By Curtis Simpson, Chief Information Security Officer, Armis
As the end of year approaches, we all begin to—in both our personal lives and a professional capacity—wind down and shift gears to prepare for the year ahead. Part of making this a successful transition also requires us to strategically forecast what is to come.
Here are the themes that I believe will preoccupy the cybersecurity space in 2025. I hope these predictions act as gentle guidance for Security and IT Leaders to help prioritise their efforts and define strategy when tackling an increasingly complex and dynamic threat landscape.
Increased Demand for Comprehensive Asset Visibility
The escalating complexity of environments across IT, OT, IoT, IoMT, and cloud has ignited a pressing need for comprehensive and contextual asset visibility. As organisations grapple with the proliferation of connected devices, networks, and applications, the ability to accurately identify, track, and understand their assets will become even more critical in 2025. This demand is driven by a multitude of factors that include increased security risks, compliance mandates, operational efficiency, and cost optimisation.
The Allure of AI: Separating Fact from Fiction
AI has the potential to revolutionise cybersecurity, but it’s essential to understand its capabilities and limitations. A new working paper from the National Bureau of Economic Research revealed that more than 50% of companies with more than 5,000 employees were using AI in some form. With this new adoption, there’s an inherent risk of over-reliance on AI, which has led to false positives or missed threats. While 2024 saw a boom in general AI adoption, we’ll gain further perspective on likely scenarios where AI experimentation has high potential to go right, and better understand where it can go wrong or provide limited real world operational value.
Automated Threat Detection and Response Become a Requirement
The increased volume of cyber threats is fuelled by the adoption of AI and the growing attack surface. As these interconnected systems become more prevalent, they will present new attack vectors for malicious actors. We can expect to see a rise in sophisticated AI-powered attacks that further shorten the timeline from when a vulnerability is disclosed to active exploitation. Each year, we’ve also seen an increase in the number of disclosed vulnerabilities that can be exploited for large-scale botnet attacks and data breaches. These threats will pose significant challenges to organisations of all sizes, demanding robust cybersecurity measures to protect their digital assets.
To effectively combat the escalating cyber threats of 2025, CISOs will need to leverage the power of AI and machine learning-driven solutions. These technologies can analyse vast amounts of data in real-time, enabling rapid detection of emerging threats and anomalies. By automating threat detection, prioritisation and response processes, IT and security leaders can reduce the mean time to detect (MTTD) and mean time to respond (MTTR) to effectively contain incidents and minimise their impact to the business. By streamlining security operations, security teams will focus on continuous improvement and shift towards proactive security.
Shifting Focus From Prevention To Cyber Resilience
As CISOs recognise the inevitability of cyber breaches, they will increasingly prioritise resilience over prevention. This shift in mindset will involve implementing strategies that enable rapid detection, containment, and recovery from attacks. By focusing on resilience, organisations can minimise the disruption to their operations and protect their critical assets. This includes developing robust incident response plans and fostering a culture of security awareness among employees. Additionally, CISOs will need to establish strong partnerships with external stakeholders, such as law enforcement, to facilitate effective incident response and recovery efforts.
Growing Pressure to Proactively Demonstrate Compliance
Regulatory environments will continue to tighten globally and CISOs will need to ensure their organisations meet evolving compliance requirements across industries (GDPR, CCPA, NERC CIP/etc). In 2024 alone, we saw several high-profile fines across major healthcare providers, financial institutions, and retailers after cyberattacks compromised the personal data of their customers.
The penalties can be severe, both financially and reputationally, emphasising the importance of prioritising compliance. Adopting platforms that provide automated compliance tracking and reporting will be essential.
Next-Gen Quantum Preparation Will Finally Begin
With the next-gen quantum readiness timeline becoming increasingly fuzzy and being potentially closer than we like to think, this will be the year that enterprises begin formally testing the implementation of quantum-ready encryption in the cloud.
In parallel, the inability to deploy quantum-ready encryption against legacy areas of enterprise environments will begin to be used as additional justification criteria to accelerate the decommissioning of legacy assets, post-transformation.
With Y2K, there was a deadline. When it comes to adversaries unlocking next-gen quantum capabilities with the potential for destruction, there is no deadline and it’s no longer being considered too soon to make progress.
