MAX VETTER , VP OF CYBER AT IMMERSIVE LABS
GenAI will reduce ( and drive up ) cyberrisks – organisations need to be ready
We now have a clearer picture of how threat actors are utilising or could potentially leverage AI . At the same time , DevSecOps teams ’ adoption of AI tools to automate and speed up vulnerability detection will help prevent exploitable code . I expect that with greater adoption of AI will come increased cyberthreats , and security teams need to remain nimble , confident and knowledgeable . In fact , AI upskilling is already required for many teams . Heading into the new year , security teams must continue to prioritise learning and analysing how attackers use and manipulate the technology so that they can better prepare for when attackers inevitably strike .
The cyber skills gap will expand to more senior roles
The cybersecurity workforce shortage reached a new high of approximately 4.8 million this past year . Not only is there a need for more junior-level talent , but we are also seeing more and more senior leaders depart organisations , leaving vacant hard-to-fill spots in the workforce . Skills-first hiring can make a difference , but addressing the talent shortage will require a co-ordinated global effort across both public and private sectors . Additionally , companies are likely to focus more on upskilling their current teams and individuals to bridge skills gaps .
Savvy leaders will increasingly ditch ineffective legacy cyber training
With analysts in agreement that traditional cyber awareness training is ineffective , I expect to see more leaders move away from costly , mindnumbing legacy training programs . Instead , there will be a need and desire for more effective handson exercising and drills that gives their workforce practice and builds confidence in their cyberskills .
KEV BREEN , SENIOR DIRECTOR OF THREAT RESEARCH AT IMMERSIVE LABS
Securing operational technology will be non-negotiable
I don ’ t expect to necessarily see an evolution of threats , but rather an emphasis on effectively mitigating the already existing threats . There is typically more focus on physical security or operational efficiency , so many industrial employees lack the knowledge , skills and judgment needed to recognise phishing attempts or suspicious behavior , increasing the risk of threats , both intentional and unintentional . This is why education will be the key to preparing for cyberthreats .
Beyond the ‘ AI hype train ’, it ’ s the more overlooked threats that will unleash the most devastating impacts
We continue to see organisations suffering from massive ransomware and supply chain attacks year after year – and 2025 will be no different .
We now have a clearer picture of how threat actors are utilising or could potentially leverage AI .
WWW . INTELLIGENTCISO . COM 49