By Byron V. Acohido
To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps.
Part four of our four-part series
From cybersecurity skills shortages to the pressures of hybrid work, the challenges facing organizations are at an all-time high. Experts here explore the importance of fostering a resilient workforce, backed by AI-enhanced training and layered security strategies.
The encouraging news is that new technologies, like Zero Trust architecture and AI-enhanced security tools are gaining traction – for instance, AI is expected to take a much larger role, going forward, in helping organizations address the persistent talent shortage, which in turn, will make automated defenses, focused at the Internet edge, even more effective.
As companies continue to grapple with rising threats and the shifting needs of a digital world, building a strong, adaptable team may be the ultimate key to survival.
Shashanka
Dr. Madhu Shashanka, Chief Data Scientist, Concentric AI
Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Collaborative efforts between security vendors, AI providers, and businesses will be key to counter automated, scalable attacks. Real-time defense and a robust security mindset are crucial to staying resilient.
Karl Holmqvist, CEO, Lastwall
In 2025, the “Steal-Now, Decrypt-Later” threat will accelerate post-quantum cryptography (PQC) adoption. Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies. Without action, quantum-enabled breaches threaten critical data, national security, and global stability.
Amini
Pedram Amini, Chief Scientist, Opswat
The sophistication and abuse of AI are escalating as costs drop, driving a surge in ML-assisted scams and attacks on physical devices. Organizations face rising risks of AI-driven social engineering and personal device breaches. As compute costs decrease, autonomous operations and AI-discovered zero-day exploits loom. While fully agentic AI malware remains years away, the industry must prepare now.
Shoshani
Or Shoshani, CEO, Stream Security
In 2024, 65% of breaches involved cloud data, highlighting a critical gap in cloud security. Despite widespread cloud adoption, most SecOps teams rely on outdated, on-premises alert tools, leading to missed threats and wasted resources on false positives. To reduce cloud-based attacks, organizations must integrate real-time cloud insights into SOCs, ensuring consistent threat detection, faster responses, and lower risks of material breaches in 2025 and beyond.
Xu
Jimmy Xu, Field CTO, Cycode
In 2025, application security will evolve from vulnerability identification to intelligent prioritization and automated remediation, enabling developers to address critical risks within their workflows. With tighter budgets, organizations will adopt integrated platforms for efficiency and cost-effectiveness. Traditional AST tools disconnected from the SDLC will fade, while AI capabilities will become essential, augmenting security teams and protecting AI-powered applications.
Simic
Bojan Simic, CEO, HYPR
The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. The growing sophistication of cyber threats demands robust identity assurance solutions that include multifactor authentication, risk monitoring and adaptive verification – collectively forming multi-factor verification (MFV.)
Lanowitz
Theresa Lanowitz, Chief Evangelist, LevelBlue
In 2025, cybersecurity success hinges on integrating it into core business operations. DevSecOps shifts security from a reactive process to a proactive framework, embedding it early in development. Collaboration between cybersecurity, development, and business teams requires data-driven insights and shared priorities. By addressing attack vectors upfront and aligning security with business goals, organizations can build resilience and make cybersecurity a fundamental business requirement.
Tavakoli
Oliver Tavakoli, CTO, Vectra AI
In 2025, the initial excitement surrounding security copilots will begin to diminish; we’ll see a shift in the narrative toward more autonomous AI systems designed to operate independently, requiring minimal human intervention. Marketing efforts will increasingly highlight these autonomous AI models as the next frontier, touting their ability to detect, respond to, and even mitigate threats in real-time – all without human input.
Freestone
Tim Freestone, Chief Strategy Officer, Kiteworks
Organizations can address the privacy and compliance talent gap by using AI to automate tasks like audit trails, data access logs, and compliance monitoring. This frees teams for strategic efforts like risk management. Promoting continuous learning in privacy tech, AI governance, and Zero Trust, alongside partnerships with educational institutions, helps build a skilled workforce to meet evolving regulatory demands.
Dooley
Doug Dooley, COO, Data Theorem
In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. API exploits will target shadow APIs and broken object-level authorization (BOLA) flaws, while cloud misconfigurations in hybrid setups expose sensitive data. Supply chain attacks will intensify through poisoned APIs and unchecked software dependencies. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. Organizations must automate cloud monitoring, fortify supply chains, and leverage AI defenses.
Dulce
Sagie Dulce, VP Research, Zero Networks
In 2025, AI will empower both defenders and attackers—improving incident response for the former while accelerating exploits and phishing for the latter. Securing AI poses challenges due to unpredictable backends and access to sensitive data. To mitigate risks, organizations must enforce Zero-Trust principles, limit AI access to privileged accounts, and sanitize AI prompts. As tech complexity rises, Zero-Trust remains critical for robust cybersecurity.
