Professionals working in the cybersecurity space are used to constant change. Managing risks as the businesses we work with evolve—along with the infrastructures that support them—is what we do in security, and 2024 was no different.

Reflecting on this past year, nearly everyone I’ve spoken to has a renewed focus on supply chain threats, following the well-publicized events of July. In response, new processes and safeguards have been implemented (or more stringently applied). I’ve also seen cybersecurity ecosystems make progress this year through platformization, as integrating best-of-breed capabilities across multi-vendor security stacks becomes more accessible to a broader range of enterprise organizations. Vendors are making greater efforts to deliver integration without requiring end-customer engineering resources, which is having a significant impact. Regarding distributed denial-of-service (DDoS) attacks, the frequency and complexity of hacktivist-led incidents continue to rise, affecting financial, government, and educational organizations globally. This has reinforced the need for layered availability defenses to protect critical infrastructure in 2025 and beyond.

None of the above areas are new, but levels of focus have shifted throughout the year. It’s hard to make predictions about what will be a priority this year, but there are some areas that I am seeing talked about more frequently that may be a guide. 1. THE NEED FOR MORE CONTEXT: UPSCALED PREVENTION AND DETECTION CAPABILITIES When it comes to defending against cyber incidents, most organizations now have layers of prevention and detection tools. On the detection side, platforms like endpoint detection and response (EDR), network detection and response (NDR) and extended detection and response (XDR) help identify suspicious activities within environments.

As security stacks generate ever more alerts, we have tools like security information and event management (SIEM) and security orchestration, automation and response (SOAR) platforms, which aim to collate, enrich and prioritize these alerts to avoid the age-old challenge of alert fatigue. However, talking to security teams today, I think we now have a subtly different variation of this problem in many organizations: investigation fatigue. Although AI allows us to collate and enrich alerts in more sophisticated ways, what I am hearing is that security teams still end up with a lack of readily accessible context to help people make decisions. Often the only information immediately available is the meta-data generated by the security platform that produced the original alert they are investigating, which then sets us off on an exercise to hunt down other sources of information to verify what is going on — this wastes time and effort and extends the process of addressing a threat. In 2025, expect organizations to increasingly explore ways to more broadly collect packets and packet-derived meta-data, integrating this visibility into their security processes. This additional context can significantly reduce the time between detection and response.

2. AI: THE RISE OF AI-GENERATED PHISHING, DDOS, AI HELPERS, AND THREAT INTELLIGENCE QUALITY AI will continue to play a growing role in cybersecurity in 2025, both as a tool for defenders and attackers. The sophistication of AI-generated phishing content remains a challenge — despite ongoing training, humans remain fallible. Similarly, in the DDoS space, AI is now being used to optimize attack vectors through automated reconnaissance. However, it’s not just bad news with AI. The nascent trend in providing natural language query interfaces and AI helpers within security tools is very promising. These tools can help less experienced team members operate more effectively, scaling the capabilities of security teams.

AI is also making a difference in the quality and timeliness of threat intelligence and advances will continue here. Access to actionable threat intelligence is essential given the complexity of threats today and the way in which technology and resources are shared and re-used by our adversaries. The right intelligence can be key to both quickly detecting and mitigating threats. 3. CHALLENGES WITH GEOPOLITICS AND NATION-STATE-AFFILIATED HACKTIVISTS Geopolitical tensions and nation-state-affiliated hacktivists will likely remain a significant concern in 2025. These actors often display greater persistence than financially motivated attackers and frequently target multiple organizations simultaneously, increasing the workload for managed security service providers (MSSPs).

This is yet another reason why threat intelligence and more intelligent automation in our security tools are of great importance. 4. AN INCREASE IN ENTERPRISE OT AND IOT THREATS 2025 may see a rise in threats targeting enterprise operational technology (OT) and Internet of Things (IoT) devices. I am certainly seeing a lot more discussions about IoT and OT security.