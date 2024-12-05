While industrial cybersecurity continued to make great strides in 2024, a great deal of work obviously remains. As the army of bad actors and state-sponsored hackers continue to evolve their tactics and become more complex in their operations, here are some of the leading tactics to anticipate when developing plans and allocating cybersecurity investments.

Ilia Sotnikov, Security Strategist at Netwrix

AI will enhance business operations, but security basics will remain crucial. In 2025, organizations will embrace AI-powered solutions across different business functions to increase productivity and speed decision-making. This new technology stack creates new attack surfaces and exposes organizations to previously unknown threats. To mitigate these new risks, security teams must adapt existing processes and controls, such as data access governance, privileged access management, and activity monitoring .

. Malicious actors will bombard organizations with highly effective spear phishing, business email compromise campaigns, deepfake voice and video calls, and other attacks, fueled by information taken from massive corporate data leaks and social media and analyzed and correlated using new technologies. To reduce risk, organizations should require identity verification of all individuals participating in financial transactions using strategies like tokens, authenticators or secret codewords. Compliance will become more complex. New cybersecurity regulations like the US National Cybersecurity Strategy, NIS2 , and the Cyber Solidarity Act will make third-party cyber risk management increasingly important, especially for organizations with an international footprint or supply chain. Instead of viewing compliance as a tick-the-boxes exercise, organizations should understand that it demands a solid security architecture that aligns business and security processes.

Tarun Desikan, VP of Product Strategy, SonicWall

Hype around improving security outcomes using Generative AI will d ie down. 2024 saw some great concept security demos using GenAI models by ChatGPT, Anthropic, Google, etc. We saw AI SOC agents, AI policy generators, AI security admins and more. If you were expecting to see these demos make production-ready security products, think again. In 2025, we expect the rubber to meet the road - while the focus will switch from making exciting demos to making AI work in real-world scenarios, operationalizing GenAI to consistently improve security outcomes will turn out to be a very challenging problem. Turning hype to production will take significantly more time and, in 2025, the industry will acknowledge that reality.

Dr. Darren Williams, Founder/CEO, BlackFog