Proactive Defense Against Advanced Persistent Threats (APTs)
APTs will continue to grow in sophistication and state-sponsored motive, making early-stage detection and disruption crucial. In 2025, we’ll see a growing investment in technology to identify lateral movement and prevent attackers from gaining a foothold, a common tactic used by APTs to spread throughout an organisation. By detecting and disrupting lateral movement, CISOs can prevent attackers from establishing a foothold and minimising the potential damage caused by a breach. Additionally, implementing robust security measures such as network segmentation will be essential to thwarting APT attacks and protecting critical infrastructure.
Addressing the Cybersecurity Talent Shortage with Managed Security Service Providers
Hiring cybersecurity talent continues to be a challenge driven by several factors such as rapid advancements in technology struggling to keep pace with demand, increased complexity of threats, and uneven geographic distribution of talent across the globe.
As organisations struggle to find and retain qualified security talent, they will increasingly turn to managed security services and automation tools to bridge the talent gap. Managed Security Service Providers (MSSPs) can offer specialised expertise and round-the-clock monitoring, allowing CISOs to augment their internal security teams and address critical security needs. Additionally, automation tools can streamline routine tasks, freeing up security professionals to focus on more strategic initiatives. By investing in managed security services and automation, CISOs can ensure robust security operations while mitigating the impact of the talent shortage.
Proactive Monitoring of Third-Parties and Supply Chain Risk Management
As global supply chains become more interconnected, the risk of cyberattacks targeting third-party vendors and partners also increases. CISOs are increasingly recognising the critical importance of proactively managing these risks to protect their organisations from potential breaches and disruptions.
With increasing cyberattacks on supply chains, CISOs will emphasise continuous monitoring of third-party vendors and partners. This involves regularly assessing their cybersecurity practices, identifying potential vulnerabilities, and ensuring that they comply with the organisation’s own security standards. Their ecosystems being secure through continuous monitoring ensures their supply chains do not become an entry point for cybercriminals.
Comprehensive Cloud Security Prioritisation That Extends To All Clouds
As the cloud landscape becomes increasingly complex with organisations adopting a mix of public, private, and hybrid clouds, CISOs are facing the challenge of managing cloud security across disparate tools and platforms. Adoption of new and usually disjointed cloud security approaches makes it increasingly difficult for the CISO to ensure consistent protection across cloud environments which can lead to increased risk of security gaps and vulnerabilities.
To address this challenge, CISOs will demand security solutions that provide consistent monitoring, control, and threat management capabilities, enabling them to effectively manage risks and protect sensitive data regardless of where it resides. By investing in comprehensive cloud security solutions, CISOs will mitigate the challenges associated with cloud adoption and ensure the confidentiality, integrity, and availability of their organisation’s most critical assets.
Balancing Budget Constraints Vs. Expanding Threat Landscape
As the threat landscape continues to evolve and become more complex, CISOs are faced with the daunting task of securing sufficient budgets to address emerging risks while maintaining cost-efficiency. With limited resources, CISOs must prioritise security investments that provide the greatest return on investment and effectively protect their organisations from evolving threats.
To navigate these challenges, CISOs will advocate for investments in single platform solutions that can reduce complexity and optimise costs. By consolidating multiple security functions into a unified platform, organisations can streamline their security operations, improve efficiency, and reduce the overall cost of ownership. This approach can also help to address the growing skills gap in cybersecurity, as single platforms often require less specialised expertise to manage through a unified experience across the organisation.
Effective data driven, business-oriented storytelling will continue to be critical to the success of the role and equally, to the securing of the budget required to build and maintain the right program. Security solutions that rapidly enable the consumption of business-relevant data and context that can be used to power effective storytelling for business stakeholders will be some of the stickiest and most valuable products in the stack.
In summary, 2025 will underscore that corporate boards will have increased responsibility for cybersecurity through an expanding threat landscape, critical cybersecurity talent shortage, and increased regulatory pressure. As security and IT professionals prepare for the year ahead, it is crucial to prioritise the ability to see, protect, and manage the entire attack surface. Safeguarding mission-critical assets from cyber threats remains paramount. While this may seem like a daunting task, partnering with the right cybersecurity solution provider can make this resolution not only achievable but a reality.