Tang
Tim Tang, Director, Enterprise Solutions, Hughes Network Systems
As cyber threats escalate, AI-enabled technologies are enabling enterprises to mount an effective defense. Enterprises are using AI-enabled automations to satisfy the Tier 1 cyber activities. Network Detection and Response (NDR) solutions use AI to extrapolate and identify latent threats. Anti-ransomware solutions incorporate AI to aggregate system-level insights and protect against zero-day attacks. AI is also easing cyber talent gap — by increasing productivity, job satisfaction and thus retention.
Thaman
Alex Thaman, CTO, Andesite
Criminals and nation states will become much faster and more sophisticated at gaining unauthorized access — and acting on that access. I would expect to see a stepwise increase in sophistication in 2025 leaving many organizations unprepared until improved defense technology and better training is adopted. We can expect security teams feeling pressure to adopt new technology quickly.
Tipirneni
Ratan Tipirneni, CEO, Tigera
To maximize GenAI’s value, enterprises will customize models using proprietary data and Retrieval-Augmented Generation (RAG) architectures tailored to their specific needs. With flexibility in deploying GenAI across cloud and on-premises environments, Kubernetes is emerging as the dominant platform. This shift heightens the focus on securing Kubernetes with microsegmentation, continuous monitoring, vulnerability management, and runtime protections to safeguard sensitive data as GenAI adoption surges in 2025.
Kowski
Stephen Kowski, Field CTO, SlashNext Email Security+
Organizations can address the cybersecurity talent gap by using AI-powered automation for routine tasks like threat detection and incident response. This enables security teams to focus on strategic priorities and complex investigations. AI acts as a force multiplier, reducing alert fatigue and burnout while processing vast security telemetry. Key applications include automated phishing detection, real-time behavior analysis, and intelligent event correlation across channels, enhancing efficiency and impact.
Vargas Valles
Mario Vargas Valles, VP Global Technology Alliances, Protegrity
AI’s ability to read and interpret compliance requirements through Natural Language Processing (NLP) will help ensure regulatory alignment, adding layers of security across regions and industries. And as regulations tighten globally, AI itself will need to meet high transparency standards, actively supporting data governance with automated discovery, classification, and quality control processes.
Nanjundappa
Prashanth Nanjundappa, VP, Product Management, Progress
Quality Assurance Operations (QAOps) helps ensure quality assurance is part of the software development lifecycle. QAOps will help DevSecOps adoption by fostering better collaboration between QA, development, operations and security teams. This integrated approach reinforces that security is a shared responsibility and helps confirm all teams are aligned on security goals.
Zimerman
Amit Zimerman, Chief Product officer, Oasis Security
The shortage of AI security skills is a growing concern. Organizations must invest in AI security training, focusing on foundational knowledge and emerging threats like prompt injection. Partnering with universities and certification bodies can standardize curricula, while fostering collaboration between AI, security, and engineering teams enhances threat response. Integrating AI-enabled security tools requires real-world testing, updating legacy frameworks, and adopting flexible policies to stay ahead of evolving threats.
Parnes
Ariel Parnes, COO, Mitiga
In 2025, the convergence of generative AI and SaaS adoption will redefine cybersecurity. AI will enable attackers to craft adaptive phishing campaigns, exploit SaaS vulnerabilities, and evade detection, lowering the skill barrier for cybercriminals. Simultaneously, SaaS sprawl will create visibility gaps, leaving organizations vulnerable. To counter this, businesses must adopt AI-driven security tools for real-time monitoring, threat detection, and anomaly identification across cloud applications.
Kannry
Scott Kannry, CEO, Axio
Cybersecurity is now a business-wide concern, requiring user-friendly, business-focused risk quantification (CRQ) tools to guide decisions on technology adoption and legacy systems. CRQ fosters collaboration via shared risk language and ensures tech stacks align with risk tolerance. As regulations evolve, CISOs are taking on compliance and disclosure roles, prompting some companies to split security leadership into technical and business-focused positions to address these expanded demands.
Jones
Chris Jones, CTO & Chief Data Officer, Nightwing
In 2025, Chief Data Officers (CDOs) must evolve beyond compliance and risk management to unlock data’s strategic potential. As global data complexity grows, CDOs will drive value by enabling advanced analytics, uncovering insights, streamlining operations, and identifying new opportunities. Balancing data management with business innovation, CDOs will bridge the gap between defense and growth, ensuring organizations capitalize on accessible data to achieve strategic goals.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
