Cloudflare, a leading connectivity cloud company recently published an Op-Ed by Grant Bourzikas, CSO, tackling IT security predictions for 2025.
Vendor lock-in will lead to increasing breaches in 2025
Organizations must start their security transformation journeys. The deeply rooted foothold that vendors have in organizations’ environments has become one of the main drivers of complexity. The bottom line is that complexity creates chaos, and chaos distracts from the real priorities when it comes to securing an organization. Being held hostage by a vendor, to a point where moving off of them seems impossible, is the moment they begin to help shift the balance of power back in favor of threat actors. The hyper-focus on “digital transformation” over the past few years – implementing a myriad of new tools and vendors across the organization to rapidly innovate – has left security in the dark. In 2025, we will feel the full weight of having fallen victim to the cycle: shiny new tools, Wall Street’s buy-in, rush to implement, repeat. We must now shift focus to “security transformation,” and begin to remove the tools and vendors that are causing complexity vs. furthering innovation.
Disinformation will transcend the Internet and social media
Information sharing exists at an order of magnitude faster, and more efficient than ever before. And in the world of AI, data is the only currency and organizations that have the most will win – but quantity doesn’t always equal quality. AI on its own will not solve the world’s most critical problems. The successful implementation and use of AI depends on data. But as disinformation continues to plague society, it will begin to trickle into AI models that are critical to making decisions – for example calculating goods needed to restock grocery store shelves, diagnosing sick patients or analyzing market trends to share financial risks with bankers.
Grant Bourzikas, Cloudflare Chief Security Officer
Cyber regulations to have a reverse effect in 2025
Creating complexity and having no real impact on stopping attacks. In the past few years we have witnessed a cadence of record-shattering, significant breaches that have drawn the eye of regulators. But while their attempts to raise the security resiliency of organizations are aimed to be helpful, they are often knee jerk reactions that require unrealistic efforts. This is a complete misstep, with much of today’s regulatory efforts ineffective and not focused on the most critical aspects of security controls. Regulators still fail to recognize what will make the biggest difference in moving the needle towards immutable infrastructure.
Leverage AI or seize to exist
In 5-10 years there will only be two types of companies: Those that leveraged AI to innovate, and those that no longer exist. With this harsh reality, CISOs must figure out how to be an enabler of AI, not a blocker. But with AI still in its infancy, very few have a strong understanding of the technology or the risks it may present… leading to extremely low levels of confidence that their organization is well-prepared. The lack of understanding around AI, is ultimately giving threat actors a leg up.