/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/2024/10/22/w5qCHiDAyzisrUYR6HOV.png)
With 2025 around the corner, IBM security executives have made six predictions on everything from generative AI risks to crypto agility. Here they are:
“Shadow AI will prove to be more common – and risky – than we thought. Businesses have more and more generative AI models deployed across their systems each day, sometimes without their knowledge. In 2025, enterprises will truly see the scope of ‘shadow AI’ — that is, unsanctioned AI models used by staff that aren’t properly governed. Shadow AI presents a major risk to data security, and businesses that successfully confront this issue in 2025 will use a mix of clear governance policies, comprehensive workforce training, and diligent detection and response.”
— Akiba Saeedi, VP, IBM Security Product Management
“Cyber security teams will no longer be able to effectively manage threats in isolation. Threats from generative AI and hybrid cloud adoption are rapidly evolving. Meanwhile, the risk quantum computing poses to modern standards of public-key encryption will become unavoidable. Given the maturation of new quantum-safe cryptography standards, there will be a drive to discover encrypted assets, and accelerate modernisation of cryptography management.
"Next year, successful organisations will be those where executives and diverse teams jointly develop and enforce cybersecurity strategies, embedding security into the organizational culture.”
— Sam Hector, Global Strategy Leader, IBM Security
“Data security and AI security will become an essential ingredient of trustworthy AI. ‘Trustworthy AI’ is often interpreted as AI that is transparent, fair, and privacy-protecting. These are critical characteristics. But, if AI and the data powering it aren’t also secure, then all other characteristics are compromised.
In 2025, as businesses, governments, and individuals interact with AI more often and with higher stakes, data and AI security will be viewed as an even more important part of the trustworthy AI recipe.”
— Suja Viswesan, VP of Security Software Development, IBM
“How enterprises think about identity will continue to transform in the wake of hybrid cloud and app modernization initiatives. Recognizing that identity has become the new security perimeter, enterprises will continue their shift to an Identity-First strategy, managing and securing access to applications and critical data including Gen AI models.
In 2025, a fundamental component for this strategy is to build an effective identity fabric, a product-agnostic integrated set of identity tools and services. When done right, this will be a welcome relief to security professionals, taming the chaos and risk caused by a proliferation of multicloud environments and scattered identity solutions.”
— Wes Gyure, Executive Director, IBM Security Product Management
“As organizations begin the transition to post-quantum cryptography over the next year, agility will be crucial to ensure systems are prepared for continued transformation, particularly as the U.S. National Institute of Standards and Technology (NIST) continues to expand its toolbox of post-quantum cryptography standards. NIST's initial post-quantum cryptography standards were a signal to the world that the time is now to start the journey to becoming quantum safe.
"But, equally important is the need for crypto agility - ensuring that systems can rapidly adapt to new cryptographic mechanisms and algorithms in response to changing threats, technological advances, and vulnerabilities - ideally leveraging automation to streamline and accelerate the process.”
— Ray Harishankar, IBM Fellow, IBM Quantum Safe
“Enterprises will grapple with AI benefits and threats. As AI matures from proof-of-concept to wide-scale deployment, enterprises reap the benefits of productivity and efficiency gains, including automating security and compliance tasks to protect their data and assets.
"But, organizations need to be aware of AI being used as a new tool or conduit for threat actors to breach long-standing security processes and protocols. Businesses need to adopt security frameworks, best practice recommendations and guardrails for AI and adapt quickly – to address both the benefits and risks associated with rapid AI advancements.
— Mark Hughes, Global Managing Partner, Cybersecurity Services, IBM.