software (OSS) adoption coupled with increasingly sophisticated attacks on OSS by malicious actors.
“Organizations will continue trying to get foundational OSS governance in place, and leverage open source and commercial tools to help them start to understand their OSS consumption as well as make more risk-informed consumption of OSS,” said Hughes. “Enterprises will continue pushing for transparency from vendors regarding what OSS they use in their products, but the tug of war will go on, with no widespread mandates driving change, leaving organizations to fend for themselves when it comes to OSS governance and security.”
Signal Noise Will Remain An Issue
In the world of cybersecurity, there can be too much information. Already, organizations are drowning in noise, findings, alerts, and notifications.
“Signal through noise will continue to be the name of the game for AppSec in 2025,” added Hughes. “They are in desperate need of context and are looking for tools to not just provide insights around exploitation, exploitability, and reachability for better prioritization, but to take it a step further and move towards remediation and solutions that help not just find, but fix problems.”
Key Recommendations for 2025
For the New Year, cybersecurity will continue to rely on understanding the risks that come with our ever-connected world.
That includes “risks beyond corporate borders, including those impacting your supply chain and third-party partners. Leveraging tools like Cyware’s Collaborate (CSAP) – which includes vulnerability advisory sharing, threat assessment surveys, action assignment, and security collaboration capabilities – will grant you a panoramic view of your risk environment that also gives you a deeper intelligence perspective to protect customers from third-party risks,” said Cyware President Jawahar Sivasankaran.
Jim Routh, Chief Trust Officer at Saviynt, offered several recommendations beginning with the need to identify security as being significant to enterprises.
“Identity access management has been a resource drain for both IT and Cyber organizations over the past three decades largely due to the premise that enterprises must add administrators as the business volume grows. This is ‘old-school’ thinking that drives up operating costs with a minimal increase in business value,” said Routh. “With the large majority of cyber security incidents involving credential compromise today, enterprises are now starting to think of identity as a core security function – rather than an IT function – that looks more like how a Security Operations Center (SOC) operates.”
That should include: security intelligence, preventative control implementation, anomaly detection/cyber hunting, event/incident management, and application of lessons learned.
“There can be no zero-trust implementations for an enterprise without identity security as a core component,” added Routh. “The proliferation of cloud accounts, machine accounts, API accounts is overwhelming conventional identity governance capabilities.”
He said too that identity security requires a more robust privilege access management capability that uses behavioral patterns to identify normal business activity.
“Deviation from patterns triggers an automated workflow to manage risk (eg: remove entitlement access) without human involvement. This is well beyond the core password vaulting approach in place in the majority of enterprises today,” Routh continued. “CISOs can increase throughput (transactions) capacity while lowering transaction costs resulting in higher productivity, more mature risk management practices and the corresponding cyber resilience along with higher employee satisfaction.”
