As part of our year-end content series, we asked the CEOs and top leadership of NightDragon’s portfolio to share reflections on 2024 and predictions and insights on what’s to come in 2025.
This is our third and final installment of this series. If you missed part one and two, read them here and here.
Check out below for additional insights from our top leaders.
Dataminr VP of Product Management, Cyber, Shimon Modi— AI Agents will become targets of compromise leading to data breaches. As generative AI tools become more commonplace and advanced, we will see a new vector for data breaches emerge. Malicious actors will create innovative prompt engineering techniques to target AI agents empowered to take actions on behalf of end users. The aim of these attacks will be to trick the agents into disclosing information or taking an action, like a password reset, that will enable the attacker to compromise the network or achieve other objectives.
Rising risk events will catalyze more cyber-physical integration. As risk factors like geopolitical events, cyberattacks and supply chain disruptions escalate over the coming year, corporations will need to integrate cybersecurity and physical security operations to ensure effective organizational resilience. Those two teams, which are usually siloed, will begin converging in some areas in order to better prepare for and manage threats that straddle both cyber and physical realms. As these cross-over risks rise over time, we’ll see corporations adopt a more holistic security approach and response strategies that address both cyber and physical incidents.
iBoss CEO, Paul Martini — 2025 will see a big drive toward the full consolidation of SD-WAN, Network, and Security and further moving away from separate SD-WAN networking vendors and Cloud security vendors. This will drive a push to sunset independent SD-WAN and Security Service Edge vendors into one consolidate vendor set. The need for a truly consolidated cloud security SASE platform will be become more important, with vendors that have point products or legacy appliance-based networking approaches being pressured. AI will continue to become a core component of SASE which will help network and security teams identify and address risks to reduce breaches and data loss. The ability to reduce costs and simplify networking and security will also become more accessible. At iboss, we’ve always believed that having a truly consolidated network and security SASE platform with centralized policies, security, and logging were key to enabling a secure and connected future. This is perfectly aligned with the needs of the market and our customers who are taking advantage of the important digital and security transformation that SASE enabled.
Blackbird.AI CEO and Co-Founder, Wasim Khaled — Publicly traded corporations face a new threat vector of risk from harmful narrative attacks that exploit the increasing speed and interconnectedness of the digital information ecosystem. These attacks can cause massive financial and reputational harm by manipulating public perception, destabilizing stock prices, and eroding stakeholder trust within minutes. Synthetic media, deepfakes, and AI-generated narratives are being used to fabricate press releases, forge executive communications across text and even video conferences, or stage false crises, leaving organizations with a significant blind spot and scrambling to respond in real-time. Cybersecurity leaders must address this new threat vector of narrative attacks as they are in the best position to protect the company.
Claroty, Chief Strategy Officer, Grant Geyer —
A Shift in Perspectives on the Cloud by Industrial Organizations: Asset-Intensive Organizations Will Move to Operationalize Segmentation to Reduce Entire Classes of Cyber Risk to CPS Security:
While the U.S. Government and its international partners have initiated an important body of work in Secure-by-Design, the fruits of this labor won’t manifest for years to come. The reality is that asset owners and operators are on their own for the time being. As a result, while many CPS security projects start with establishing an asset inventory, organizations are moving past this phase to operationalize risk reduction strategies. While every organization needs to have a vulnerability management program, in 2025 more organizations will realize that their risk reduction objectives will not materialize. Organizations that are serious about risk reduction will recognize that they need to operationalize network segmentation in their CPS environments to take entire classes of risk off the table. This will be a significant shift in most organizations, as the engineering teams frequently reject programs that could cause operational impacts to production. How this clash of cultures and the resultant decisions play out will determine risk reduction outcomes, so it’s critical that CISOs properly prepare and engage in this critical initiative.
Co-Founder, ThreatConnect Co-Founder, Andy Pendergast and Polarity by ThreatConnect Co-Founder, Paul Battista —
In 2025, we will witness the continued adoption of AI agents and large language models (LLMs) by both malicious actors and defenders in the digital domain. While the volume of malicious activity is expected to rise, defenders’ capabilities to counter these threats will also improve.The potential to shift to a net “defender’s advantage” exists, but it will depend on organizations building their teams and technology stacks to understand their own environment and their adversaries’ TTPs better than the adversaries know themselves.
A key focal point will be leveraging multi-sourced intelligence data to understand and combat evolving AI-based targeted threats. Now that adversaries can scale themselves with AI, off-the-shelf intelligence feeds and summaries alone will not be sufficient for a comprehensive defense.In the meantime, adversaries will find and exploit vulnerabilities faster, send more and better crafted and harder-to-detect phishing emails, and evolve social engineering techniques at scale with readily available software to create deepfake videos and audio. Activity “left of boom” will increase, evolve, and become harder to defend against. Fortunately, AI will also assist the speed, scale, and veracity of operationalizing intelligence, with better ability to move beyond providing indicators of compromise-based defenses to providing more complex procedure-based detections accurately and at scale, synthesizing multi-sourced information sources for decision-makers and beginning to better integrate external threat context with the real quantified risk to the organization to support proactive prioritization of resources and actions.
