The future of cybersecurity will be characterized by proactivity and the need to anticipate threats, rather than just reacting to them. With new dangers emerging daily, what is at stake is not just data protection but the survival of entire businesses. This is the conclusion of dataRain's cybersecurity expert, Leonardo Baiardi, who highlights the three main cybersecurity trends for 2025: AI integration, cloud security, and cybersecurity as a commodity.
For the specialist, these are just some of the facets of a rapidly changing scenario. Companies that anticipate these trends will be better positioned to face future challenges, as 2025 will be a year of great change, and cybersecurity must be at the center of any organization's priorities that wants to survive in the digital environment.
Baiardi's message is clear: protecting oneself in the digital world has become increasingly complex, and companies that do not keep up with trends risk falling behind. We are experiencing an evolution of discussions already saturated in 2024, which now gain new depth, requiring a more active stance from companies.
AI Integration
Artificial intelligence has already ceased to be a distant promise and is increasingly present in cybersecurity solutions. For Baiardi, the big leap in 2025 will be the shift from a reactive to a preventive model. It's no longer just about detecting and responding to attacks. Cyberattacks nowadays are becoming increasingly sophisticated. There are many zero-day vulnerabilities—those that would not be detected in a "protected" system—that need to be discovered and will cause significant disruption. That's why respondents' toolboxes also need to be more powerful, and AI integration helps a lot with that.
A practical example is the integration of AI into firewalls, which now allows automatic optimizations based on natural language, as well as suggestions for new security rules based on logs generated by the tool itself. Baiardi emphasizes that integrating machine learning into security solutions can identify anomalies and zero-day attacks, which are known to be devastating and unpredictable. "These attacks are usually silent, and depending on the group behind them that executes them, the intent can vary, such as extortion, cyber warfare, industrial espionage, or even between nations. Between 2021 and 2024, we had literally millions of cases where the damage becomes irreversible. With tools that integrate AI, nowadays it is possible to have a greater chance of mitigating the threat before the worst happens," he explains.
Cloud Security
The popularization of the public cloud and SaaS (Software as a Service) solutions requires an adaptation in cybersecurity strategy. Even companies that do not directly use public cloud infrastructure are, in some way, dependent on software based on it. This type of situation opens the door to an attack called "Supply-chain attack," where security ends up being outsourced, as it depends entirely on the SaaS provider. Therefore, the cloud, in addition to its undeniable advantages, also brings significant challenges, such as the need for additional security layers and the adaptation of new governance strategies.
Baiardi emphasizes that protecting these environments should be a priority for any business operating digitally. "The adoption of native cloud application protection platforms (CNAPP) is already and will continue to be essential to ensure security in multicloud environments," he says. The need for constant monitoring and automation of security processes is even more critical for smaller or less specialized teams. "It is no longer possible to ignore this trend. The cloud is here to stay, but it is necessary to know how to protect it properly."
Cybersecurity as a Commodity
Another trend that is expected to intensify in 2025 is the perception of cybersecurity as a commodity. This means that, for many companies, managed cybersecurity services have become standardized products, offered in catalogs of similar options, such as the SOC (Security Operations Center) offering. We are seeing an increasingly competitive market, where the difference between offers is minimal. Possibly, we will see scenarios where the deciding factor will often be the price, and not necessarily the scope of services. We observe a shortage of qualified professionals available in the market; we need to invest in team training. We also need differentiated offers through innovation and efficiency.
The specialist warns that caution is needed when choosing security service providers and highlights the risks of opting for non-customized solutions. Choosing the cheapest solution may seem attractive, but it may not guarantee adequate protection. Each business needs to assess its specific needs and seek partners that offer the best combination of price and security.
Finally, in addition to these three major trends, Baiardi highlights a point that is often overlooked: the role of the human being in cybersecurity. "Let's not forget that the weakest link is still the user," he warns.
For him, amidst technological evolution, training employees and educating them about safe practices remains one of the most important investments companies can make. "Regular training, phishing simulations, and the creation of an internal cybersecurity culture are essential," he concludes.
