Let’s Stop Kidding Ourselves: My Anti-Predictions for 2025
Let’s Stop Kidding Ourselves: My Anti-Predictions for 2025
I’ve been making cybersecurity predictions for decades. Here’s what I’ve learned: we’ve been consistently wrong – not about things getting bad, but about just how bad they’d really get. Most of the predictions have been wrong by magnitude. It’s worse than we ever thought it could be.
So, let’s not sugar coat it. Let’s talk about some harsh realities we’ll face in 2025:
Government Infrastructure at the Breaking Point
Our government systems have reached a critical juncture. The 30-year-old PIV card and CAC systems are good places to start thinking differently about how we can improve the status quo. In 2025, there’s no more kicking this can down the road; modernization is critical as recognized in the recent executive order from former President Biden.
The Death of Passwords
SMS OTP is really bad. It’s been actively exploited by hackers for years, with countless examples of SMS harvesting across the internet. Antiquated security and people buying into those ideas is worse than no security at all. 2025 will be the year passkeys move from buzzword to baseline, not because we want them, but because we absolutely need them. The old authentication playbook isn’t just outdated – it’s dangerous.
The Breach Fatigue Crisis
The breaches are more egregious, they’re more damaging yet appear like the classified ads in the back of a newspaper now, if anybody remembers newspapers. We’ve become numb to it. The numbers don’t lie – breaches are up 30% from last year, but our collective will to address root causes diminishes. Information is currency, and we’re hemorrhaging it as we’ve seen for years in data breach cost studies.
The End of Manual Security
You can look at any major company now – their systems that give us efficiency and openness are great, but they come with massive risks. 2025 will be the year we finally admit that human-scale security is dead. The battle lines are being drawn between those who can automate security at scale and those who will become headlines for their lack of readiness.
The Stakes Have Never Been Higher
The whole point of these systems that we use every day for business or personal use – from banking to healthcare to the defense of the country – is that it is all part of our critical infrastructure now. All of those systems are built on these evolving electronic systems. Every compromised authentication system becomes a potential funding stream for hostile actors. The transformation from cybercrime to nation state tools – as many writers and pundits have been covering for years – has happened under the noses of those not paying attention.
I’ve been singing the same song for a lot of years. But, here’s what makes 2025 different: we’re not playing for table stakes anymore. These aren’t dumpster divers we’re defending against. The scams will continue, and they’re now on a pace and scale we’ve never experienced before.
One prediction I know that I can make with absolute certainty? If we don’t fundamentally change our approach, it’s going to get worse. And that’s not fear-mongering – that’s reality based on decades of watching the same patterns repeat with increasingly devastating consequences.
The question for 2025 isn’t whether we’ll see more breaches – we will. The question is whether we’ll finally do something about it.
