# 2 Arrival of the quantum leap
Previous estimates suggest that where a digital machine would take 300 trillion years to crack 2-megabit RSA encryption , a 4,099-qubit quantum computer would only need 10 seconds . This post-quantum reality could be with us by the early 2030s , so we will continue to see individuals and organisations urge action on this critical future problem because of the implications it has for societies .
We could see critical-infrastructure organisations , such as regional banks , telcos and government agencies , form exploratory committees to examine NIST ’ s post-quantum encryption standards . These will be important first steps on the long road to adoption , a road that is likely to be signposted with many new regulatory standards built around postquantum cryptography .
# 3 Expect to see fire sale of obsolete PCs in 2H 2025
October 2025 will see end-of-life announcements for Microsoft Windows 10 . Only the most recent machines , those that have both Secure Boot and TPM , trusted platform module will be eligible for Windows 11 upgrades , meaning everyone else will lose access to updates , including security patches .
If this sounds like a recipe for vulnerability that is because it is .
Expect to see a fire sale of obsolete PCs in the second half of 2025 . The forced obsolescence will be good news for the hardware market , however , especially ARM , which will see a volume shift to its mobile-friendly processors . Alternative OSes like Linux and Ubuntu will also benefit from organisations trying to minimise replacement costs .
# 4 Merging fake and real personas
Breach data repurposed to create fake online personas . It is a new approach to identity theft called reverse identity theft , in which an identity is linked to another without the knowledge of the legitimate party . Campaigns are already underway to merge fictitious data with legitimate data , especially where names are common . We can expect this to escalate in 2025 .
# 5 Fake employees and shadow workers
With its large expat populations , the GCC may come to experience overemployment , with residents taking on multiple remote jobs . While many regional employment contracts explicitly prohibit it , the workers that choose to operate this way will be tempted to outsource some of their workload to AI . This is likely to occur under the employer ’ s radar and may include the creation of fake employees .
Such moonlighting will give rise to more shadow IT and all the security implications it implies , as well as legal issues surrounding content creation that failed to observe risks such as plagiarism .
# 6 Point solutions still in favour
Cybersecurity investments will continue to favour multiple point solutions that do not play well together . This will lead to detrimental effects on reporting and visibility , and security teams will bear the brunt , more gaps , more vectors , more paths to privilege .
Threat actors are not waiting . They are not trend-watching . They are creating the trends . Defenders must create some trends of their own or invite disaster .
Cybersecurity investments will continue to favour multiple point solutions that do not play well together leading to detrimental effects on reporting and visibility .
AI will impact CISO ’ s role and capabilities in years ahead
As 2025 dawns , the CISO must question the status quo and ask themselves how things need to change in the coming year . Is AI a risk that requires a new security strategy ? Could it also be the answer to facing down a threat landscape that is scaling up in terms of both volume and stealth capabilities ? Would AI play the role of traffic police officer , analyst , auditor , advisor ? And what of the human factor ? Will AI replace security professionals or augment their efforts ?
# 1 Increasing use of AI will not alter basic cybersecurity strategies
Consider that AI models consist of opensource and first-party code deployed on premises , in the cloud , or both . Infrastructure , software-pipeline , and supply-chain security practices still apply . So again , the question is , do we really need a complete security rethink ?
My recommendation is that security teams proactively address these evolving threats by developing robust threat models and establishing guardrails secure by default solutions . The key challenge lies in balancing the desire for rapid digital transformation with the imperative of safeguarding enterprise assets against potential AI-related abuses .
INTELLIGENT TECH CHANNELS 43