This article originally appeared on the DevPro Journal website.
By: Jay McCall
1. Access to capital will remain critical for AI data center development
Tom Traugott, SVP of strategy at EdgeCore Digital Infrastructure:
As an industry, we all understand the importance of data center infrastructure in supporting continued AI innovation and expansion – the latest and greatest GPU chips need a home, and that is the data center. In 2025, whether a veteran or new entrant in the market, raising the necessary capital to design, develop, and operate AI-ready data centers will remain critical to meeting the next phase of growth, especially as requirements continue to get larger and denser. A challenge for new entrants will be to ensure that investors have sufficient confidence in a platform’s track record to provide the necessary capital to guarantee certainty of delivery and execution, not to mention ongoing operations.
This next growth phase will also depend on the development of new power generation, transmission, and distribution in support of data centers, which will only increase with AI. The industry needs to see private capital more meaningfully enter the power generation, utility, and grid reinforcement arena. However, many utilities aren’t structured to make the opportunistic and entrepreneurial investments required as their fiduciary focus to investors since 2000 has been to provide stable dividend growth and protection more so than opportunistic returns.
The easy megawatts have been found and billions of dollars of new investment is needed. Our industry will share those costs, but new sources of risk-taking capital are also required. Next year we will likely see more creative joint ventures, spinoffs emerging from utilities, or more Independent Power Producers (IPPs) emerge to help support continued development. The Liquefied Natural Gas (LNG) and data center industries have found a way to sleeve tens of billions of dollars in recent years to fund long term projects. I’m optimistic that the urgent demands for power growth will see utilities and the power grid find a way as well, but it will require new ventures and structures to do so.
2. AI will help cybercriminals improve their ROI on attacks
Michael Smith, field CTO at Vercara:
Next year, cybercriminals will continue using AI to enhance the effectiveness and scale of their attacks – and they’ll likely reach record levels of ROI. Being able to better adapt messages on the fly and analyzing media and social media trends, attackers will use AI to craft more personalized and convincing phishing and social engineering campaigns, such as through email and text messaging. More people will fall victim to attempts to exploit their trust in colleagues and business leaders in order to compromise sensitive information.
Credential stuffing attempts will also become more sophisticated as AI can be integrated with automated workflow to test stolen login credentials on a much shorter timeline. For example, attackers will impersonate employees through credential stuffing against services like VPNs with an improved success rate if they fall victim to a phishing email.
3. To improve defenses, organizations will turn to the human element of cybersecurity
Carlos Morales, SVP of Solutions at Vercara:
The demand for skilled cybersecurity professionals will continue to impact the industry more significantly in 2025. The core problem is not about unfilled positions that we often hear about – it’s the fact that there aren’t enough entry-level positions, and many companies lack a plan for cultivating the entry-level talent they have.
Fostering talent in 2025 means companies will invest more in internal skills development programs and education across all employees – not just security teams – to ensure alignment on potential risks and protocols while offering more opportunities for upskilling. Large enterprises will partner with STEM-focused universities to cultivate the next generation of professionals. Leading companies will also play an integral role in attracting more professionals through mentorship, internships, and apprenticeships, focusing on retention and improving compensation packages and benefits. These leaders will also prioritize promoting diversity and cybersecurity awareness through various mediums, such as taking part in industry panels, contributing op-eds, and social media.
4. Generative AI will lead to a rise in traditional fraud schemes
Mark Bowling, chief information security and risk officer at ExtraHop:
A new wave of traditional fraud is coming at us full steam ahead. With generative AI easily accessible to hackers, we’re going to see more impersonation tactics posing a huge threat to our society. Hackers are quickly becoming more proficient in identifying vulnerable attack surfaces, and the human element is one of the biggest. For example, we can expect there to be more impersonations of police officers or high-ranking C-suite from Fortune 500 companies being generated by GenAI in efforts to gain access to login credentials, PII and more. As we enter 2025, there will be a bigger emphasis on identity protection measures as we learn to contend with impersonation issues. This means having stronger authentication methods like MFA and IAM tools that check for abnormalities for where and when credentials are being used and what they are trying to access. Leaning into these tools will be critical in combating this new wave of traditional fraud we will likely see ahead.
5. Nation-state ransomware groups targeting U.S. critical infrastructure more than ever before
Mark Bowling, chief information security and risk officer at ExtraHop:
Nation-state ransomware groups are actively targeting our critical infrastructure, and threats will increase in volume and sophistication in 2025. Industries like healthcare will experience heightened risk for potentially devastating attacks driven by escalating geopolitical conflicts across Russia, China, Iran, and North Korea. As ransomware groups gather banks of sensitive information to bolster their operational intelligence base, attacks on critical infrastructure will likely be more effective than ever before.
A degree of a “perception of weakness” in the U.S. is a vital piece of the puzzle behind the increasingly aggressive hacking, advanced persistent threats, and coordinated attacks we’ll likely see next year. The U.S. can’t afford to fall behind in defenses, especially as most of our critical infrastructure is connected to the Internet, making critical industries more susceptible to attacks. More controls must be put in place to prevent perpetration, such as investments in tools that improve visibility.
6. Cyberthreats will force us to rethink our methods
Raja Mukerji, co-founder and chief scientist at ExtraHop:
The ever-changing landscape of cyber threats will push organizations to forgo the fear of potential outcomes and embrace a more confident approach to cybersecurity. Response teams will shift from traditional methods of ‘shutting down’ operations after a breach and, instead, having solutions in place to ensure operational continuity. Cyber teams will explore innovative strategies, such as isolating threats while maintaining operations, which will allow them to minimize disruption and strengthen their cyber resilience in the face of evolving challenges.
7. Managing compliance requirements will become easier
Raja Mukerji, co-founder and chief scientist at ExtraHop:
The rise in ransomware and extortion attacks will push organizations of all sizes to invest in solutions that simplify the process of meeting regulatory requirements. We’ll see organizations take more notice of the legislation, fines, and lawsuits that come with a cyber incident, and businesses will move towards tools rationalization. Solutions and platforms built with proactivity and compliance in mind will unanimously be a more attractive investment. This creates an opportunity for vendors to offer integrated packages that address both regulatory, legal, and cybersecurity needs, making it easier for companies to manage all aspects of their compliance requirements.
