Technologies such as the cloud, Internet of Things or artificial intelligence, which are driving a digital economy and a new way of working and operating, add pressure on the management of exposure to risk and threats, whose environment is constantly evolving.

It is in this context, in which companies have decentralized digital capabilities, that the experts at /fsafe, Fibratel’s cybersecurity unit, have based their list of trends and predictions for next year 2025. Their forecasts indicate that IT Security departments must equip themselves with flexible and adaptable capabilities, prioritizing technical capabilities and the adoption of measures that allow them to achieve organizational resilience, in order to respond quickly to threats.

As Jonatan Monroy, head of the SOC (Security Operations Center) of the cybersecurity/fsafe unit at Fibratel, explains, “the continued adoption of the cloud, hybrid work, the incorporation of artificial intelligence in processes and GenAI, together with Other technologies, such as IoT and Big Data, are transforming organizations and the sectors in which they operate. “This requires new cyber defense strategies and governance frameworks to move towards a posture of cyber resilience by design and zero trust strategies, which allow threat exposure to be managed and mitigated.”

In his opinion, in this way, it will be possible to face a scenario of technological growth by dealing, both with the new, increasingly complex security challenges that arise, as well as with a more extensive and decentralized attack surface, specific threats that accompany to the implementation of AI, the increasingly frequent attacks on the supply chain, and the governance gaps that are generated by the slow adaptation of companies to new regulatory frameworks.

Four trends in cybersecurity that will define the coming months

The /fsafe team has condensed into four points the trends and issues that those responsible for company security (CISOs) and security departments should focus on, in order to navigate a complex IT and cybersecurity environment of safe way:

  • Cyber ​​resilience by design. Companies can no longer think only about improving current cybersecurity, but rather have to build secure and, at the same time, flexible environments, so that they can evolve based on different factors, such as threats, business scalability, etc. This implies that they must generate incident response plans that consider emerging risks and ensure rapid recovery of both current assets and those that are generated in the environment.
  • AI yes, but with appropriate measures. AI has a dual use, it is used equally by defenders to improve their security posture, and by adversaries, to carry out more sophisticated social engineering attacks and even evade trained models to detect harmful behavior. . From the point of view of cybersecurity teams, AI and Generative Artificial Intelligence capabilities will be key in 2025 to improve process prioritization, security culture and the simplification of activities carried out by analysts, as well as optimize and guide their decision-making. The articulation of Zero Trust strategies and unified and flexible SASE solutions that provide a framework of network security services on a platform that integrates AI as a support tool for security personnel will become more relevant than ever. However, for the widespread adoption of AI, its introduction into technology and process optimization to be successful, protective measures will have to be taken in several vectors. For example, governance platforms must be used, which allow systems to be managed from a legal, ethical and operational point of view.
  • Ransomware. All studies in the sector agree that, in general, attacks have become more complex and difficult to detect, from DNS attacks, to social engineering attacks and all those that have to do with data. Leaks and information leaks are the order of the day and, therefore, ransomware is identified as one of the most destructive, due to its profitability for cybercrime compared to other types of cybercrime. All IT assets must be protected to prevent data attacks. At this point, Fibratel experts emphasize the need to protect the Cloud environment, since cloud intrusions have increased by 75%, according to a recent report by CrowdStrike, one of its partners. It is logical that, as systems and applications move to the cloud, criminal activity places special focus on violating said environment and cybercriminal groups adopt new intrusion techniques specially designed for services hosted on Cloud infrastructures.
  • Talent shortage. The cybersecurity skills shortage persists as one of the pressing challenges in the technology sector and for companies’ internal teams. In fact, a study by Fortinet, also a Fibratel collaborating company in the area of ​​cybersecurity, confirms that organizations increasingly attribute security breaches to a lack of cyber skills. The problem is increasingly real: ISC2, the International Information Systems Security Certification Consortium, predicts that 4 million professionals will be needed to cover the personnel gap in this area. In Spain, this figure is currently around 40,000 jobs.

The /fsafe team believes it is critical that companies help their IT and security teams become qualified through the necessary training, something that managed security service providers do on an ongoing basis. However, this must be completed with other public-private cooperation policies that prioritize STEM education, facilitate the incorporation of women into the cyber field or the implementation of programs in companies that favor professional development and recycling.