Auto-translation used

Cybersecurity Agenda 2025: Is business ready for new challenges?

The world is changing rapidly, and cyber threats are also transforming with it. In 2025, information security is becoming a key element of digital sustainability for both private businesses and government agencies. According to Check Point Research, on average, organizations around the world are exposed to more than 1,300 cyber attacks per week, which is 28% more than in 2024.

Current threats of 2025:

  • New Generation phishing: Attackers use generative AI (LLM) models to create personalized emails that cannot be distinguished from real ones.
  • 📌 Software Supply Chain Attacks: penetration through third-party dependencies and automated code assembly processes.
  • Compromise of cloud services: exploits related to incorrect IAM configuration, outdated keys, and lack of multi-factor authentication.
  • Insider Threats: Cases of data leaks and sabotage by employees or contractors continue to grow.

Regulatory landscape and local challenges

Kazakhstan is consistently moving towards the digitalization of the economy. This requires organizations to pay increased attention to cybersecurity and compliance issues. In focus:

  • Bringing protection systems in line with international standards: ISO/IEC 27001:2022, NIST SP 800-53 Rev. 5.
  • Implementation of a systematic approach to information security risk management.
  • Increased control over personal data and information assets, especially given the growing number of online services.

Practical measures to be implemented in 2025:

  • Zero Trust approach — abandoning the model of trust in the internal network. Every access is checked, and every connection is monitored.
  • Multifactor authentication (MFA) is a mandatory element of protection even for internal users.
  • Integration with MITRE ATT&CK — using a taxonomy of tactics and techniques to configure detection and response systems.
  • Centralized logging and monitoring is the use of SIEM systems and behavioral analysis (UEBA) to track anomalies.
  • ✅ Information security audit and vulnerability testing — regular checks of configurations, update management, and access rights.
  • ✅ Staff training — to increase employee awareness of cyber risks and rules for safe work with the IT environment.

🎓 The problem of personnel shortage in information security: a challenge for Kazakhstan

A key barrier to increasing cyber resilience in the region is the lack of qualified specialists. Experts in the following fields are in demand:

  • Incident Analysis (SOC/IR),
  • cloud security,
  • Secure Software Development (DevSecOps),
  • incident investigations (Digital Forensics),
  • and Vulnerability Assessment.

Creating conditions for training and attracting specialists is one of the most important tasks of the digital Kazakhstan ecosystem.

📣 Conclusion

In the context of digital transformation, cybersecurity is not a separate task of the IT department, but a strategic function of the company. Comprehensive information protection, proactive threat response, compliance with standards, and staff training are the foundations of digital resilience.

The Astanahub platform plays an important role in uniting the efforts of the government, business and the scientific community in the development of cybersecurity in Kazakhstan.

#Astanahub #CyberSecurity #Cybersecurity #ZeroTrust #SOC #MITRE #ISO27001 #NIST #Information Security #digitalKZ #Kazakhstan2025 #DevSecOps #CloudSecurity #CyberTrends

Comments 1

Login to leave a comment