Cybersecurity leaders always have a lot of mind. What are the latest threats to their companies? What emerging technologies can strengthen their defenses? How can they ensure the necessary talent and the budget? What is on the regulatory horizon?
While 2025 begins, the informationweek spoke to four leaders of the cybersecurity space on some of the greatest problems in their minds.
Threats and defense fueled by AI
The AI was on everyone’s lips in 2024, and there is every reason to expect this technological boom continues to be high -end in 2025.
The AI makes threat actors more prolific and sophisticated. They can use it to automate large -scale attacks. They can make phishing lures more convincing. Deepfake audio and video continue to improve, which makes them more difficult to spot. In 2024, crooks actually handled a financial worker Pay them $ 25 millionThanks to a Deepfake video conference.
The same powerful capacities of AI are, of course, applied on the defensive side. Automation directed AI, for example, accelerates threat detection and releases analysts for more complex work.
But AI has a myriad of use cases. In addition to threats to cybersecurity and defensive tools, this technology is applied in the technological pile. Cybersecurity leaders must think about the implications of AI security in their businesses.
“We see a lot of projects advance (advance) and it seems that security is … We asked to follow behind the company and reduce the risk afterwards,” explains Patrick Sullivan, CTO, Safety Strategy at the Akamai TechnologiesA cloud computing and security company.
Initiates threats
In 2024, Knowbe4 hired a North Korean pirate To fill an open computer position. The cybersecurity company recognized the threat of initiates very early, even before the person was on board. But it is not a kind of isolated threat.
The aggressor’s nation states will continue to use this type of approach to infiltrate US companies and critical infrastructure providers, whether to steal intellectual property and data or to disrupt essential services.
“We are really seeing a need for advanced controls in this talent acquisition process and in our current initiate threat monitoring programs to be able to mitigate these new types of attacks that exist,” said Sharon Chand, director of Cyber-risk services to the consulting company Dowellysays.
Climbing geopolitical tensions
The growing geopolitical tensions around the world are part, in part, in the cybersecurity space. Threat actors established by the State And hacktivists target organizations in the United States and around the world at the service of political objectives.
The United Kingdom has sounded alarm with regard to Russia’s ability to lead a cyber war On British companies, reports the BBC. Us Cyber Commandartar from China’s ability to disrupt American critical infrastructure In the event that a conflict broke out between the two countries, according to Reuters.
Disturbing cyber attacks
This year should be a record for ransomware payments, and the blockchain data platform is underlying that “Big game“Is a large driver.
Sam Rubin, Vice-President Director of Unit 42 Consulting and Threat Intelligence at Cybersecurity Company Palo Alto networksIndicates to InformationWeek that attacks that cause disturbances of paralyzing companies are increasing.
“These disruptive attacks in particular for major organizations playing a big role in the economy or on their market become the target and the means for the threats of getting very big days of remuneration of several million dollars” , he explains.
Zero day vulnerabilities
In November, Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and a number of their partners have published a list of The best regularly exploited vulnerabilities in 2023. Of the 15 best vulnerabilities and common exhibitions (CVE), 11 were zero days.
“Some of this are actors in the nation state. Part of this are ransomware operators. Thus, all the opponent classes seem to rotate more towards zero days, ”explains Sullivan.
Third party risks
During the summer of this last year, cases of thousands of automotive dealers were turned upside down after Two cyber attacks on a single software provider: CDK global. The health care industry has experienced a major disruption when the change in health, a payment and complaint provider was ransomware. The potential of another cyber attack with a massive training effect was loomed in 2025.
“There are so many dependencies with regard to third parties among many, many companies and various industries. And, I think there will be a large-scale attack on a company that has an impact not only on this business, but these depend on it, “explains Ann Irvine, data manager and analysis at ResilienceA cybersecurity risk management company.
While companies integrate more third parties in their supply chains, more web applications and APIs are exposed, underlines Sullivan. “(Companies need) to understand where these vulnerabilities emerge, to prioritize them, then have an effective correction process to be resolved,” he urges.
The need for integrated safety platforms
The market for platforms and safety tools is massive. If you can think of a security challenge, there are probably a multitude of suppliers who claim to serve a solution. But there is a movement to consolidate these solutions.
“We note that the continuous creativity of the bad actors entering several types of vectors of attack, and historically, some of our defenses have been quite fenced in their ability to prevent (and) mitigate this kind of attack,” explains Chand. “We see the need for business customers to really think about the integrated safety platforms.”
Extreme networks networking company Questioned 200 CIOs and computer decision -making markersAnd 88% pointed out a desire for a single integrated platform which includes AI, networking and security.
Increase cyber work
The shortage of challenge in cybersecurity is a continuous concern. The Gartner consulting firm predicts that more than half of the cyber-incidents will come from a Lack of talent and human failure by 2025.
In addition to filling roles, companies are also responsible for the prospect of strengthening their current cybersecurity talents. As threats evolve, largely due to AI, cybersecurity workers must be able to follow.
And AI is not the only area where cybersecurity teams will have to refine their skills. “I expect to see more and more attacks in this OT environment. So we are going to need more and more humans who focus on understanding and attenuation of these attacks in the business, ”explains Chand.
A ripe cyber-assurance industry
Insurance is a great consideration for business leaders who compete for the management of cybersecurity risks. S&P Global provides that Cyber-assurance rates will continue to increase And the terms and conditions of policies will tighten. The market study company provides that premiums will increase by 15% to 20%, reaching $ 23 billion by the end of 2026.
Irvine stresses that the cyber-assurance space is still growing. As he matures, he has the opportunity to influence cybersecurity practices. “The insurance sector will continue to mature and … demand good practices, which is good for their net profit, but also ultimately good for their customers,” she says.
Projectors on security managers
CISOs are increasingly considered as strategic business leaders. “The transition of the role is … out of the computer tower in the conference room to speak the language of risk, speak the business language and help be an engine of this business,” explains Rubin.
In The Deloitte’s the Global Future of Cyber SurveyAbout a third of respondents said that participation in the CISO in strategic conversations had increased in the past year.
Boards of directors and C can become more aware of the importance of cybersecurity, but there are problems of personal responsibility among CISOs. The report on the company 2024 of the company of the CISO of the Cybersecurity Company, Proofpoint, revealed that 66% of the world ciso are concerned about their Personal, financial and legal responsibility.
In recent years, there have been examples that fuel these concerns. Joseph Sullivan, the former Uber security directorreceived probation and a fine for its role in a 2016 data violation. The Security and Exchange Commission (SEC) filed a complaint against Solarwinds and its Ciso Timothy Brown during the 2019 cyberattacs which had an impact on the government American. A The judge rejected most accusationsBut it does not completely erase the possibility of personal responsibility for CISOs.
A new administration
While business leaders consider the prospects of 2025, The entrant Trump administration is definitely a factor. A change in federal leadership means potential changes to regulation. Trump is also likely to make changes to the CISA, and he expressed his intentions to repeal the executive decree of the Biden administration.
“I pay attention to this change in the American federal government,” said Irvine. “It really matters, and things could change quite spectacularly.”