Experts weigh in on AI-driven threats, evolving regulations and strategies for a secure and adaptable future.
As the Canadian Cybersecurity Network (CCN) looks ahead to 2025, the landscape of cybersecurity is both daunting and filled with opportunities for growth and innovation. With the rapid digitization of industries and an increasingly interconnected world, the stakes have never been higher.
Recommended Videos
To get a sense of what lies ahead, we reached out to some of Canada’s foremost cybersecurity leaders, each offering a unique perspective on how businesses, governments and individuals should prepare for the challenges ahead.
Alon Goldberg, VP security architecture at ION United, is unequivocal in his view that Bill C-26, slated to take effect in 2025, will be a game-changer for operational technology (OT) cybersecurity.
“This legislation is going to force organizations to treat cybersecurity as a non-negotiable priority, particularly when it comes to protecting critical infrastructure,” he told CCN.
He emphasized that the new regulations will not only strengthen defenses but also encourage collaboration between industries and the government – a crucial step as Canada navigates an increasingly digital world.
“With so much of our economy dependent on secure systems, this is Canada stepping up to meet the demands of a more connected future,” he added.
Collaboration and stricter regulatory oversight, Goldberg believes, are essential as the risks tied to digital systems grow. His message to Canadian organizations? Be prepared for a regulatory environment that won’t tolerate lax cybersecurity practices.
But regulation alone won’t protect businesses. According to Nick Scozzaro, CEO at ShadowHQ, the focus must shift to incident preparedness.
“The top security project for businesses in 2025 should be enhancing their ability to prepare for, respond to and recover from cyberattacks,” he said. For Scozzaro, it’s no longer a question of if an organization will face an attack but rather when.
He pointed out that a lack of preparation can exacerbate the impact of even a minor breach, leading to lost revenue, reputational damage and legal fallout.
“Organizations need comprehensive incident response plans that aren’t just written documents collecting dust,” he explained. “These plans need to be tested regularly with tabletop exercises and updated based on real-world incidents.”
In Scozzaro’s view, a culture of cybersecurity preparedness must permeate every level of a business. “Cybersecurity is a company-wide responsibility,” he insisted.
With geopolitical instability and market volatility continuing into 2025, Scozzaro believes that resilience is key to navigating the risks ahead.
Robert Falzon, Head of Engineering at Check Point Canada, highlights the dynamic and complex environment that the integration of artificial intelligence (AI) will create in cybersecurity.
“Organizations will need to adapt quickly, leveraging AI for defense while also preparing for increasingly sophisticated AI-powered threats,” he told CCN.
Falzon predicts several key developments in the 2025 cybersecurity landscape:
- Democratization of Cyber Threats: Advanced AI tools will lower the barrier to entry for less skilled attackers, leading to an increase in both the number and sophistication of cyber threats.
- Expanded Attack Surface: The widespread adoption of AI will expand the attack surface, particularly in software supply chains. Maintaining the integrity of datasets and understanding the nature and provenance of AI models will become crucial challenges for individuals and businesses alike.
- New Skills Needed: Education and the adoption of new skills will become necessary. Falzon notes that Check Point has received numerous inquiries from young professionals eager to specialize in AI-driven cyber defenses. This evolving landscape will create demand for new roles such as AI security ethicists, machine learning defense specialists and experts in optimizing AI-driven security processes.
- The Human Element: Government support for public awareness and education is essential, especially for young people. “Children need to be armed with a better understanding of the risks and necessary precautions needed in their perpetually connected lifestyles,” Falzon emphasized.
He underscored that education will be a key component in the success of organizations looking to select robust AI solutions to defend themselves in this new landscape.
One area where attackers are evolving rapidly is their methods of initial access.
Paul Haynes, president & COO of eSentire, explained to CCN that cybercriminals are becoming adept at exploiting employees through malicious internet lures.
“Email defenses have hardened, so threat actors are now targeting broader internet vulnerabilities like fake job offers, fake browser updates, SEO poisoning and malvertising,” he said. These tactics are not only effective but also hard to detect, posing a growing risk to organizations.
In addition to these evolving methods, Haynes warned of a continuing reliance on stolen credentials as a means of gaining unauthorized access. “When attackers have valid credentials, they can move through systems undetected, enabling ransomware attacks or business email compromises,” he explained.
Haynes emphasized the need for enhanced monitoring and employee training to mitigate these risks.
“In 2025, organizations must assume their employees will be targeted and take proactive measures to address these vulnerabilities,” he urged.
Artificial intelligence is both a blessing and a curse for cybersecurity teams. Jim Langedyk, Canada GM of SentinelOne, shared his thoughts with CCN on how AI will continue to shape the cybersecurity landscape.
“AI is transforming business operations, but it’s also radically altering the threat landscape,” he said. While AI allows businesses to detect and prevent threats with unprecedented speed, it also equips attackers with tools to launch sophisticated, high-speed attacks.
“We’re entering an era where defenders and attackers are leveraging the same technology,” Langedyk observed.
He acknowledged that the persistent shortage of cybersecurity talent will make it challenging for organizations to stay ahead, but AI offers a potential solution. “AI can autonomously detect and prevent threats, helping businesses protect a broader range of assets,” he explained.
Langedyk believes that many organizations will invest heavily in AI to strengthen their security posture in 2025.
For Rajesh Murthy, CEO of Gapask, the focus for 2025 lies in three critical areas.
First, he sees a growing need for organizations to adopt holistic security measures, particularly zero-trust architecture and supply chain resilience. “It’s not enough to patch holes anymore,” he told CCN. “Organizations need to view cybersecurity as an enterprise-wide strategy.”
Second, Murthy emphasized that ransomware is here to stay, shifting the focus from prevention to recovery. “A breach is going to happen whether we want it to or not,” he explained. “The question is whether your organization can recover quickly and effectively.”
Finally, Murthy stressed the importance of trust. “In the age of AI and constant uncertainty, trust – whether with clients or the public – will be the most valuable asset,” he said.
For businesses to thrive in a volatile, uncertain, complex, and ambiguous (VUCA) world, reliability and security will be essential.
Operational resilience, not just cybersecurity, is the ultimate goal, according to Rod Labbe, CEO & CISO in Residence at Mining and Metals ISAC.
“Organizations need to move beyond traditional cybersecurity,” he explained. “It’s not a matter of if a compromise will happen but when. The question is whether your business can keep operating without missing a beat.”
Labbe’s perspective highlights a shift in mindset that many organizations need to adopt. It’s no longer enough to aim for perfect prevention; businesses must prepare to withstand and recover from attacks while maintaining core operations.
Finally, Sean Jennings of CIM Solutions raised concerns about trends within the cybersecurity industry itself. He noted that price wars among vendors could lead to lower-quality solutions, leaving businesses vulnerable.
“There’s a danger in this race to the bottom,” he said.
On the other hand, Jennings pointed out that insurance companies are helping to drive higher cybersecurity standards. “Insurers are increasingly demanding fully managed security solutions as a prerequisite for coverage,” he explained. This trend is both good and bad, as many companies are buying solutions to satisfy an insurance need, not always a business need.
As we step into 2025, the Canadian Cybersecurity Network sees a landscape that demands resilience, adaptability, and collaboration. From stricter regulations to AI-driven solutions and evolving threats, the message from Canada’s cybersecurity thought leaders is clear: success in this hostile digital environment requires businesses to think holistically, prepare relentlessly and invest in innovative technologies.
The stakes are high, but with foresight and collaboration, Canada is well-positioned to rise to the challenge.
