Security experts offer 2025 predictions

YARMOUTH, Maine — 2025 is approaching and that means it’s time again to rev up the prediction engines and speculate about the changes and innovation developing in the coming year. 

Security Systems News (SSN) reached out to and heard from several industry experts to get a lay of the land about what to expect in 2025. 

Class is in session on school security 

ZeroEyes Co-founder and CEO Mike Lahiff is predicting there will be even more school districts and other public spaces adopting AI-based security solutions in 2025, driven by new product innovations and breakthroughs in technology. Schools already spend more than $3 billion a year on security, according to the National Institute of Justice, and Lahiff expects even more spending next year. 

“As the problem of gun-related violence continues in this country, thoughts and prayers just aren't enough,” he said. “There is no 'one size fits all' solution, but a layered security program that includes perimeter security, access control, intrusion detection, and other advanced technologies is proving to be the most effective approach. We are seeing schools, hospitals, houses of worship, commercial businesses, public transit and other organizations increasingly investing in proactive AI-based solutions, and I expect this to continue into next year and beyond.”  

Malware bites 

Cybersecurity will also continue to be a hot button issue in the security industry predicts Jim McGann, vice presidents of strategic partnerships at Index Engines. In 2024, the health care industry was the hardest hit by ransomware attacks, with 18.6% of incidents in the third quarter impacting confidential patient data and operations at these facilities. 

“As ransomware attacks surge, prioritizing data integrity is non-negotiable,” he said. “What we do know is that leveraging AI-powered technologies is key to fortifying cyber resilience. However, while innovation accelerates, many bad actors capitalize on these advancements for financial gain, underscoring the need for enhanced cybersecurity measures. Increased frequency of attacks will force organizations to add cyber resilience to their overall security posture, making data storage and data integrity critical in the recovery phase. Knowing how and what to recover in the event of an attack will be a key focus.” 

Calling to collect 

Mobile security and credentials are also on the minds of experts, says Rocky Cole, a former NSA analyst and currently the COO of iVerify, who points to heightened geopolitical tension going into 2025. Research by iVerify  detected as many as 2.5 infected mobile devices per 1,000 scans, and a survey by digital learning company CyberSmart found that mobile fishing attacks have grown at a consistent rate of 85% annually since 2011.   

“Everyone is worried about TikTok, but what about our phones?” he asked. “We will have no choice but to pay attention to mobile security. Scattered Spider has shown that mobile devices can be used to move laterally in an enterprise setting; however, executing attacks at scale has been difficult because it relies on social engineering. Going forward, the question becomes, what happens if Scattered Spider gets their hands on an NSO-level exploit, and attacks - from credential theft to point-of-sale compromise - can it be done at scale with a single click?” 

He continued, “We’ve already seen the reuse of mobile malware amongst US gov’t adversaries exploiting commercial spyware, and we have to assume mobile exploitation will be an intelligence goldmine for America's adversaries, especially to discern things like plans and intentions, order of battle, etc. Unfortunately, government institutions lack the tools not only to combat this type of exploitation – but also to know if there is a compromise in the first place.”