By Byron V Acohido
Continuing our look back at 2024, part two of Last Watchdog’s year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics.
Part two of a four-part series
The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying. Gen AI threats and quantum computing exposures must be accounted for. Meanwhile, while business logic hacks, supply chain holes, and cyber extortion continue to loom large.
Defenders must evolve – more rapidly that ever — to meet these growing challenges. Today’s insights offer a close look at how the most agile organizations are tackling these threats head-on.
Williams
Brandon Williams, CTO, Conversant Group
Predictions for 2025 point to attack speeds increasing by up to 100X, necessitating faster detection and response times. Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. IT teams need greater trust to act decisively, such as disconnecting systems during threats. Raising security baselines across industries is essential, with risk mitigation—not acceptance—becoming the standard.
Salzman
Shirley Slazman, CEO, SeeMetrics
In 2025, organizations will recognize that adding more tools doesn’t equate to better security. Similarly, relying on compliance checkboxes for static reassurance will no longer suffice. True visibility requires the ability to blend data from multiple tools. By correlating this data with programs, certifications and threats, businesses can manage their defenses with full context. This empowers them to proactively prioritize what matters most.
Williams
Dr. Darren Williams, CEO, BlackFog
Lesser-known ransomware groups like Hunters International will grow rapidly, leveraging AI for more efficient attacks, while “gang-hopping” by cybercriminals complicates attribution and containment. Deepfake scams will escalate, with threat actors using AI to create convincing impersonations of executives, risking personal and corporate brands. Meanwhile, ransomware attacks on healthcare providers will persist, targeting outdated systems and jeopardizing patient care, emphasizing the need for stronger defenses to protect critical services.
Alkove
Jim Alkove, CEO, Oleria
Identity is cybersecurity’s biggest challenge. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Attackers aren’t hacking in — they’re logging in. Legacy IAM systems can’t keep up as AI-powered phishing and deepfakes grow more sophisticated. Organizations must adopt adaptive, automated identity security and fine-grained access controls, like the solutions Oleria is developing, to stay protected.
Sundaresan
Bindu Sundaresan, Cybersecurity Director, LevelBlue
In 2025, cybercriminals will exploit supply chain vulnerabilities, ransomware, IoT botnets, and AI-driven phishing. Ransomware targeting critical services highlights the need for secure software lifecycles and vendor verification. Rising IoT use demands standards to prevent device weaponization, while AI-enabled phishing challenges defenses. Organizations must fortify supply chains, adopt IoT standards, and leverage AI to stay ahead in this evolving threat landscape.
Geenens
Pascal Geenens, Director of Threat Intelligence, Radware
In 2025, AI-driven exploitation will challenge cybersecurity teams with shrinking windows between vulnerability disclosure and attack. Automated one-day exploits will demand real-time responses, rendering traditional patching cycles inadequate. Success will require adaptive, AI-driven defenses and a proactive, strategic mindset. Agility and innovation will define the defenders who can stay ahead in this escalating battle.
Halder
Ayan Halder, Principal Product Manager, Traceable AI
The Bot Protection industry has traditionally focused on browser automation attacks using client-side signals. However, the rise of APIs and Crime-as-a-Service tools enables attackers to bypass traditional methods and target APIs directly. By 2025, traditional bot detection and advanced API analytics will converge, expanding API security to include robust bot detection and safeguards against business logic abuse, reshaping API runtime protection strategies.
Kornfeld
Bruce Kornfeld, Chief Product Officer, StorMagic
As edge infrastructure expands, the associated attack surface will also grow, necessitating heightened security measures. By 2025, CIOs must adopt comprehensive security frameworks that address vulnerabilities at the edge without compromising overall IT integrity.
Kazerounian
Sohrob Kazerounian, Distinguished AI Researcher, Vectra AI
In 2025, a flood of vulnerabilities will result from apps built on large language models (LLMs.) LLMs grant access to private data and take actions on behalf of users. Compromised LLM-based applications could expose large amounts of personal information, disrupt essential services, or lead to manipulations of decision-making processes. Security teams will need to address the unique risks posed using LLMs in mission critical environments.
Hurd
Wayne Hurd, VP of Sales, Luminys
Video Surveillance as a Service (VSaaS) advancements will provide more accurate threat detection that allows security teams to focus on real risks, minimizing false alarms. VSaaS can support regulatory compliance across the supply chain, helping to build trust among stakeholders. VSaaS reduces hardware requirements and energy consumption, supporting organizations’ environmental goals while meeting customer expectations.
Jones
Neil Jones, Director of Cybersecurity Evangelism, Egnyte
If there’s any cybersecurity topic you need to familiarize yourself with in 2025, it’s wiper technology, which could potentially be leveraged by malicious insiders and even business competitors who want to gain an illicit market advantage. Effective Business Continuity & Data Recovery (BCDR) procedures can help. This includes taking snapshot snapshots of your data environment on a regular basis. And immediate detection of suspicious log-ins can discourage such attacks.
