Jeffrey Kok, Vice-President of Solution Engineers for Asia Pacific and Japan, CyberArk, on proactively adopting strategies that prioritise identity security and business resiliency.
The cybersecurity landscape is constantly evolving, with new threats and vulnerabilities emerging at an unprecedented pace. According to the CyberArk 2024 Threat Landscape Report, 95% of APJ organisations had two or more identity-related breaches in the past year. As cybercriminals become more sophisticated, organisations must stay ahead by proactively adopting strategies that prioritise identity security and business resiliency.
As we move into the new year, here are seven cybersecurity predictions from CyberArk which organisations need to take note of to stay ahead.
- AI agents will proliferate
AI agents, which are intelligent, purpose-built tools that can perform specific tasks on behalf of humans to make decisions, will proliferate and mature in 2025. We expect to see more AI agents perform specific tasks with high proficiency, enabling more tailored and robust AI applications. As AI systems mature, we will see an increase in AI brokers: intermediaries that combine various AI agents to deliver more comprehensive, versatile solutions. For example, Apple Intelligence could support AI agents from other platforms such as Google, Meta and others.
- AI will become more embedded into everyday endpoint devices
With Microsoft’s 2nd Wave and Apple AI set to launch at the end of this year, AI will become more embedded into everyday endpoint devices, transforming the way average users interact with technology. As AI features being available Out of the Box become standard in Windows, Mac and mobile devices, users will be able to harness capabilities like real-time analytics, personalised insights and task automation directly on their devices for work. In 2025, more users stand to benefit from productivity gains with the democratised use of AI.
- There will be an acceleration of attacks on AI
AI systems are increasingly attractive targets for cyber attackers due to the low barrier to entry and high likelihood of success. Many of the current AI models and implementations may not have been designed with adequate security protection and guardrails. This has allowed many cyber attackers to poison data or circumvent AI system guardrails. Furthermore, attackers are using AI to launch more sophisticated social engineering (such as deepfake) and fraud campaigns. Organisations must prioritise stronger security measures and embed security frameworks directly into AI models to mitigate these risks.
- Machine identity security programs will become essential for modern enterprises in 2025
The rapid adoption of cloud-native technologies and AI means there are more identities to manage at greater speed and with more complexity. Attackers are increasingly zeroing in on machine identities, particularly in cloud-native and development environments. As digital certificate lifespans shrink (From 398 days to 90 days for Google and 398 days to 45 days for Apple by 2027), organisations that rely on manual certificate lifecycle management processes could face a higher risk of outages and security risks if they do not create dedicated Machine Identity Security programs. Machine identities can support organisations through automated certificate lifecycle management to ensure seamless continuity and compliance.
- Adversaries will increasingly target cloud-native environments by exploiting machine identities
Attacks on major tech players in 2024 have highlighted that developer access are more vulnerable, are more targeted and more likely to be exploited by cyber attackers. Cloud-native and developer environments will become even bigger targets due to the surge in machine identities – such as cloud access tokens, API keys and service accounts. Machine identities now outnumber human identities by 45 to 1, and this gap is expected to widen, set to reach 100 to 1 soon. Successfully targeting machine identities gives attackers a clear pathway to admin-level control, enabling everything from data theft to taking over – or shutting down – critical business services.
- Post-quantum readiness will become a pivotal focus for businesses
As we approach the point where quantum computers could potentially break current encryption methods, boards will start asking security teams about their quantum readiness plans. In the coming year, companies will start replacing untrusted certificate authorities (CAs) as part of their transition to quantum-resilient systems. Through integrated solutions, security teams should streamline securing machine identities and lay a strong foundation for a successful migration to a post-quantum future.
- Organisations will have an increased focus on resiliency and vendor risk management
Following high-profile outages from major vendors, there will be a growing demand and need to achieve organisational resiliency and lower vendor risk management. In 2025 and 2026, businesses will demand greater transparency and assurances from vendors, moving toward resilient, multi-cloud or hybrid architectures to reduce downtime and dependency on single providers. This underscores the importance of reliable infrastructure, particularly in sectors where cloud adoption is high and digital services are critical.
The predictions for 2025 underscore the critical need for businesses to prioritise identity security, enhance machine identity management, and prepare for quantum challenges to be future-ready. By embracing such innovative solutions, organisations can stay ahead in the rapidly changing cybersecurity landscape.
