Trustwave Blog

Trustwave’s 2025 Cybersecurity Predictions: Zero Trust and AI Regulation

Written by Darren Van Booven | Dec 27, 2024

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025.

Here is the latest installment.

 

More Organizations Adopting Zero-Trust Architecture

The shift toward zero-trust architecture (ZTA) is being driven by several factors:

  • The continued migration of critical workloads to cloud-based infrastructures and software-as-a-service (SaaS) providers.
  • The increasingly decentralized and remote nature of today's professional workforce.

Many organizations, including several of our clients, have implemented zero-trust solutions through platforms like Zscaler or other prominent vendors in the space.

Over the last year we’ve highlighted the need for and benefit of implementing a ZTA, specifically when it comes to protecting databases using Trustwave DbProtect.

Trustwave DbProtect proactively assesses threats to databases so organizations can gain visibility into the conditions in their on-premises or cloud databases that could lead to a data breach. It automates critical data security by uncovering vulnerabilities that would-be attackers could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations.

 

AI Regulation: EU Fines Against Generative AI Providers

European regulators are imposing fines on generative AI providers, predominantly for privacy violations under GDPR. The EU has a reputation for targeting tech companies with penalties related to privacy issues and monopolistic practices.

Setting up AI systems often involves granting access to large datasets, yet many organizations fail to apply rigorous scrutiny to this process. This lack of oversight could lead to significant data breaches. The EU, with its stringent GDPR enforcement and propensity for issuing substantial fines, is likely to be the primary arena for these regulatory actions.

The EU is also about to roll out a new non-AI regulation, The Digital Operational Resilience Act (DORA). DORA will go into effect on January 17, 2025, with the goal of fortifying the financial sector against cyber risks and operational disruptions. There are also substantial penalties in play for non-compliance. Organizations that violate DORA’s requirements face fines of up to 2% of their total annual worldwide turnover, and ICT third-party providers designated as critical by the ESAs face fines of up to EUR 5 million.