I’ve never been a big fan of annual cybersecurity predictions, but this is the first year that I’ve thought about why that is the case.
It seems that the cybersecurity world operates in cycles that don’t neatly map to calendar years, and it seems ungainly to rewrite the narrative simply because January is already here.
Nevertheless… once more unto the breach!
The Continued Dominance of Artificial Intelligence
Artificial intelligence (AI) has been a hot topic in the technology sector for years; however, since the introduction of Generative AI, it has become table stakes for majority of tech organizations.
That’s why I believe that AI will continue to dominate the cybersecurity space. Specifically, there are four subsets to be aware of in 2025:
-
The use of AI tools and tactics will increase for both attackers and defenders. Bleeding-edge attackers’ tools will outperform those of defenders, much to the chagrin of the latter. Therefore, we should anticipate that malware specifically written to avoid detection by the “Top 3” EDR agents will rocket to prominence. Of course, some Security Operation Centers (SOCs) like eSentire are already using GenAI to accelerate investigations and quickly determine whether code is related to malicious activity.
-
Agentic AI tooling will be a hot topic within SOCs. While there won’t be a fully autonomous SOC ready for prime time in 2025, Governance platforms will be significantly strengthened by using Agentic AI.
-
Companies will struggle with defending against “embedded” or “stealthy” AI within their environments. One specific example is Apple Intelligence. The option to “opt-out” will become increasingly difficult to find.
-
The spectre of AI compliance regulations will loom large to entities with domicile/offices outside of the US.
The Importance of Identity and Zero Trust
We have long known in the industry that people are the weakest link in any organization – either knowingly or unknowingly. In the upcoming report from our Threat Response Unit (TRU), The 2024 Year in Review & 2025 Threat Landscape Outlook, the use of valid credentials dominated as an initial access vector used by threat actors in 2024, accounting for 43.5% customer incidents. This is why I think identity (i.e., the head of the snake) will increasingly continue to receive heightened focus.
Companies will continue to struggle with tracking low-level permissions across both cloud and on-premises environments, especially when dealing with issues of extending transitive trust.
So, it’s likely that methodologies usually ascribed to Zero Trust access will become more embedded and invisible (even if practitioners choose not to use the term “Zero Trust”).
As well, tracking of third-party (e.g. SaaS) credentials and identity will play a significantly larger role when defending corporate entities.
Quantum Relevance
Google’s recent breakthrough with the Willow chip provides an inflection point: an acceleration of sorts into the future of quantum computing.
Cybersecurity professionals who have not spent much time considering the aspects of “Harvest Now, Decrypt Later” will be forced to get up-to-date on quantum-safe ciphersuites (Post-Quantum Cryptography).
Increasing Reliance on Security Providers
Companies, especially those in the small-medium business (SMB) sector, that previously had not considered outsourcing their cybersecurity operations will shed their reluctance to rely on third-parties (e.g. MDR providers) to bolster their resilience. In our 2024 SMB Ransomware Readiness Report, our TRU team found that the majority of ransomware victims were companies earning between $1 million and $25 million USD in annual revenue.
Even larger companies, including enterprises, that may have previously hosted their own SOCs will rely more heavily on external resources to augment their in-house staff.
More of the Same
Despite increased cybersecurity tooling, expect that the most common cybersecurity attack vectors (e.g., internal/rogue employee attacks, polymorphic ransomware, reused credentials, more successful attacks despite MFA implementation, zero-days) will continue to the background hum of attacks.
As we move forward into an exciting and challenging new year, I believe that these pillars of cybersecurity will become more prominent and important in defense.
To learn how eSentire MDR can help your organization build resilience and minimize business disruption, contact an eSentire Security Specialist now.
