1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/cybersecurity-in-2025/
2/4/2025 2:56:22 PM
Cybersecurity in 2025
Cybersecurity,2025 Predictions,AI,Crypto
https://news-cdn.moonbeam.co/Cybersecurity-in-2025-App-Developer-Magazine_ozbdme8q.jpg
App Developer Magazine
Cybersecurity in 2025

Security

Cybersecurity in 2025


Tuesday, February 4, 2025

Richard Harris Richard Harris

Timothy Hollebeek of DigiCert predicts that cybersecurity in 2025 will be shaped by advancements in quantum computing and AI. Post-quantum cryptography (PQC) will be vital, AI-powered attacks will rise, and digital trust will be key. Organizations must adopt crypto-agility, automation, and strong leadership.

Timothy Hollebeek shares his insights on the key cybersecurity trends shaping 2025, focusing on the evolving landscape of digital trust and identity. As quantum computing and AI continue to advance, they bring both groundbreaking innovations and new cybersecurity risks. The introduction of Google’s Willow chip signals a new era of quantum technology, accelerating the need for post-quantum cryptography (PQC) to safeguard digital trust. Meanwhile, AI-powered cyber threats are becoming more sophisticated, increasing the urgency for proactive security measures. Leadership in digital trust, including the rise of Chief Trust Officers (CTrOs), will be crucial in navigating these changes. As trust expectations rise and new regulations take effect, organizations must embrace crypto-agility and automation to stay ahead of emerging threats.

What’s in store for digital trust and identity in 2025?

Google’s announcement of its new Willow chip at the end of 2024 marked a milestone in development of quantum computing. Today, a new era of commercially practical quantum technology is in reach. Delivering record-breaking benchmark performance together with dramatically reduced error correction, the new technology already outpaces some of the world’s most powerful classical supercomputers.

More development lies ahead, but it’s expected that commercial quantum computing will soon play a key role in new applications, including AI. Both AI and quantum technology promise to bring major advances to fields like healthcare, financial services, and manufacturing. But they also introduce a new set of challenges for cybersecurity teams.

In this article, we’ll predict how quantum computing, AI, and other trends will redefine cybersecurity in the year ahead, and explore what you can do about them.

Mitigating post-quantum and AI-powered threats

Evan as post-quantum computing technology has evolved, 2025 will be the year that post-quantum cryptography (PQC) steps into the spotlight. That’s because the same advances that power quantum computers will also be capable of breaking the cryptographic algorithms that form the basis of digital trust and identity. As the awareness of emerging threats grows, we’ll start to see PQC progress from long-term planning on IT roadmaps to actively deployed, fully operational solutions.

Security standards bodies and government agencies are already doing their part to move the process forward. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has released its first three finalized, post-quantum encryption algorithms, designed to withstand attacks from a quantum computer. The U.S. National Security Agency (NSA) is also providing releases ‘post-quantum’ guidance for national security system owners, operators and vendors, and will soon CNSA 2.0 algorithms for vital NSS networks.

As the rollout of PQC gains momentum, more robust encryption will begin making its way into applications, hardware security modules (HMSs), and other elements of digital trust.

AI technology brings its own distinct challenges as well. For example, software development is a key use for AI, empowering coders with suggestions and best practices that meet their requirements. But the same efficiencies that AI gives developers working with legitimate applications could also put cyberattacks within reach for malicious activities. In the coming year, we could see a surge in new, more sophisticated attacks like phishing. Using AI capabilities like advanced language models, bad actors could mimic human communication more quickly, easily, and accurately.  This could make phishing campaigns more personalized and targeted, and make unsuspecting victims more likely to click on suspect links.

AI could also arm cybercriminals with automation capabilities that make their attacks easier to scale, so they can reach more targets and increase their rate of success.

Leadership and crypto-agility will become board-level priorities

New PQC algorithms and other technologies provide a strong foundation for strengthening security and trust, but to be effective, they need to be backed by strategic leadership and an effective corporate culture.

In the year ahead, the position of Chief Trust Officers (CTrOs) will become more prominent in more organizations. For years, digital trust has been table stakes in customer relationships and core business and legal processes. As digital transformation accelerates, companies are understanding the need for a focused, dedicated leader at the boardroom level who will take ownership of security digital experiences, digital privacy, and ethical use of AI technology. Digital trust is becoming a top imperative for today’s companies as they content with new cybersecurity threats and changing compliance regulations, and the leadership of CTrOs will be essential.

To support these efforts, corporate culture will need to evolve as well, moving forward on the journey toward crypto-agility. With post-quantum threats on the horizon, organizations will require security systems that provide visibility into all of their cryptographic assets, and empower them to rapidly update encryption mechanisms at scale.

One process that will see immediate benefits from improved crypto-agility is certificate management. The lifetime of public SSL/TLS certificates has been steadily growing shorter, and Apple recently proposed reducing their validity to just 45 days by 2027 at a CA/Browser (CA/B) forum meeting. These changes are intended to reduce the risks of longer cert lifetimes, but they will also drive organizations to utilize more automation for web PKI. Certificate automation is a key pillar of crypto-agility, and the need to update vast numbers of certificates more frequently will drive organizations to become more automated.

Trust expectations will continue to rise

People are becoming more aware of the importance of digital trust, even as cybersecurity challenges grow. Last year’s CrowdStrike outage put digital trust in the headlines, and vividly demonstrated the need for improved testing of large-scale software updates. Users will want assurance that their software, its updates and patches not only work properly, but are fully secure.

For IoT uses cases like manufacturing and self-driving cars, which depend on over-the-air (OTA) software updates, physical safety can be at stake. Device manufacturers and software companies will need to strengthen their measures to ensure end-to-end digital trust, and share their efforts with consumers to give them confidence and reassurance.
In the E.U., new regulations like the Cyber Resilience Act are driving IoT manufactures to ensure that digital products apply a comprehensive approach to cybersecurity.

Cybersecurity in 2025: Getting proactive about the challenges ahead

Like 2024, the coming year will be a year of accelerated change, and it’s up to cybersecurity leaders to stay prepared. Taking some basic steps in advance, such as conducting an inventory of all cryptographic assets in use within your organization, can help you build insight into which devices and processes in your organization pose the most risk, and require the earliest attention. With holistic strategy, a qualified technology partner, and focused leadership, 2025 promises to be a year of opportunities instead of security worries.

About Timothy Hollebeek

Timothy Hollebeek has 20+ years of computer security experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He remains heavily involved as DigiCert’s primary representative in multiple industry standards bodies, including the CA/Browser Forum, striving for improved information security practices that work with real-world implementations. A mathematician by trade, Tim spends a lot of time considering security approaches to quantum computing.


Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here