Wednesday 2 April 2025 01:18 GMT

2025 IT Security Predictions from Cloudflare


(MENAFN- Procre8) By: Grant Bourzikas, CSO, Cloudflare

1. Vendor lock-in is a crutch that will lead to increasing breaches in 2025 – organizations must start their security transformation journeys. The deeply rooted foothold that vendors have in organizations’ environments has become one of the main drivers of complexity. The bottom line is that complexity creates chaos, and chaos distracts from the real priorities when it comes to securing an organization. Being held hostage by a vendor, to a point where moving off of them seems impossible, is the moment they begin to help shift the balance of power back in favour of threat actors. The hyper-focus on “digital transformation” over the past few years – implementing a myriad of new tools and vendors across the organization to rapidly innovate – has left security in the dark. In 2025, we will feel the full weight of having fallen victim to the cycle: shiny new tools, Wall Street's buy-in, rush to implement, repeat. We must now shift focus to “security transformation,” and begin to remove the tools and vendors that are causing complexity vs. furthering innovation.
2. In 2025, disinformation will transcend the Internet and social media, and move to poison and taint AI models. Information sharing exists at an order of magnitude faster, and more efficient than ever before. And in the world of AI, data is the only currency and organizations that have the most will win – but quantity doesn’t always equal quality. AI on its own will not solve the world’s most critical problems. The successful implementation and use of AI depends on data. But as disinformation continues to plague society, it will begin to trickle into AI models that are critical to making decisions – e.g., calculating goods needed to restock grocery store shelves, diagnosing sick patients or analyzing market trends to share financial risks with bankers.
3. Broad brush cyber regulations legislated with good intent will have a reverse effect in 2025 – creating complexity and having no real impact on stopping attacks. In the past few years we have witnessed a cadence of record shattering, significant breaches that have drawn the eye of regulators. But while their attempts to raise the security resiliency of organizations are aimed to be helpful, they are often knee jerk reactions that require unrealistic efforts. This is a complete misstep, with much of today’s regulatory efforts ineffective and not focused on the most critical aspects of security controls. Regulators still fail to recognize what will make the biggest difference in moving the needle towards immutable infrastructure.
4. In 5-10 years there will only be two types of companies: Those that leveraged AI to innovate, and those that no longer exist. With this harsh reality, CISOs must figure out how to be an enabler of AI, not a blocker. But with AI still in its infancy, very few have a strong understanding of the technology or the risks it may present… leading to extremely low levels of confidence that their organization is well-prepared. The lack of understanding around AI, is ultimately giving threat actors a leg up.


MENAFN07012025003749002651ID1109062981


Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.

Search