As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges.
Here are some key predictions that I believe will take place or start to happen in the coming year.
Given the current political and social environment globally, we will start seeing a more noticeable amount of digital fatigue. This fatigue will lead to more people disconnecting completely when outside of work.
Technology trends will begin adopting digital fatigue protection as part of their value propositions. This adoption will impact security, particularly in managed services, where organizations will find an amplified talent shortage due to the need for employees to want to disconnect. The constant on-call mentality of workers will start to trend the other way and, as such, organizations will look to complement their workforces.
The continued rise of AI will not slow down. We’ll continue to see those who force AI adoption and those who steadily and pragmatically adopt where appropriate. Vendors will create and productize more and more Copilot-type AI, which will not replace but rather enable humans to develop and deliver to a higher level.
From an Application Security perspective, API security will be a critical area of focus. APIs will continue to be adopted and used for system-to-system communication, which also means they will be an area of focus for attackers. Organizations will begin to adopt API gateways and security platforms to better protect APIs. Due to the sheer number of APIs that organizations will have to manage, platform-based API management tools will gain prevalence.
Deepfake technology will be used more often for fake CEO calls and business scams. Attackers will use deepfake audio and video to pretend to be company leaders during phone or video calls, tricking workers into sending money or giving away important information. The quality of deepfakes is improving so much that even companies with high security, like banks and government offices, could fall for these fake calls. Deepfakes will be used to make people believe false things about their leaders or actions. Attackers might create fake videos that show company leaders saying controversial things or doing illegal actions. The goal would be to cause people to lose trust in the company or make its stock price fall. These deepfake videos might be shared at times when they can do the most harm, like during big announcements or important deals.
OT security will continue to be front page news – we’ll see a continued number of attacks against OT environments either by hackivist or nation state actors. Some of these attacks are likely to be on an even larger and more significant scale than we have previously seen. This will start to drive a change in OT security with OT risk falling more and more under Information Security departments to manage. Regulations for OT security will continue to evolve as we navigate the potential physical and societal impact of OT-centric attacks.