Maksim Kabakou - FotoliaOpinionCISOs will face growing challenges in 2025 and beyondFrom Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020sByMike Gillespie and Ellie Hurst, Advent IMPublished: 02 Dec 2024 As artificial intelligence (AI) blurs the line between human and machine attackers, and quantum computing threatens to unravel encryption standards, the challenges facing CISOs in the coming years will be unlike anything weve seen before. Meanwhile, escalating geopolitical tensions are propelling us into a new era of warfare, where state-sponsored cyber attacks have become the weapon of choice for disruption, espionage, and dominance.CISOs will need to safeguard against politically motivated cyber threats that can target critical infrastructure, intellectual property, and sensitive national data while also considering the increase of supply chain attacks and the issue of data sovereignty.The growing complexity of global data privacy laws and the increasing reliance on cloud services will also contribute to the criticality of data sovereignty for CISOs. Countries are enforcing stricter regulations that mandate data be stored and processed within their borders, creating challenges for multinational organisations managing cross-border data flows.So, what other pressing challenges will CISOs grapple with as we enter the latter half of the 2020s?Breach fatigue, the desensitisation caused by the relentless volume of cyber attacks and data breaches, poses a growing challenge for CISOs. It can lead to stakeholder apathy, employee complacency, and reduced consumer trust, making it harder to prioritise critical threats and secure necessary funding. A UK government survey revealed that about half of businesses and a third of charities experienced cyber breaches or attacks in the past year. Notably, 11% of businesses faced attacks weekly or even dailyAI and quantum computing additionally will present major challenges for CISOs by both increasing the complexity of cyber attacks and undermining the effectiveness of existing cyber security defences. AI enables more sophisticated and adaptive attacks, making them harder to detect and defend against, while quantum computing has the potential to break current encryption systems by solving the complex mathematical problems that protect modern cryptographic security. As AI and quantum enters the game for the bad guys because they have serious amounts of money to play with thanks to ransomware, they will ramp up their big game hunting efforts even further.Increasing supply chain complexity and interconnection of third-party suppliers will continue to grow concern for CISOs. As seen in high-profile breaches like SolarWinds Sunburst, attackers can exploit vulnerabilities in trusted suppliers to gain access to organisations. Relating this back to geopolitical tensions, its possible that the nation state attack may get involved with that as well, because if you can find a soft underbelly to gain access to your target or enemy, it is far more efficient than attacking the front gate.In addition to these core challenges, CISOs must also be prepared for the evolution of ransomware, zero-trust adoption (particularly in government and public sector with resource challenges), migration to cloud and the ongoing cyber security talent shortage. To stay ahead, CISOs will need to adopt proactive security strategies, invest in automation and advanced threat detection tools, and encourage a security-first culture across their organisations and departments.In The Current Issue:Computer Weekly announces the Most Influential Women in UK Tech 2024From beauty model to tech role model this years most influential woman in UK techComputer Weeklys Women in UK Tech Rising Stars 2024Download Current IssueAWS re: Invent 2024 - MongoDB charts wider MAAP CW Developer NetworkRisk of Trump and Big Tech deregulation Cliff Saran's Enterprise blogView All Blogs