As the year comes to an end, it’s a good time to reflect on cybersecurity developments and trends. As organizations adapt their security strategies, we take a look at key questions about Attack Surface Management (ASM) and the role of the Chief Information Security Officer (CISO).
Comment by Martin Jartelius, CISO at Outpost24
1. What will happen in Attack Surface Management in 2025?
Attack surface management (ASM) addresses an old problem: If you don’t know what you own, use or depend on, it’s difficult to protect it. ASM acts as a detective, helping organizations identify and map their assets to better manage them. The focus in 2025 will be on moving from simply identifying assets to assessing risk and prioritizing remediation – an area where many organizations still urgently need to catch up.
2. Will the attack surface grow, shrink or stay the same in 2025?
The IT world is undergoing a kind of industrialization, with companies increasingly relying on external organizations and standardized technologies. While this offers numerous competitive advantages, it also expands the potential attack surface from third-party providers and platforms. This development will continue, as it is essential for business success – but only if the associated risks are addressed as well.
3. Will unsecure corporate chatbots increase the attack surface?
Yes, if they are used incorrectly, are not isolating sensitive data or are not operated in a protected network. Although major breaches are likely to be rare, individual incidents could be embarrassing and attract unwanted media attention. Companies should learn from past mistakes and not use new technologies on a whim.
4. Are we getting better at managing attack surfaces?
There are more and more solutions on the market that offer both efficient asset detection and sound risk assessment. It is important that this prioritization is supported by threat intelligence from real cyber-incidents so that organizations collectively learn from each other’s mistakes and attacks. Many systems remain in a neglected state as well, a focused ASM can help to raise the overall level of security.
5. What will be the main focus in 2025?
The biggest challenge remains mobilization: even if organizations have more sophisticated tools for risk assessment, there will often be a lack of prioritization and efficient implementation of countermeasures. This reduces the effectiveness of risk mitigation.
6. How will attackers‘ tactics evolve in 2025?
Attackers are becoming increasingly specialized, leading to better tools and tactics that are available even to less experienced actors. Political tensions could also lead to previously state-developed tools ending up in the hands of criminals and being used against companies on a broad scale.
7. Will there be progress in pen testing, red teaming or vulnerability analysis?
Yes, especially through the integration of modern technologies. Red teams, which simulate realistic attack scenarios based on threat analyses, will continue to gain relevance. In the future, ASM tools could automate processes from detection and risk assessment as well as continuous reporting. Vulnerability management should be closely linked with the discovery of attack surfaces and the use of relevant cyber threat intelligence.
The modern CISO is also more than ever caught between strategic risk management and operational responsibility. In 2025, the role of the CISO will be characterized by several key trends and challenges.
1. What will happen to CISOs in 2025?
CISOs who act as business enablers and accompany change processes in a secure and structured manner will have a lasting impact on their organizations. The days of the „naysayer“ are over – the modern CISO needs a more business-oriented mindset. The NIS-2 guidelines, with their focus on third-party providers and supply chain management, will massively increase the workload of CISO teams. Managing these risks and responding to numerous requests will require a higher degree of automation and greater integration with partners, customers and suppliers.
2. Will security budgets increase, decrease or stay the same in 2025?
Security budgets often follow the general economic climate. Investing in solutions that increase both productivity and efficiency will be a priority. Solutions that do not offer an immediate increase in productivity, on the other hand, could suffer from cost-cutting measures.
3. Should more CISOs be represented in the company management?
That depends on how the organization defines risk management. CISOs who strategically manage and optimize risks belong at the management level. Operationally oriented CISOs, on the other hand, usually report their results via other channels.
4. Will the „security by resilience“ approach influence the priorities of CISOs?
Yes, the increasing threat of destabilization – whether from state or private actors – makes resilience a central element of security strategy. The aim is to minimize the impact of incidents and ensure business continuity.
About Outpost24
Outpost24 helps organizations improve their cyber resilience with a comprehensive range of Continuous Threat Exposure Management (CTEM) solutions. Outpost24’s intelligent cloud platform unifies asset management, automates vulnerability assessment and quantifies cyber risk in a business context. Executives and security teams around the world rely on Outpost24 to identify and prioritize the most critical security issues within their attack surface to accelerate risk mitigation. Outpost24 was founded in 2001 and is headquartered in Sweden and the USA. Additional offices are located in the UK, the Netherlands, Belgium, Denmark, France and Spain.Visit https://outpost24.com/ for more information.
Company-Contact
Outpost24
Patrick Lehnis
Gierkezeile 12
10585 Berlin
Phone: +49 (0) 160-3484013
E-Mail:
Url: http://outpost24.com
Press
Sprengel & Partner GmbH
Lisa Dillmann
Nisterstraße 3
56472 Nisterau
Phone: +49 2661 91260-0
E-Mail:
Url: http://www.sprengel-pr.com
Die Bildrechte liegen bei dem Verfasser der Mitteilung.