Attackers are shifting tactics, targeting mid-size companies and critical infrastructure sectors, while generative AI risks threaten to overshadow a focus on cyber hygiene.
Ransomware attacks continue to be one of the most significant cybersecurity threats organizations and cybersecurity leaders face. Attacks lead to wide-scale disruptions, large data breaches, huge payouts and millions of dollars in costs to businesses.
In response, large, coordinated law enforcement operations have targeted major ransomware groups and disrupted operations, dismantled data leak sites and seen the release of decryption keys.
However, the volume of attacks has risen, the number of reported victims continues to grow and like a hydra that sprouts new heads, the ransomware ecosystem has been reformed and continues operating, although some of the tactics are changing.
Here are five key insights CISOs need to know in 2025.
1. Too much focus on generative AI risks underestimating known threats
Generative AI tools such as ChatGPT continue to cause a stir in organizations and raise a host of security concerns. However, some incident data and threat analysis suggest security leaders need to remain vigilant about the evolution of traditional ransomware tactics.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825545/5-things-to-know-about-ransomware-threats-in-2025.html
Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.
“Nothing is particularly new — maybe AI is newer, and the pace at which it’s all going keeps increasing — but we need to do better at all of it in 2025,” says Obadiaru, CISO at Cobalt, which offers penetration testing as a service.
Obadiaru’s priorities mirror those listed by other CISOs on multiple reports, including Foundry’s recent Security Priorities Study, that show security leaders doubling down on security fundamentals while also layering in newer elements — namely AI.
Despite overall similarities in objectives among security leaders, CISOs are also prioritizing based on their organization’s unique needs, based on the maturity of their security posture, as well as their market position, industry, and other differentiating factors.
0 seconds of 16 minutes, 30 secondsVolume 0%
Leading-edge CISOs are also implementing additional accountability strategies to ensure their teams know the organization’s security priorities and that other executives and business leaders do their part to help secure the enterprise.
Accountability as a priority is essential if CISOs want to finish 2025 in a stronger position than when the year started, says David Chaddock, managing director for cybersecurity at digital services firm West Monroe.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3809187/cisos-top-12-cybersecurity-priorities-for-2025.html
