In the coming year expects social engineering, regulatory compliance, and the need to streamline security infrastructure management to lead to shifts in the sector
With every innovation that a legitimate developer creates, threat actors can and will weaponize. Despite advances in security technology, the threat environment will continue to be complex and challenging for enterprises in 2025. AI can be an important defensive tool, but it stands out as a dangerous instrument in hackers’ toolkits.
GlobalData’s latest report “2025 Enterprise Predictions: Digital Trust and Resiliency,” reveals that advances in AI will only fuel social engineering campaigns. Bad actors are evolving their social engineering tactics to exploit human vulnerabilities and carry out nefarious activities, including credential theft.
Amy Larsen DeCarlo, Principal Analyst, Enterprise Technology and Services at GlobalData: “We expect AI to be incorporated in more identity and access management offerings to help better define user and device privileges, restrict access, and track behavior. Providers will extend the use of AI in areas like penetration testing, vulnerability management, and endpoint security.
“Threat actors have everything to gain and little to lose, as prosecutions and convictions are relatively few and far between. Cybercriminals have long understood the biggest vulnerability in any enterprise is the human element.”
Advances in AI, automation, and analytics will help ease some of the conflict that exists between enforcing security controls and optimizing end-user experience. GlobalData expects vendors and MSSPs to do more work to remove the friction between the two and improve the process without compromising security.
On the security management front, enterprises have long struggled to collate security information from disparate sources in a cohesive way. While improvements have been incremental, there has been progress in resolving some of the security infrastructure issues that have hindered successful execution.
Larsen DeCarlo continues: “In 2025, the industry will see advances that will support more proactive and effective cybersecurity. APIs will play an even larger role in helping organizations correlate data from disparate sources. While challenges remain, enterprises continue to make real progress in implementing DevSecOps initiatives. These will go a long way toward better internal development efforts.”
GlobalData notes that with a new US administration and other shifts in power around the world, new agendas translate to regulatory changes. Hyperscalers responded to changes in data privacy requirements with more local facilities and personnel to meet data sovereignty laws.
Larsen DeCarlo concludes: “This investment continues into 2025. The expectation is that there will be more demand for localized data processing and storage and not less. Unfortunately, even with the development of better tools to support compliance needs, the business of meeting these rules will remain a steep challenge”.
