Cybersecurity Predictions 2025 – Part 1: Are You Ready For What’s Next?

January brings renewed focus on navigating the year ahead. Which of the latest cybersecurity technology solutions and services make sense for your organization? What will have the greatest impact in 2025? 

To help prepare and protect your business, Sayers senior cybersecurity engineers predict what’s coming next. In part one of this two-part series, their insights cover security for your applications, data, infrastructure, and cloud.

1. AI’s Impact Will Exponentially Increase The Need For Data And Application Security.

Whether using machine learning or deep learning, artificial intelligence requires large amounts of data. Securing that data will be a big focus in 2025.

Chris Willis, VP of Cybersecurity Engineering at Sayers, says:

“The backend of AI is data. With AI, companies can get value from the dark data they haven’t been using, whether to help drive revenue or improve customer and employee experience. Data security goes hand in hand with AI security to protect your data as intellectual property.”

If you’re already a Microsoft 365 customer, an easy way to use AI to leverage your data is to enable Copilot, Microsoft’s AI-powered productivity tool. Copilot connects large language models to your organizational data. To avoid oversharing, review the data, privacy, and security considerations. 

Your organization will need a strong security plan and architecture in place to secure various iterations of artificial intelligence such as Generative AI. Gerry Wollam, Senior Cybersecurity Solutions Architect at Sayers, says: 

“AI will have a snowball effect on data security plans. Businesses that didn’t have a good data security plan before are now in an exponentially worse place.”

Software application development in particular will require increased security because of AI-generated vulnerabilities. According to Gartner:

“By 2026, 40% of developers using AI code assistants will unknowingly allow vulnerable code into the organizations’ software products.​”

In an amplification of garbage in, garbage out, the increased use of AI to generate more code can result in more vulnerable code being generated. Regulations will likely include more software supply chain requirements to mitigate cybersecurity risks, but aren’t guaranteed. 

2. Infrastructure Security: The Gap Will Widen Between Modern Security Practices And Current Security Measures In Many Organizations.

Infrastructure security aims to prevent bad actors from illegally accessing your organization’s assets including data, intellectual property, and further causing disruptive and costly ransomware incidents. Now digital assets such as Bitcoin and other cryptocurrencies have become targets. Cybercriminals will look to exploit infrastructure weaknesses to achieve their end goals.

Wollam says:

“Old regulations, ancient infrastructure, and ‘the way things used to be done’ have created the biggest hole in infrastructure security. There is a huge gap between modern or optimized security practices and what organizations actually have. That gap is widening.”

Some organizations are shifting their investments from network firewalls to other infrastructure security solutions such as Network Detection and Response (NDR), Zero Trust Network Access (ZTNA), virtual firewalls, and Firewall as a Service (FWaaS). 

The growth of cyber-physical systems (CPS) and operational technology (OT) will increase the attack surface for companies across various industries including healthcare and manufacturing. Such organizations require ways to secure non-traditional IT devices such as medical, industrial, or other critical infrastructure systems on networks.

As science fiction continues to become science fact, modern security practices must keep pace with the growing number of companies competing to usher in a space renaissance. Competition among private businesses, not just among governments, to succeed in space will bring an even broader (and extraterrestrial) scope for infrastructure security.

3. Cloud Security: AI And Consolidation Will Shape Organizations’ Cloud Journey

Companies continue to shift their IT investments beyond on-premise data centers to cloud resources. Gartner predicts:

More than 50% of enterprises will use industry cloud platforms by 2028 to accelerate their business initiatives. In 2028, most organizations will be leveraging cloud as a business necessity.

This trend emphasizes the need for cloud-specific security tools. In 2025, cloud security will see additional consolidation and AI integration, focusing on greater effectiveness through automation and prioritizing vulnerabilities. 

Consolidation among cloud security vendors has resulted in a handful of vendors focused mainly on core cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Cloud Native Application Protection Platform (CNAPP) functionality. 

Ken Wisniewski, Senior Security Architect at Sayers, says:

“CNAPP has underlying CSPM and CWPP technology critical for securing cloud environments. That type of consolidation and simplification will continue. Expect a much bigger uptake of those consolidated platforms in 2025.”

Cloud security technologies increasingly use AI and machine learning to enhance their capabilities. However, when you plug a CSPM tool into a cloud environment, you’re inundated with misconfigurations and vulnerabilities of varying severity. Where do you act first?

Jason Marocchi, Cybersecurity Engineer at Sayers, says:

“There was a point where we wanted to gather as much information as possible, and we’ve accomplished that with most of the cloud security tooling available today. The push for 2025 will be to start prioritizing this data using AI for actionable results.”

Additionally, more organizations will use AI to create Infrastructure as Code (IaC) to build and automate their cloud environments. Cloud security platforms will need to address the associated security vulnerabilities and risks of AI-generated clouds. 

Questions? Contact us at Sayers today to discover extensive technology solutions, services, and expertise to cover all areas of your business.