As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. The IT Security Guru caught up with Darren Guccione, CEO and co-founder of Keeper Security to see what he thinks should be the industry’s resolutions in the coming year.
Resolution #1: Adopt a Proactive Approach to Cybersecurity to Combat AI-Driven Attacks
Adopt a proactive approach to cybersecurity that integrates advanced defence mechanisms with fundamental best practices to mitigate and combat AI-driven attacks.
As we step into 2025, AI-driven cyber attacks remain a serious threat to global security and remain a top concern for business and security leaders. According to Keeper Security’s 2024 Insight Report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats, 35% of IT and security leaders feel ill-equipped to counter AI-powered attacks.
Cybercriminals weaponise AI to speed up and scale traditional attack tactics, such as phishing and password cracking, while also creating entirely new forms of cyber threats. With the continued evolution of these risks, IT leaders must adapt by implementing a multi-layered approach to security, staying one step ahead of attackers.
Key elements in protecting against AI-driven threats include timely software updates, network security improvements and strong password policies. Deploying a Privileged Access Management (PAM) solution that incorporates secrets management, password vaults, session management and remote browser isolation is essential for protecting critical assets. This layered security approach strengthens overall defences by restricting unauthorised access and minimising potential damage from breaches.
Resolution #2: Take a Quantum Leap in Security
As quantum computing improves, organizations must prepare today to address the security risk posed by this emerging technology.
Quantum computing is no longer just a concept for the distant future. The National Institute of Standards and Technology (NIST) rolled out quantum-resistant cryptographic standards to prepare for the impact of quantum computing in the near future.
Sufficiently powerful quantum computers break the public key cryptosystems that are currently the backbone of digital security, putting the confidentiality and integrity of digital communications at risk. This makes the transition to Quantum-Resistant Cryptography (QRC) a pressing priority for organisations.
Security teams should collaborate closely with IT and software engineering teams to identify where and how public key cryptography is being used. Additionally, engaging with vendors to understand their plans for QRC support is crucial. NIST has finalized standards for quantum-resistant cryptography and now is the time to start initiating transitions.
Though ready-to-deploy QRC solutions are not immediately accessible, businesses must begin preparing for future migration. This will require expertise in cryptography, IT infrastructure and cybersecurity. Close collaboration with cryptographers and IT professionals is essential to successfully integrating these new cryptographic standards when they become available. By taking proactive steps now, organisations can better navigate the transition to quantum-era cybersecurity.
Resolution #3: Protect Privileged Accounts in the Modern Digital Era
In the face of evolving cybersecurity threats, protecting privileged accounts is essential. Organizations should invest in zero-trust PAM solutions to safeguard their most valuable assets.
In the face of evolving cybersecurity threats, protecting privileged accounts is essential. Zero-trust PAM solutions offer a robust defence by enforcing strict access controls and minimising risk, particularly when preventing unauthorised lateral movement during an attack.
PAM tools provide granular control over user permissions and enable continuous monitoring for suspicious activity, allowing organisations to swiftly respond to potential threats, while ensuring sensitive data remains secure. With advanced features like just-in-time access and privilege elevation and delegation management, PAM solutions also help organisations meet compliance requirements and streamline security operations.
The most effective method for minimising sprawl if an attack does occur is by investing in prevention with zero-trust PAM that will limit, if not altogether prevent, a bad actor’s access.
Resolution #4: Deploy Cloud-Based Security Solutions for Enhanced Security and Simplicity
Moving PAM to the cloud enhances security through advanced encryption, Multi-Factor Authentication (MFA) and continuous monitoring. Organisations should prioritise solutions built on zero-trust and zero-knowledge architectures for maximum security, privacy and control.
As businesses navigate digital transformation and evolving cybersecurity threats, the need for comprehensive PAM solutions becomes even more critical. Cloud-based PAM solutions provide an effective response to this demand, offering heightened security and streamlined management. According to Keeper Security’s recent Insight Report, 82% of IT leaders are eager to transition from on-premises PAM to cloud-based solutions.
The shift to the cloud enhances security by incorporating automatic updates, advanced encryption, MFA and continuous monitoring, all of which fortify defences against evolving threats. Organisations should seek PAM solutions built on a zero-trust and zero-knowledge architectures to ensure the highest levels of security, privacy and control over sensitive data.