By the end of 2024, the cybersecurity industry faces many challenges. For starters, losses due to cybercrime have quadrupled to $2. 5 billion since 2017, according to one report.
Major companies are losing millions to ransomware or, in T-Mobile’s case, a $30 million settlement for exposing customer data. One US cybersecurity firm even accidentally hired a North Korean hacker.
As we enter the new millennium, the online security landscape will continue to evolve beneath our collective feet. How can you make sure you stay on top of the latest trends? As we analyze the advisor below, we analyze dozens of predictions, warnings. and predictions from cybersecurity experts to leverage the most productive of the most productive.
Here’s what to expect from the world of cybersecurity across the new year.
The Biggest Cybersecurity Predictions for 2025:
The “Internet of Things,” or IoT, refers to any tech devices that are connected to the internet and rely on software updates, from smart fridges to thermostats, doorbells, and even pacemakers. They’re all doing better than ever today, and that strikes fear in the hearts of many cybersecurity experts — because all those devices are now freshly vulnerable to cyberattacks.
Daniel Pearson, CEO of KnownHost, notes that IoT is rarely just for smart homes. Companies have many IoT devices in their facilities: sensors, monitoring equipment, energy control systems, and office pieces including light bulbs, door locks, and video surveillance systems.
To address the greatest number of potential vulnerabilities, in 2025 companies will need to “ensure that their smart devices have well-secured multi-factor authentication, standard encryption and firmware updates,” explains Pearson.
Zero Trust architectures require continuous verification to mitigate the dangers of lateral attacks by minimizing implicit trust. By 2025, they will expand beyond device security and begin to encompass all users, devices, applications and interactions.
Ofer Regev, CTO at Faddom, predicts that Zero Trust will go beyond devices.
“Zero Trust will go beyond devices and networks to include identity verification frameworks for all virtual interactions. With the rise of remote work and decentralized formulas, classic identity models may not be around anymore. This will require teams that can track and validate user behaviors and formulas in dynamic IT environments. -Regev
The expansion of Zero Trust will arise as cybersecurity professionals continue to look for more measures to keep their businesses secure.
A report from Bitsight and Diligent has found that despite cyber-secure companies delivering four times higher financial performance than their peers, a mere 5% of companies have cyber experts on their boards.
How can IT professionals communicate with their boards? Risk quantification, according to Diligent’s own CISO, Monica Landen, who says the it will emerge as “the strongest and most reliable tool for communicating cyber risk to your boardroom in 2025.” Landen compares risk quantification in the security sector to risk assessment in the insurance industry: Constantly improving.
“2025 may simply be the year of greater cross-pollination among organizations to talk kindly about cyber dangers to the board. Security groups have been isolated, but if they can link their demanding situations and successes with the impact of visitors, sales flow or product development, the Our barriers will worsen and the impact, positive or negative, of poor security will locate a good enough echo with the board. -Landen
Enterprises will want a physically powerful GRC framework to ensure that cybersecurity remains the cornerstone of their overall threat control strategy in the new year. In 2025, cybersecurity will need to be a priority at all levels of an organization.
Upskilling and reskilling are constant issues for cybersecurity administrative staff. Software updates are constantly being rolled out, so staff will need to download new degrees and certifications to stay up to date.
Keatron Evans, vice president of AI strategy at the Infosec Institute, predicts that the skills gaps (and the learning needed to close them) will be greater than ever in 2025. And it’s not just entry-level staff who will have to get to work. .
“When we talk about cybersecurity skills gaps, one of the mistakes other people make is that they include those gaps in every entry-level position. However, across the industry, we learned that some of the biggest gaps lie in the need for experienced skills with a few years of work under their belt […]” -Evans
The industry will most likely see an accumulation of practical or verifiable skills, as well as the immersive learning that is intended to be taught to them, says Evans, adding that “part of the challenge lies in the degrees and certifications required within the industry. ” Workers will want to balance the threat of burnout with the desire to continue adding new certifications.
Ofer Regev takes the skills gap debate a step further and predicts that it will drive lightweight automation tools: “The global shortage of IT professionals will worsen in 2025,” says Regev, “which will push corporations to adopt tools. ” lighter automated. Complex responses that require deep expertise will lose ground to agentless technologies that temporarily simplify implementation and drive value.
Of course, this is the only prediction similar to the use of artificial intelligence technology.
The cybersecurity experts we consulted for this article had many other predictions about AI, but the overall trend can be summed up as follows: AI will continue to take its place within the industry as a whole. AI has long been a solution to locate a problem. , and in 2025, you may start to locate those problems.
This may seem like simply bottom-up technological development, as Keatron Evans argues:
“People who really want to stay ahead of cybersecurity want to get closer to the generation, not just how consumers use it. Next year will be the year to advocate for understanding the underlying generation and how it works – it will be making the workers are exponentially more empowered. -Evans
According to knowledge privacy company Kiteworks’ 2025 forecast report, this may simply seem like a greater threat to knowledge security than, depending on education, it will bring.
“In 2025, stricter global regulations will demand transparency and accountability for AI data handling, with organizations facing penalties for mishandling sensitive content. To combat these threats, businesses must implement robust AI governance frameworks, prioritize privacy-preserving technologies, and adopt secure model development practices to ensure compliance and safeguard trust.” -Kiteworks
AI will force backup automation, says Sebastian Straub, principal response architect at N2W.
“2025 will see the beginnings of backup systems with near-zero administrative intervention. AI will learn the intricate patterns of data usage, compliance requirements, and organizational needs, becoming a proactive data management expert, autonomously determining what needs to be backed up and when, including adherence to compliance standards like GDPR, HIPAA or PCI DSS.” -Straub
However, adapting AI is an uphill battle. Staub also warns that AI is “not a silver bullet” and that we will still see many “unfortunate acceptance and compliance breaches” as corporations struggle to integrate AI into their systems in 2025 and beyond.
Tim Matthews, CMO at CyCognito, argues that we’ll see an uptick of data breaches due to “unknown, undermanaged assets.” Matthews predicts that 70% of breaches in 2025 will be traced back to these assets, marking an increase from the 60% that many analysts estimate today.
“This will be driven by the development of complex attack surfaces, cloud migrations, third-party dependencies and remote execution infrastructure. Organizations will be forced to move from reactive, asset-specific security to a discovery-based strategy that focuses on external parts of the known inventory. -Matthew
This chimes with the wider tech trends predictions we collected from tech professionals across many more industries: More proactive measures will be required in 2025, not just reactive ones.
In the end, the story remains the same for the online security business. Whether the tools and protocols are AI functions, Zero Risk architecture, or risk quantification, it all marks a constant arms race of upskilling between bad actors and cybersecurity pros, with no genuine end in sight.
We are sorry that this article did not help you today; We welcome your feedback, so if you think we may limit our content, please email us at contact@tech. co.
PowerSchool confirms Social Security numbers and personally…
As the U. S. ban on TikTok approaches, rumors about shoppers. . .
With its ban lurking in the United States, we take a look at. . .
UN aviation is hacked in an incident. . .