This January, a new year brings with it both new and recurring cybersecurity issues. Your top priorities for 2025 should be these important tasks.
CISOs must confront the harsh fact that the fight against cyberattackers never ends as 2025 approaches. The greatest strategy to keep ahead of attackers and stop them from obtaining the upper hand is to implement robust and well-thought-out cybersecurity programs.
According to Greg Sullivan, founding partner of cybersecurity consulting company CIOSO Global, “urgency is the mantra for 2025.” “The reality of when you will be breached is more important than whether you will be breached.” Sullivan thinks risk reduction is essential as a result. “Ongoing security posture improvement and goal setting are the only ways to achieve this.”
This is a list of cybersecurity initiatives that every CISO ought to think about starting in 2025.
- Protect data that is exposed to outside AI technologies.
Many business processes are changing as a result of third-party AI solutions. However, Dan Glass, CISO of NTT DATA North America, cautions that without strong data security, businesses run the danger of leaving their most precious assets vulnerable to breaches and noncompliance. Proactive data governance and security integration, he claims, will distinguish between competitive benefit and catastrophic danger as AI usage increases.
Glass suggests that IT executives evaluate the ways in which third-party AI products access and use business data. “Then, to secure these workflows, give priority to investments in encryption, access controls, and monitoring.”
- Safe AI implementations and associated information
AI has completely changed whole sectors in the last year. According to Archana Ramamoorthy, senior director for regulated and trusted cloud at Google Cloud, safeguarding AI systems and the data they process must be a major concern for businesses to succeed in 2025.
“The growing reliance on AI and the desire for secure collaboration reinforces the critical need to protect data in use, while traditional security measures focus on data at rest and in transit,” she says. “Organizations can protect their most sensitive data and increase confidence in AI models in general by giving secure AI initiatives top priority.”
Strong security measures are increasingly more important as businesses transition to agentic AI, which enables AI systems to assist individuals in completing complicated activities that call for preparation, investigation, content creation, and action. Businesses run the danger of serious security problems in addition to operational failures in the absence of safe AI and reliable data.
Security teams should first learn how AI is utilized in their company and the data and models that drive their operations in order to safeguard AI workloads. Ramamoorthy suggests, “Next, put together a cross-functional team to evaluate risks and create a thorough security plan.” “A strong security foundation can be enabled and AI models will be secure by default when they are implemented by adhering to best practices and implementing a secure AI framework.”
- Implement risk management for third parties.
According to Ben Saine, senior consultant at technology research and consultancy firm ISG, third-party risk management (TPRM) is now a top cybersecurity strategy. When tasks are outsourced to outside vendors or service providers, TPRM detects, evaluates, and reduces the risks. He claims that it is difficult to exaggerate the usefulness of TPRM. “Putting TPRM first will be crucial to safeguarding your business from the numerous risks posed by external partners and vendors.”
According to Saine, your company will have a stronger security posture with fewer vulnerabilities and proactive control over external threats if the TPRM project is successful. With the support of real-time monitoring and the capacity to react promptly to emerging risks, TPRM can also guarantee adherence to relevant regulations, lowering the possibility of penalties and legal issues. According to him, “the credibility and dependability of your enterprise project to clients and partners will also be enhanced by compliance.”
According to Saine, a robust TPRM program ensures that your business can withstand disruptions caused by external circumstances. “This resilience is essential for preserving enterprise continuity and reducing downtime.”
- Establish robust cloud governance and asset visibility.
According to Jim Broome, CTO of cybersecurity services company DirectDefense, obtaining thorough asset awareness and efficient cloud governance has been a major difficulty for CISOs for the past few years.
“Many organizations still struggle to ensure that their resources are properly managed and protected, as well as to know where all of their assets and data are located,” he says. “A strong cloud security posture, inventory control, and asset discovery should be the main priorities going forward.”
Broome cautions, “You cannot protect what you cannot identify.” Whether your data is stored on-site, in the cloud, or on several platforms, you are ultimately responsible for its security and adherence to regulations. Maintaining compliance, reducing risk, and protecting your company’s brand all depend on having clear, ongoing insight over your enterprise’s digital footprint.
Broome suggests breaking down achievement into manageable, gradual phases that correspond to the maturity level of the company. He advises starting with a minimum of 70% asset data visibility and management. “Continue to expand that coverage as you improve operational efficiencies, strengthen controls, and streamline your discovery processes.”
Establishing a cycle of continuous improvement that results in thorough monitoring, lower risk, and a more robust security posture should be the ultimate objective.
- Boost adherence to a single risk management plan.
According to Michael Fanning, CISO of Splunk, a company that specializes in operational intelligence software, CISOs will be crucial in implementing compliance policies since they stand to lose the most if they are fined for noncompliance. “They might adopt a naturally conservative stance in this regard, like restricting the location of company data storage.” However, he cautions that CISOs shouldn’t attempt to manage this initiative alone. “To sponsor policy and programmatic approaches and set the organization’s priorities, CISOs and CIOs require the assistance of general counsels.”
In addition to working together on policy and creating a cohesive risk management plan, Fanning anticipates that CISOs, CIOs, and general counsels would establish cross-functional task teams to keep an eye on legislative changes, evaluate their effects, and carry out any required adjustments throughout an organization. “To stay compliant with where certain data can reside, they will also need to work closely on investment strategies, infrastructure decisions, and vendor selection,” he says. “These fruitful collaborations will make use of common dashboards and reporting capabilities, enabling everyone to stay informed about compliance and react promptly to emerging governance concerns.”
- Create a basis for integrated cyber-storage.
Create a sophisticated cyber-storage platform that incorporates active security features, including honeypots intended to identify and divert attackers, rather than seeing storage as a passive repository, advises Aron Brand, CTO of network security company CTERA.
Additionally, Brand recommends the use of immutability to prevent backups from being altered, AI-based anomaly detection to spot risks early, and active disaster recovery to guarantee quick restoration. According to him, “reimagining storage in this way strengthens resilience against increasingly sophisticated threats, reduces gaps, and simplifies operations.” “Investing in cyber-storage guarantees that data systems can effectively recover from attacks and defend themselves, which goes beyond simply lowering risk.”
According to Brand, cyber-storage provides a data-centric, integrated, self-defense system that is well matched with the requirements of today’s security threats. “It’s an essential component of our plans.”
- Adhere to trust-by-design principles
Organizations should give trust-by-design principles top priority in 2025, especially when developing AI-powered systems, according to Vikram Kunchala, the US cyber solutions and platforms leader at Deloitte. By facilitating the proactive integration of security into all stages of development, trust by design reduces the risk of security breaches and safeguards important data and assets.
According to Kunchala, trust by design guarantees that security is incorporated early in the development process rather than as an afterthought. Trust by design enhances trust, resilience, and ethical integrity in AI solutions by foreseeing dangers and protecting data. “This method helps AI systems better withstand changing risks and maintain compliance with regulatory standards, in addition to protecting sensitive information.”
Security professionals should get support from important executives and stakeholders while coordinating their aims with the overarching business goals when applying trust-by-design concepts to AI-powered systems. Prioritizing repair and controls while identifying vulnerabilities may also be achieved by carrying out in-depth evaluations of the development processes. “Involving both security and development teams from initial design to deployment and maintenance is one of the most crucial phases in a trust-by-design approach,” continues Kunchala.
This John Edwards post is excellent, and all CISOs may use it to steer their company and organization in the proper direction against security threats in 2025.
Discover more from TechBooky
Subscribe to get the latest posts sent to your email.