Seven Trends to Watch for in 2025

January 13, 2025

As we come into the new year, changes in technology and policy will affect how cybersecurity is handled. Security professionals and end users alike need to be aware of these coming changes, because they will affect how we use our devices on a daily basis. Here are seven such changes that are likely to affect everyone in 2025:

Security and Business Coming Closer Together

By now it has been made abundantly clear that security is not a side issue that can be fobbed off onto a separate team and left alone. Security issues can affect every facet of how a business is run, particularly when incidents occur. Boardrooms have become more aware of their role in cybersecurity policy, and in 2025, we can expect that thinking to trickle down to lower levels of the organization. Every member needs to think about their role in the security posture of their organization, and what they need to do in order to avoid weakening it.

Multi-Factor Authentication (MFA) Commitment

Several major service providers either intend to or already have mandated MFA on their services, and it is hoped that smaller businesses and organizations will follow suit. MFA is one of the cornerstones of effective security, and cybersecurity teams across all business sectors need to make the establishment of mandatory MFA policies one of their top orders of business in 2025. A lack of MFA is one of the most common vulnerability points that allows a threat actor to get at an organization.

Non-Human Identity

Identity access management (IAM) is another pillar of cybersecurity, but it is an area that has been left relatively untouched in the region of machine communication. Non-Human Identities (NHI) are an important part of machine-to-machine communication, which is an important part of many basic processes such as containers, cloud integrations, and microservices. One of the important issues likely to be tackled in 2025 is the establishment of NHI access management in a way that can cope with this growing attack surface.

Non-Functional Requirements

The secure-by-design movement has made great strides in bringing security to the forefront of developers’ minds, making security and performance non-functional requirements in DevOps. It is hoped that as silos start to erode, this process will continue and that in 2025, organizations of all types will show more commitment to both security and performance in the development process, rather than as afterthoughts.

Application Security

All the in-house security in the world means little if the applications an enterprise uses aren’t secure. Software applications represent the last mile of security, and vulnerabilities in these applications cause many common threat incidents such as cross-site scripting and SQL injection. With the notable failures caused by applications such as Crowdstrike, it is hoped that in 2025 software supply chains will become an important point of discussion in boardrooms and IT departments.

True Mapping of the Attack Surface

One of the important elements of developing technology is the addition of new and more varied endpoints to an organization’s network map. As new technologies are added, legacy technologies tend to hold on, meaning that the device portfolio becomes more complex over time, requiring an ever-growing set of policies. In 2025, there promise to be new technology developments that can more easily map attack surfaces and correlate threats accordingly.

Data

As always, data management is the most important issue of all, both in terms of how it is stored and how it is used. Apart from securing data, the problem of using data to provide actionable security insights is one of the main areas of improvement that security teams can look at. Surveys have indicated that in 2024, the majority of global organizations only made limited use of data for reporting, metrics, and analytics. As other divisions dissolve, the hope is that data silos will also dissolve in 2025, and that in this coming year, security teams can make use of all the data at their disposal to determine the most effective policy.

More from Blackwired

January 6, 2025

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Doubleclickjacking tricks users into granting permissions via a stealthy UI change, posing security risks. Browser standards must evolve.

Read more
December 30, 2024

Using CAPTCHA for Compromise: Hackers Flip the Script

Fake CAPTCHA pages can trick users into phishing or running malicious scripts, exploited by groups like APT28 to compromise systems.

Read more
December 23, 2024

INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims

INTERPOL urges using "romance baiting" instead of "Pig Butchering" to reduce victim shame and encourage reporting online scams.

Read more

© 2024 Blackwired. All Rights Reserved.