Forecast 2025: Defensive Security

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

Today in our interview: Florian Walther, Head of the Defensive Security Team

The year 2024 may be over, but let’s take a brief look back. In your opinion, what were the biggest challenges for companies from the perspective of cyber security?

Florian Walther: From my point of view, the challenges in terms of IT and information security that organizations have been failing at for years are the same. It’s the basics. Clean configuration, responsible operation, timely patch management and a backup and restore concept that works.

We are at the beginning of 2025 - which cyber threats do you see as particularly dangerous or relevant for 2025?

Florian Walther: The quality of social engineering, driven by the achievements of artificial intelligence, will improve. This will also increase the number of cyber incidents and damages.

Increasing outsourcing of IT services will broaden the risk and the reach of cyber attacks. Supply chain attacks will also rise because they are becoming increasingly attractive for attackers.

Keyword: Hit one, hack many.

How will the regulatory landscape in the area of cyber security change in the course of this year?

Florian Walther: 2025 will see some regulatory changes (NIS2, CRA, DORA,…) However, I don’t expect any measurable or tangible effects until the coming years.

What role will artificial intelligence (AI) play in cyber security in 2025 – both as a tool for defense and as a threat?

Florian Walther: As in many other areas, AI will continue to boost both the defensive and offensive side. This development has already been visible for quite some time . This will clearly continue. However, I don’t expect AI to be a game changer in the area of IT security in 2025.

Which developments in cyber security have surprised you the most in the last years and what do you expect for 2025?

Florian Walther: I’ve been amazed for years that IT is becoming more and more complex and dependencies are being created, while everyone wonders why cybercrime and IT security aren’t getting any better.

Well, the realization that you can’t find the needle in the haystack any faster by dumping more hay on the heap has yet to catch on .

What would you advise companies to do to be well prepared for the year 2025

Florian Walther: Make sure that at least your basics (configuration, patch management and backup) are on track. Reduce complexity and dependencies. Invest in people and know-how instead of windy cloud services.

What do you wish for in 2025 from the perspective of your area of expertise?

Florian Walther: Interesting projects, without peak loads (laughs)