From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s
By
- Stephen McDermid, Okta
Published: 09 Dec 2024
We’re halfway through another decade, and as we enter a new year we are seeing new resolutions and new possibilities, and regrettably, new threats.
Cyber security is now a headline grabbing and board level conversation. You only have to look at recent incidents affecting the NHS, the British Library and of course, CrowdStrike to see that cyber security and identity based attacks impact consumers, employees and businesses on a global level.
This is only set to continue as CISOs and security teams are faced with bigger and more sophisticated challenges in the coming months, years and as we close out the decade. But what is front of mind for CISOs and their teams? And how are they tackling these issues? Here are two trends that should be in the crosshairs of businesses for 2025.
What happens when AI speaks to AI that speaks to AI that works with AI?
Along with cyber security, a key theme of 2025 has been the rise of AI. According to Gartner, AI agents will be the most important technology trend in 2025, with analysts predicting that 15% of daily work decisions will be made autonomously by AI agents by 2028. While productivity gains will be immense, the cyber security industry needs to have an urgent conversation about information access control for the coming explosion of autonomous AI agents, and if we don’t, we’ll see a rising tide of both accidental and hostile cyber breaches and data leakage next year.
By the end of 2025 and into the latter half of the decade, we’ll be living in a world with billions of autonomous AI agents acting on our behalf. There are important questions that the cyber security industry needs to answer. Such as, what are these bots doing? What information do they have access to? And how do we set and control the conditions and parameters around what information they can share, with who, and under what circumstances?
Right now, all these questions are up in the air. These bots don’t even have the benefit of basic cyber security awareness training. They don’t have that human sixth sense that tells us something might be wrong. They can’t think for themselves. All it takes is one rogue prompt for an AI agent to mistakenly share sensitive personal or financial information with another agent, and things could quickly spiral out of control.
Setting the standard
It’s not all doom and gloom though, and going into 2025 we need to have a renewed optimism that things can improve! For CISOs and security teams to be able to tackle the increasing threat landscape, we need a mindset shift across the cyber security industry, with far more collaboration between industry players. We face an unprecedented threat environment, and this is before the potential risks that AI agents bring to the table.
In the coming years, we need to agree and implement more standards, best practices and frameworks around cloud applications and how they communicate with each other so that they are secure by default. A single cyber security vendor can’t do that alone.
At Okta we’ve started on this with the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE), to help standardise secure identity management, in partnership with the OpenID Foundation. I’d like to see more organisations sign up to this standard, and other standards be introduced to help businesses, and ultimately end-users, improve their security posture.
What’s next?
The world of cyber security and identity-based attacks is a complex and ongoing struggle that’s spurring constant innovation and adaptation on both sides. For companies looking to protect their users and data, it’ll take continued evolution in technologies, policies, and business processes to put up an effective defence. This requires businesses to collaborate and work together to improve their security posture, educate consumers and the workforce and continue to adapt quickly with threat actors. Only then will we be able to create a world where data is secure by default and consumers are able to trust businesses with their most valuable asset – their identity.
Stephen McDermid is EMEA CSO at Okta