SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

AI advancements in 2025 pose cybersecurity challenges

Fri, 22nd Nov 2024

Predictions for 2025 indicate significant developments and challenges in the field of artificial intelligence (AI) and cybersecurity.

Michael Adjei, Director of Systems Engineering at Illumio, forecasted a "mad scramble for AI guidelines and frameworks," likening it to past efforts to regulate social media. "With GenAI tools now ubiquitous, 2025 will see a frantic scramble to rein in AI — just as we saw with social media. The focus will be on protecting users and having frameworks to safeguard AI from other AI.

Frameworks and guidelines will be pushed at three levels: international (e.g., the EU), regional (e.g., NCSC), and organisational. The organisational level will likely be most effective due to clear guidelines on acceptable use and security, while higher levels become less effective. International regulations often allow room for interpretation, enabling businesses to circumvent them."

He further warned of increased focus by attackers on AI supply chains. "In 2025, attackers will hone in on AI supply chains. They will seek out the sources, namely providers of GenAI tools and copilots. This will lead to more breaches involving AI companies, with cybercriminals exploiting product vulnerabilities that expose customer data.

Attackers will also target AI hardware supply chains, such as power sources, to cause significant disruption to operations and services, especially as dependence on GenAI grows.

This rising reliance on AI is expected to lead to challenges in maintaining control over autonomous machines. "As AI integrates into autonomous machines for greater efficiency, malfunctions may occur, particularly in production lines and vehicles. These glitches could disrupt global supply chains, impact product availability, or, in severe cases, cause injury or loss of life.

The root of these issues lies in the hidden side of AI, which is often proprietary and doesn't get the level of scrutiny needed to guarantee safety. Vulnerabilities, sloppy coding, and biases tend to only come to light when users interact with generative AI tools. Unfortunately, this also means cybercriminals can spot these weaknesses at the same time."

Adjei also highlighted a critical decision facing Chief Information Security Officers (CISOs): "CISOs will be forced to make a choice between investing in people or AI next year - and the majority will choose AI! This shift towards AI will exacerbate the skills gap, as funding will be channelled solely into AI competencies — a limited field — at the expense of internships and training courses.

With regards to IT and cyber, the teams most likely to be affected by the move towards AI investments will be SOC teams, Incident Response teams, and programmers. Organisations will view these roles as ones that AI can rapidly automate, resulting in a loss of critical skills within these teams."

Gary Barlet, Public Sector CTO at Illumio, discussed the "cyber challenges" expected in 2025, particularly highlighting the cyber skills gap. "One of the most pressing cyber challenges in 2025 will be the cyber skills gap. Agencies' ability to scale cybersecurity efforts is dependent on their capacity to fully implement emerging technologies and modern defence strategies. To truly advance cybersecurity, agencies will need to innovate in recruitment and retention, creating incentives that resonate with potential and current employees alike."

Barlet noted that artificial intelligence technology will play a role in bridging this gap. "In 2025, the rapid advancement of artificial intelligence-driven cyber tools will reshape defence strategies, enabling agencies to bridge the cybersecurity skills gap while maximising limited resources. These intelligent tools will empower teams to do more with less, elevating defence capabilities without proportionately expanding headcount. As agencies embrace these innovations, the true impact of AI will exceed expectations, driving an explosion in cybersecurity effectiveness and resilience."

Discussing ransomware, Barlet stated, "Agencies will prioritise internal defences and post-breach strategies over traditional perimeter security, recognising that the fight against cyberattacks is shifting inward. Advanced attacks will increasingly target sectors like education and healthcare, making data encryption and network segmentation essential components of resilient cybersecurity frameworks. As AI-fuelled attacks grow more sophisticated, agencies will focus on limiting attackers' movements within networks, accepting that the perimeter can no longer be the sole line of defence."

He also emphasised the importance of zero-trust architectures. "State and local governments will significantly expand their adoption of zero trust architectures to protect critical public infrastructure better. As threats evolve and target vital systems at all levels, these governments will prioritise granular access controls, network segmentation, and continuous verification to reduce vulnerabilities and limit attackers' movements. Zero trust principles will become a cornerstone of security strategy, helping state and local governments enhance resilience and protect citizens' data against increasingly sophisticated cyber threats."

Finally, Barlet outlined the need for increased efforts in protecting critical infrastructure sectors. "Critical infrastructure sectors will need to accelerate cybersecurity efforts, prioritising 'assume breach' principles as they face intensifying geopolitical cyber threats. In 2025, utilities, transportation, healthcare, and energy will focus heavily on advanced threat detection, segmentation, and rapid incident response to contain potential breaches before they disrupt essential services. With increased investment and strategic partnerships, these sectors will work to fortify their defences and safeguard public safety against increasingly sophisticated and state-sponsored attacks."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X