Cybersecurity Insights as 2025 Concludes
As the year 2025 draws to a close, the cybersecurity arena reveals a characteristic blend of challenges and opportunities.
Incidents are emblematic of the rapid proliferation of threats across interconnected environments, while thought leaders emphasize the perennial importance of foundational methodologies such as Zero Trust and breach containment.
Concurrently, organizations are reevaluating the synergy required among artificial intelligence, infrastructure, and security teams to maintain resilience.
This month has served as a potent reminder of both the obstacles that lie ahead and the driving forces propelling the cybersecurity sector into 2026.
This month’s report features commentary from leading security experts on a range of topics:
- The latest critical infrastructure cyberattacks in London.
- The persistent obstacles organizations encounter with Zero Trust, fifteen years post-implementation.
- The rapid evolution of AI is surpassing security measures and the imperative for adaptive cyber resilience strategies.
- CRN’s selection of the Women of the Year finalists for 2025.
Cyberattacks on London Councils: Implications for Shared Systems and Supply Chain Vulnerabilities
In a recent article for ITPro, senior journalist Ann-Marie Corvin delves into the implications of a growing cybersecurity incident affecting three adjacent London boroughs: Westminster, Kensington and Chelsea, and Hammersmith and Fulham. The councils, which share several IT functions, acknowledged a cybersecurity concern identified on November 24.
While the complete extent of this incident remains uncertain, the boroughs confirmed that various systems were affected.
However, they could not ascertain the perpetrators or the potential compromise of any data, as IT teams scrambled to implement measures to maintain essential services.
Corvin indicated that preliminary indications suggest a supply chain attack leveraged through shared technological infrastructure.
Many vital entities, such as municipal councils, utilize collective infrastructure models to reduce costs, but unwittingly create single points of failure.
Raghu Nandakumara, Vice President of Industry Solutions at Illumio, underscored a crucial lesson for public sector cybersecurity: cyber resilience hinges on mitigating the effects of inevitable breaches rather than striving to prevent every potential attack.
“Preventing every attack is a lofty goal for stretched councils; instead, long-term strategies should focus on breach containment,” he asserted.
This containment approach is vital to avert catastrophic operational failures, particularly for critical infrastructure sectors.
Corvin highlights the systemic challenges faced by public services, noting that while shared systems enhance efficiency, they also amplify the risk of significant threats when not coupled with robust supply chain safeguards like segmentation.
As investigations progress, the necessity for indomitable shared resilience alongside shared infrastructure becomes increasingly evident.
The Shortcomings of Zero Trust Programs
In a feature on CSO Online, senior writer John Leyden investigates the challenges surrounding the implementation of Zero Trust, despite over a decade of industry advocacy.
Organizations’ struggles are not indicative of confusion over Zero Trust; rather, legacy systems, disjointed tools, and cultural resistance consistently derail these initiatives.
Leyden cites a recent Accenture study revealing that many organizations still grapple with what should form the bedrock of their security framework. He highlights the cultural friction that often stymies efforts to deploy Zero Trust effectively.
George Finney, Chief Security Officer at the University of Texas and a Zero Trust authority, cautions against the pitfalls posed by political silos, which can undermine even the most effectively crafted plans.
Finney posits that successful Zero Trust implementations necessitate education and alignment among all team members. “Each participant must comprehend the principles of Zero Trust, the rationale behind their organization’s pursuit of it, and their individual roles within this framework,” he advised.
Moreover, the rise of AI has further complicated the trajectory of many Zero Trust initiatives, introducing new impediments.
John Kindervag, the Chief Evangelist at Illumio and the originator of Zero Trust, maintains that while AI challenges existing frameworks, it also holds potential as an accelerant for Zero Trust adoption. “AI models can turn into liabilities if not governed by Zero Trust,” he cautioned, noting the threats posed by unprotected AI systems.
“AI models can become a liability if not governed by Zero Trust.”
Simultaneously, he remarked, “effective AI can illuminate high-risk communication patterns, streamlining processes related to labeling and policy enforcement,” facilitating a shift from resilience toward anti-fragility.
Leyden concludes that Zero Trust is not in jeopardy; rather, organizations are faltering due to incomplete strategies and outdated assumptions. The firms that thrive will be those that embrace Zero Trust as a continuous discipline driven by segmentation, visibility, governance, and cultural preparedness.
AI Expansion Outstrips Security Measures: A Call for Enhanced Cyber Resilience Strategies
In a commentary for the Federal News Network, Illumio’s Trevor Dearing addresses pressing concerns animated by today’s cybersecurity landscape.
While the United States is advancing rapidly in AI innovation, the infrastructure underpinning this growth proves ill-suited to handle the resulting pressures and emerging cyber threats.
Dearing positions AI not merely as a technological curiosity but as a foundational economic driver, with the White House’s AI Action Plan underscoring its criticality to U.S. competitiveness, extending across mission operations, public services, and national defense.
However, this acceleration is predicated on fragile, interconnected systems—including energy, water, cloud, and data frameworks—that cybercriminals increasingly target. “The same networks fueling AI advancements are becoming appealing targets for disruption,” he asserted.
To mitigate these risks, Dearing advocates for a focus on increasing visibility and containment rather than solely prevention.
Organizations must achieve real-time insights into the interactivity of systems throughout hybrid multi-cloud environments. Recent research highlights the stakes involved, revealing:
- Over 90% of surveyed organizations reported experiencing at least one security incident involving lateral movement.
- Nearly 40% of east-west network traffic lacks sufficient visibility to identify threats.
In the absence of such visibility, attackers can maneuver stealthily, threatening essential operations. Gaining control hinges upon understanding interdependencies among systems, ensuring that they remain operational, even amid active breaches.
“The same networks driving AI progress are becoming prime targets for disruption.”
Dearing stresses that implementing breach containment via modern micro-segmentation is critical, enforcing least-privilege access, isolating affected workloads, and responding to breaches in real-time. This practice facilitates the ongoing functionality of essential services.
Ultimately, he contends that American AI leadership will hinge upon an integrated approach that aligns innovation with infrastructure security.
Policies, such as the Unleashing Low-Cost Rural AI Act, demonstrate the government’s recognition of AI’s expansion as a national infrastructure challenge.
Nonetheless, successful implementation necessitates a foundational commitment to embedding visibility, segmentation, and recovery protocols in AI systems from the outset.
“Security cannot remain an afterthought in the rush toward innovation,” asserted Dearing. “It must evolve in tandem.”
CRN Honors Illumio’s Jaclyn Woodward as a Finalist for 2025 Women of the Year
CRN has recognized 23 finalists for the Marketing Executive of the Year award, including Jaclyn Woodward, Director of Partner Marketing at Illumio.
In the feature article titled Women Of The Year Finalists: Top Marketers Reveal The Strategies That Defined Them In 2025, Woodward is commended for revolutionizing the marketing strategies employed by Illumio and its partners.
Woodward has spearheaded a transformative shift in partner marketing at Illumio, focusing on alignment, simplification, and sustainable growth for the partner ecosystem.
Her inclusion in CRN’s Women of the Year Awards underscores the significant impact of partner-focused marketing, particularly in this era where security clients demand clarity, collaboration, and measurable value from vendor relationships.
Source link: Illumio.com.
