• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home People Culture and Behaviour

Cybersecurity in 2025: Challenging, riskier and more costly

allantan by allantan
December 17, 2024
Cybersecurity in 2025: Challenging, riskier and more costly

Cybersecurity in 2025: Challenging, riskier and more costly

Share on FacebookShare on Twitter

At the 3rd annual FutureCISO conference held on 5 June 2024 in Singapore, 80% of the 115 security professionals who attended the event stated that data security was their primary focus for 2024, 11 percentage points ahead of cloud security. Security professionals recognise the challenges of protecting data that resides across multiple repositories, including on-premises data centres, the cloud, edge devices, and data in transit.

Source: 3rd Annual FutureCISO Conference Singapore 2024

Additionally, 53% cited visibility of what exists as their most pressing challenge while attempting to secure the edge. Technology has grown in complexity, reflecting the state of business and regulatory environments.

FutureCISO gathered insights from several security subject matter experts regarding the current landscape for CISOs and their organisations, as well as possible developments in 2025.

Identity theft

Brett Winterford

In a rapidly changing landscape, identity-based attacks are becoming more sophisticated, with phishing kits evolving to bypass security measures like impossible travel flags. Brett Winterford, regional chief security officer at Okta, emphasises the importance of adopting phishing-resistant authentication to combat these threats.

"Organisations must evolve their technologies and policies to defend against increasingly complex attacks," says Winterford.

As attackers pivot from phishing to device-based strategies, organisations face challenges in securing endpoints. Compromised devices can lead to identity theft, necessitating robust device trust and endpoint detection measures. Additionally, attackers may exploit weaknesses in business processes, tricking employees into divulging sensitive information.

The rise of downgrade attacks, where users are coerced into using less secure authentication methods, further complicates security efforts. Meanwhile, the emergence of generative AI poses new risks, such as deepfake scams targeting employees.

To mitigate these threats, businesses must educate their workforce, implement stringent verification processes, and foster a culture of vigilance. As identity-based attacks continue to evolve, proactive adaptation is essential for safeguarding sensitive data. Organisations are urged to commence their security evolution today.

Dark web

Coming into 2025, dark web forums reveal alarming trends in cybersecurity risks. A recent NordVPN analysis highlights significant discussions around advanced disinformation tactics, smart home vulnerabilities, and AI-driven social engineering.

Adrianus Warmenhoven

"Although last year's predictions remain relevant, the popularity of hacking courses and DIY cybercrime kits has increased noticeably," says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

Related:  Treat cybersecurity as a business decision

Key concerns include the rise of account takeovers, fuelled by "combo lists" of stolen credentials, and the exploitation of smart home devices, with over 9.1 billion security events reported globally. Identity theft remains a top priority for cybercriminals, evolving into sophisticated techniques like synthetic identity fraud and reverse identity theft.

Moreover, "disinformation as a service" is emerging as a major threat, with cybercriminals leveraging AI to spread misinformation through bot farms and fake accounts, targeting specific demographics for maximum impact. AI-driven social engineering is also becoming more complex, allowing hackers to manipulate employees into revealing sensitive information.

Organisations must bolster their defences against these evolving threats to protect sensitive data and maintain security integrity. The dark web's trends serve as a stark reminder of the challenges ahead.

The threat of an AI gap

Anthony Spiteri

In 2025, businesses are expected to increasingly engage AI middleware companies to streamline the adoption of secure and efficient AI solutions. Middleware facilitates seamless communication between systems, reducing the need for in-house expertise. "By leveraging third-party expertise, organisations reduce the risks associated with AI development," says Anthony Spiteri, regional CTO APJ at Veeam.

As AI adoption rises, so too will the complexity of data management, necessitating robust practices to protect critical datasets. Additionally, many organisations are anticipated to shift workloads back from public clouds to on-premises data centres, embracing a hybrid approach that offers greater control and efficiency.

The threat landscape is evolving, with AI-powered attacks like deepfakes and sophisticated phishing becoming more prevalent. To combat these risks, businesses will adopt proactive cybersecurity strategies and advanced identity validation methods. This shift emphasises the importance of data resilience at the executive level, as chief AI officers (CAIOs) take charge of ethical AI usage and data integrity.

As organisations prepare for the challenges ahead, comprehensive data recovery strategies will be essential, ensuring readiness against emerging threats and compliance with stricter regulations.

Related:  Data breach costs in ASEAN at all time high

Deepfakes

Stewart Garett

In 2025, deepfake technology is poised to become a significant cybersecurity challenge, enabling sophisticated social engineering attacks that exploit human vulnerabilities. "We anticipate a surge in insider threats, with deepfake-generated 'employees' infiltrating organisations to steal data or execute ransomware schemes," warns Stewart Garett, regional vice president at MongoDB.

To combat this evolving threat, AI will be essential. "AI-powered resilience frameworks will enable organisations to adapt dynamically to complex threats," Garett emphasises. As developers enhance detection capabilities, businesses will adopt advanced identity verification methods like behavioural analysis and contextual authentication, moving beyond traditional passwords.

Predictive AI will also play a crucial role in assessing both technical systems and human behaviours, allowing for rapid adaptation to emerging threats. The future of cybersecurity hinges on creating agile, AI-enhanced defences that tackle both technical and human vulnerabilities head-on.

The rocky road to AI

Security professionals FutureCFO have spoken see leveraging AI as an important strategy moving forward. Gartner predicts that by 2027, generative AI contribute to a 30% reduction in false positive rates for application security testing and threat detection by refining results from other techniques to categorise benign from malicious events.

However, despite the interests around its use, 64% of attendees to the FutureCFO conference cited a lack of understanding of AI and AI as a cyber tool. The complexity of AI technologies necessitates a deep understanding of both the tools and the specific security needs of the organisation, which can be hindered by skills shortages.

It doesn’t help that the rapid evolution of cyber threats requires ongoing adaptation of AI strategies, while concerns about data privacy and ethical considerations complicate compliance with regulations.

Given that AI as a security solution remains nascent, reliance on AI can lead to false positives, resulting in alert fatigue among security teams. To navigate these challenges successfully, CISOs must foster collaboration between IT and security teams and ensure that AI solutions align with overall business objectives, ultimately harnessing AI's potential to enhance their cybersecurity posture in an increasingly perilous digital landscape.

Tags: MongoDBNordVPNOktaPredictions 2025Veeam
allantan

allantan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl