Identity security predictions for 2025

Welcome to our latest edition of Access Granted Newsletter, our monthly roundup of Identity and security news.?

Today’s topic > Identity security predictions for 2025. Every year brings new and evolving cybersecurity challenges. What should security leaders be prepared for this year? We’ll explore a couple of predictions.

Risks emerging in 2025. Earlier this month, Okta security leaders shared five predictions for Identity-centric attacks in 2025. From device-based attacks making a comeback to an upswing in downgrade attacks, threat actors will double down on what’s been working and experiment with new ways of evading detection and exploiting vulnerabilities.?

Non-human identities and cybersecurity. Non-human identities (NHI) are commonly used in app development, but they can introduce new risks like secret leakage of sensitive data, insecure authentication due to use of outdated authentication mechanisms, and overprivileged NHI that can lead to exploitation of excessive permissions if compromised. To help security professionals understand their non-human attack surface so they can better protect it, the Open Worldwide Application Security Project (OWASP) recently released its Top 10 Non-Human Identity Risks for 2025.?

A new U.S. executive order. At the 11th hour, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity (EO 14028) that aims to shape the cybersecurity landscape in 2025 and beyond. The order lays out requirements to improve threat information sharing between the government and private sector and address new threats developing around AI and quantum computing. To modernize federal government cybersecurity and combat cybercrime, the order prioritizes digital identity initiatives such as phishing-resistant authentication and privacy-preserving digital identity documents like mobile driver’s licenses.?

Deregulation ahead. While cybersecurity is a bipartisan issue, we’ll likely see changes to some aspects of the strategy with the incoming administration. For instance, a new Trump mandate to deregulate could loosen security requirements, creating a more favorable environment for industry while opening the door to new risks that often accompany increased innovation, according to a recent Forbes article.

Here’s how security execs are preparing. To protect your business and your customers in 2025, Thoughtworks CISO Nitin Raina and Head of Security Architecture Nazneen Rupawalla recommend going on offense, investing in security tools, and putting together a team to identify loopholes in your systems before attackers can. Staying abreast of threat intelligence information from governments, non-profits, and peers is another key way to surface new attack vectors and ensure you’re prepared.

The bottom line. There’s a lot on the horizon in the Identity security space, from emerging AI-powered threats to changing regulations. To learn more about the evolution of Identity-based attacks and how best to mitigate them, read our guide on the anatomy of Identity-based attacks.

This newsletter was curated by Camille Rasmussen, Managing Editor at Okta.