Will Ledesma, Senior Director of MDR Cybersecurity Operations, Adlumin, an N-able company, and Kevin O’Connor, Director of Threat Research & Incident Response, Adlumin, an N-able company, with three trends highlighting key shifts in cybersecurity.
The pace of cyber threats is accelerating like never before requiring a reappraisal of outdated, reactive approaches to threat management in favor of embracing new strategies that prioritize proactive defense and a fundamental shift in cybersecurity mindsets.
The following three trends highlight key shifts we can expect to see as 2025 progresses – from the changing relationship between SecOps and ITOps to the rise of AI-driven security operations and a necessary recalibration of how we address cybercriminal notoriety.
These trends reflect the growing need for a more integrated, intelligence-driven, and forward-thinking approach to cybersecurity.
System uptime will lose priority as lines blur between SecOps and ITOps
Historically, IT operations and security operations have been managed separately. For ITOps, maintaining service level agreements (SLAs) and ensuring uptime have been the main priority. Achieving “five 9s” –availability of services 99.999% of the time – has become the gold standard.
But as lines blur between ITOps and SecOps, organizations are recognizing that keeping systems up at all costs may not always be the most important objective. Security is taking a higher priority, which includes a growing willingness among security teams to intentionally isolate systems in the event of a cyberattack.
To keep data safe and secure, this is the right thing to do. Risk exposure from a cyberattack, which could do irreparable harm if corporate or customer data is compromised, is much greater than the reputational damage that might be done from a minute disruption of service.
As more organizations embrace this mindset, more companies will err on the side of security in order to ensure integrity and confidentiality with playbooks adding steps to take systems down at the first hint of an attack.
Even though it may be a disruption to employees and customers, these protection actions are for the benefit of all invested parties. In the long run, the realization that they’d much rather deal with a temporary inconvenience versus having personal or proprietary information fall into the wrong hands will likely become the norm.
As this shift takes place, the combined effort between SecOps and ITOps teams to combat threats will require constant communication and organization. Beyond staying informed about emerging threats and techniques, these teams should work together to conduct regular tabletop exercises to simulate attacks, evaluate response readiness, and refine their incident response plans.
Cybersecurity teams will become augmented operators rather than mere responders
We’ve already seen augmented reality, like Microsoft’s mixed-reality headsets, enhance physical battlefield awareness by enabling US soldiers to see through smoke, around corners, and view 3D terrain maps in their field of vision. While there aren’t too many people who realistically think technology will fully-replace soldiers on the physical and cyber battlefield in the near term, we all agree that it will help them do their jobs better.
As AI continues to be infused into all cyber operations, it will similarly enhance human efforts by automating routine frontline tasks, providing real-time threat insights, and potentially identifying zero-day vulnerabilities autonomously. Google’s recent claim that an AI agent discovered a previously unknown vulnerability in real-world code indicates that we’re closer than we might think to this becoming a widespread reality.
As AI is more deeply embedded in cybersecurity operations, cybersecurity services will adapt. For example, traditional managed detection and response (MDR), which relies on human-led detections and responses, will give way to cybernetic detection and response, where AI acts as a powerful force multiplier for security teams.
To fully grasp this shift, organizations must rethink how they deploy cybersecurity personnel. AI can sift through vast amounts of data, highlight high-priority issues, and even take predefined automated actions to mitigate threats. For organizations today, it’s critical to evaluate current AI capabilities and implement tools that can assist with tasks such as threat hunting, phishing detection, and log analysis for the most impact.
If we continue treating cyber criminals like superhero villains, they’ll continue growing more emboldened
Other than state-sponsored threat actors, most cyber criminals are motivated by financial gain and the notoriety that comes along with executing high-profile attacks. As a cybersecurity industry, we’re doing everything we can to prevent attackers from financial gain, but we’re not doing much to stop them from their quest for fame which, in turn, earns them the respect of their peers and motivates them even more. In fact, we’re giving them exactly what they want.
It’s no mistake that groups like Qilin, Dark Angels, REvil, CL0P or LockBit sound like superhero villains. It feeds into their egos. If we continue referring to them by these names, or creating other cool-sounding names for them or the malware they deploy, we’re playing their game, by their rules.
Instead, we need to set the rules. A crucial part of reshaping cybersecurity is not just about defense – it’s also about how we frame the narrative around cybercrime. Referring to them with a non-descript naming convention, similar to KEVs (Known Exploited Vulnerabilities) helps take notoriety away from these groups, acting almost like kryptonite to them.
Instead of treating them like notorious crime lords, shifting to a neutral, data-driven classification approach can strip away some of their perceived power. Until we do that, we’ll only continue to embolden them.
The road ahead: Embracing the next phase of cybersecurity
These cybersecurity trends illustrate a fundamental transformation in how organizations must approach security in 2025. The convergence of IT and security operations, AI-augmented cyber defenses, and the need to depersonalize cybercriminal notoriety are all part of a larger movement toward a more proactive, intelligence-driven security model.
Organizations that fail to adapt to these shifts risk exposing themselves to greater threats in an ever-changing cyber landscape. By embracing AI, a willingness to isolate systems and prioritize defense, and a strategic reframing of cyber threats, businesses can stay ahead of attackers and build a security posture that is both resilient and future-ready.