MacMillan
William MacMillan, Chief Product Officer, Andesite
In 2025, we’ll see AI platforms analyze massive amounts of threat intel in seconds. That’s the easy part. The hard part? We’ll see CISOs increasingly demand answers about why models flag certain malicious activity and how that activity is impactful at enterprise scale. To this end, we’ll see greater investment in AI that is transparent and explainable, because machine-speed decisions will need human-level trust and outputs.
Jones
Craig Jones, Vice President of Security Operation, Ontinue
The debate around AI-driven attacks often obscures the reality that many rely on established tactics executed with greater speed and efficiency. Attackers use machine learning for tasks like phishing, but polished tiattacks—manual or automated—are often indistinguishable. Organisations should focus on evolving tactics, not the tools, by investing in behavioural detection, identity controls, and monitoring to counter threats effectively, regardless of AI’s involvement.
Chearis
Karsten Chearis, US Security Sales Engineer – Team Lead, XM Cyber
Resiliency involves four stages, while compromise has three phases: about to be compromised, compromised, and recovering. Assuming breaches are inevitable, security leaders must map critical business assets and ensure their resilience. To avoid tool fatigue, organizations need integrated platform solutions. Leveraging frameworks like CTEM can enhance EDR, SIEM, and attack path mapping, driving faster solutions, reducing costs, and demonstrating ROI—empowering CISOs to defend and communicate effectively.
Carignan
Nicole Carignan, Vice President of Strategic Cyber AI, Darktrace
If 2023 was the year of generative AI and 2024 the year of AI agents, 2025 will spotlight multi-agent systems, or “agent swarms.” These systems promise innovation but also introduce risks. Vulnerabilities like data poisoning and prompt injection could have far-reaching impacts due to interconnected agents. As multi-agent systems handle sensitive tasks, robust security and data guardrails are essential to prevent exploitation and ensure trust.
Dunham
Ken Dunham, Cyber Threat Director, Qualys Threat Research Unit
Nation-state attacks and cloud compromises with long dwell times are rising as security lags behind post-Covid digital transformation. Complex DevSecOps, APIs, and cloud integrations will become leading attack vectors, while insider threats and accidental disclosures drive data leakage risks. With adversaries destroying backups to increase extortion payouts, recovery will grow harder and slower, emphasizing the need for stronger security controls and architecture.
Andrew Harding, Vice President, Security Strategy, Menlo Security
AI-driven attacks and browser vulnerabilities, such as recent exploits in Chrome, Edge, and Safari, underscore the need for robust security measures. State-sponsored groups are deploying evasive tactics that bypass traditional defenses. Prioritizing AI-driven browser security mitigates advanced threats, reduces insider risks, and strengthens user protection. A layered approach with zero-trust access, AI defenses, and visibility into user activity can safeguard sensitive data and counter evolving cybercriminal tactics.
Fisher
James Fisher, Director of Security Operations, Secure Cyber
Accelerated automation is crucial as AI-driven attacks shorten timelines, requiring security tools to automate responses and enhance resilience. Global political volatility has heightened the focus on supply chain resilience, prompting organizations to scrutinize providers and refresh disaster plans with seamless backup strategies. Meanwhile, identity-based attacks are rising, pushing teams to address weak credentials and adopt solutions like Single Sign-On with hardware tokens for stronger, user-friendly security.
Knapp
Eric Knapp, CTO of OT, Opswat
The shift to cloud for ICS/OT systems is accelerating, with 26% of organizations adopting cloud solutions, up 15%. While cloud offers flexibility, it introduces new cyber risks. Robust perimeter controls, data diodes for secure data flow, and OT-specific remote access pathways are essential. In 2025, the focus will likely shift toward balanced, layered security investments to improve visibility and resilience against evolving threats.
Gerchow
George Gerchow, faculty, IANS Research; Interim CISO, MongoDB
Nation-state actors are using AI-generated identities to infiltrate companies, bypassing traditional hiring checks with stolen credentials and fake profiles. The FBI reports over 300 companies unknowingly hired imposters who siphoned sensitive data. Meanwhile, AI empowers novice hackers to execute sophisticated attacks, demanding AI-enhanced defenses. Additionally, rising supply chain attacks will push cloud providers to mandate MFA, urging tighter collaboration to address escalating security threats.
DeSimone
John DeSimone, CEO at Nightwing
In 2025, AI will enhance both cybersecurity defenses and adversaries’ attacks, enabling advanced malware, deepfakes, and misinformation. While streamlining threat response, AI’s rapid integration raises ethical concerns, especially in national security. Transparent, traceable, and accountable AI practices are crucial to mitigate biases and align actions with ethical standards. As international guidelines emerge, organizations must prioritize ethical AI use to balance innovation with responsibility.
Barde
Sumedh Barde, Chief Product Officer, Simbian
Organizations face a growing cyber threat landscape alongside a global security talent shortage of 3.4 million (NIST, WEF). This has fueled rapid adoption of autonomous AI agents, which matured significantly in 2024 and will become mainstream in 2025. These agents, while not replacing skilled staff, will scale key functions like SOC and AppSec. Despite challenges, their business value ensures continued progress.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
