12 cybersecurity resolutions for 2025

1. Learn whether AI is relevant to your business

The rise of generative AI has been a game-changer for industries across the board, including cybersecurity, but not always for the better. Technology and cybersecurity researcher Erik J. Huffman warns: “With AI, we know it can be extremely helpful, but we’re all kind of holding our breath, wondering how it is going to be used against us. Anything that we’ve developed for good, the attackers are going to just take it and flip it on its head for bad. They’re just a lot more creative than we are on the good guy side.”

Huffman points out an early example of this is WormGPT, and how it’s making coding for threat actors easier. “It’s ChatGPT, but for malicious purposes. It’ll create ransomware for you. It’ll develop malicious code and vulnerabilities for you … it’s taken the job of coding for a threat actor and made it really easy, especially like non-native English speakers, non-native Chinese speakers, or non-native Italian speakers. You can now write a phishing email in whatever language you want, and it’ll read pretty decently.”

His advice for CISOs in the new year is to take the time to figure out if AI is suitable for their business. “Ask yourself, ‘Do you really need it?’ Don’t just follow the trend because everyone else is doing it, and don’t just deploy an AI solution in your organization because the CEO says, ‘Hey we need something AI in here’.”