AI-Driven
Cybersecurity Paradigm Transformation
Jaekown Son , Founder & CEO, The Miilk
AI drives cybersecurity’s shift from defense to resilience.
The cybersecurity landscape in the first half of 2025 has demonstrated unprecedented dynamism and unpredictability. AI is being weaponized to sophisticate malware creation, phishing attacks, and social engineering techniques, while simultaneously revolutionizing defensive systems through threat detection, analysis, and automated response capabilities. AI has become both spear and shield.
This carries profound implications: cybersecurity is now transitioning from a 'technology vs. technology' competition between nations and enterprises to an 'intelligence vs. intelligence' warfare paradigm.
Against this backdrop, the limitations of traditional security models have become starkly apparent. Conventional approaches that distinguished between external and internal networks, assuming internal network safety, are no longer viable against intelligent threats. Zero Trust architecture has emerged as a practical alternative, gaining widespread adoption under the principle of "never trust, always verify."
The cybersecurity paradigm of 2025 is shifting from 'defense-centric' to 'resilience-centric.' Operating under the premise that perfect defense is impossible, an organization's survival now depends on its core capability to rapidly detect, isolate, and recover from breaches when they occur.
01 Global Market Scale and Growth: Google's Largest M&A Ever Emerged from Cybersecurity
The global cybersecurity market is projected to maintain robust growth through 2025. According to major market research institutions, the 2025 market size is estimated between $215 billion and $301.9 billion, reflecting strong demand for cybersecurity measures driven by persistent increases in data breaches, hacking, and cybercrime, alongside deepening dependence on digital systems and networks.
Notably, market growth rates are exceeding threat increase rates, indicating organizations are shifting investment patterns from 'reactive security' to 'proactive security.' Particularly, growth rates in AI, Zero Trust, and cloud security sectors significantly outpace overall market growth, confirming that technological innovation is the key driver of market expansion.
Investment enthusiasm in cybersecurity during the first half of 2025 has entered a consolidation phase, yet interest in companies with innovative technologies and high growth potential continues.
Google's acquisition of cybersecurity startup Wiz for $32 billion represents a prime example. This merger marked Google's largest acquisition in its history.
Additionally, Palo Alto Networks acquired AI security specialist ProtectAI for approximately $500 million last month, while Fortinet acquired Israeli SaaS security startup Suridata this month. Fortinet has been accelerating M&A activities, having acquired three security companies last year.
The announcement of these M&As signals market consolidation is gaining momentum. This carries dual significance: first, rapid technological advancement makes it difficult to maintain competitiveness through internal R&D alone; second, customer preference for integrated platforms is reducing survival space for point solutions.
However, examining Q1 2025 data overall, while investment volume increased, average investment amounts decreased. This indicates investors are pursuing diversified investments in companies with proven technologies and clear market positioning rather than seeking 'home run' companies. Interest is particularly heightened in specialized fields such as AI/LLM security, quantum security, and OT/ICS security.
02 2025 First Half Major Cyber Incidents: Cybersecurity Trends Analysis
The first half of 2025 vividly demonstrated that AI-based cyber threats have transcended mere possibilities to become realities directly impacting our lives and businesses. AI-weaponized attacks, supply chain vulnerability exploitations, and attacks targeting trusted service platforms themselves have aroused global alarm due to their reach and severity.
CrowdStrike's '2025 Global Threat Report' released in June 2025 illustrates the scale and severity of these changes through concrete figures. The report tracked over 250 attack groups and 140 new activity clusters, with China-linked adversary cyber operations increasing by 150% and generative AI-based social engineering attacks surging dramatically.
These trends are expected to persist beyond the first half of 2025 through 2026-2027.
2-1. AI Transforms Cybersecurity Landscape
Retail is a cornerstone of the global economy, encompassing everything from sprawling big-box chains to neighborhood convenience stores. As a multi-trillion-dollar industry, it impacts nearly every consumer and touches a broad range of sectors. In the United States alone, retail is one of the largest industries in terms of both revenue and employment, underscoring its vital role in everyday life. Globally, retail spans a vast diversity of categories—from groceries and fashion to e-commerce and automotive. The rise of artificial intelligence (AI) has further intensified the complexity and dynamism of this landscape.
- Generative AI Weaponization Reality
As confirmed in the CrowdStrike report, criminal groups like Curly Spider, Chatty Spider, and Plump Spider are systematically utilizing AI-enhanced social engineering techniques. They have maximized the efficiency of social engineering attacks that were previously manual processes by automating personalized attacks at scale through AI.
- National AI Utilization Pattern Analysis
Iran-linked threat actors particularly engaged actively in AI-powered vulnerability research, exploit development, and domestic network patching in 2024, aligning with government-led AI initiatives. This suggests AI technology is being systematized as national-level cyber warfare capabilities beyond individual hacker groups.
The most notable change with AI's full emergence is attack 'weaponization speed.' Average cyberattack time decreased 22% from 62 minutes to 48 minutes, with the fastest attack occurring in just 51 seconds. This signifies that traditional 'detect and respond' approaches can no longer cope with the current era.
Notably, AI-generated deepfake voices and forged digital credentials successfully bypassed multi-factor authentication systems. This demonstrates that traditional MFA cannot be a complete solution against AI-based attacks. Future authentication systems must integrate more sophisticated mechanisms like behavioral biometrics and continuous authentication.
At RSA Conference 2025, the world's largest cybersecurity conference, 'Agentic AI' emerged as the most prominent trend. AI agents that autonomously judge and act can perform more proactive defensive activities, such as automatically conducting red team activities or autonomously addressing compliance gaps. AI is moving beyond merely detecting known threats to predicting attacker behavior patterns and intentions, proactively blocking future attacks.
The key to victory in the AI arms race is 'adaptability,' not 'speed.' Rather than keeping pace with attackers developing new AI techniques, building 'meta-AI' systems that can rapidly learn and adapt to any new attack is more crucial.
2-2. Supply Chain Attacks: Shaking Trust Foundations
In business environments where software and services are delivered through complex networks of multiple components and partners, supply chains have become highly attractive targets for attackers. A single point penetration can cause cascading damage to multiple organizations.
The Change Healthcare ransomware incident that occurred in February 2024 and completed data review in January 2025 demonstrates the massive impact supply chain attacks can have. Change Healthcare was attacked by the BlackCat (ALPHV) ransomware group in February 2024. Hackers successfully infiltrated by exploiting insufficient multi-factor authentication in Change Healthcare's Citrix remote access system. The attack resulted in theft of approximately 6 terabytes of data, causing numerous pharmacies and hospitals across the US to suspend medical billing processing systems, leading to situations where patients had to pay full medication costs.
The true lesson from this incident is the danger of 'single points of failure.' Because Change Healthcare played a central role in the US healthcare system, a single supplier breach led to nationwide healthcare service paralysis. This reconfirmed the importance of 'decentralization' and 'redundancy' in critical infrastructure sectors.
2-3. The Reality of AI-Based Attacks: Intelligent Threats Striking Financial and Healthcare Industries
A particularly shocking case involved the use of AI-generated deepfake technology to impersonate a CFO during a video conference call. In this incident, attackers used deepfake audio and video technology to perfectly replicate the appearance and voice of a company's CFO, successfully deceiving finance team members during a video conference and inducing them to transfer $25 million to attacker-controlled accounts.
This incident transcended mere technical achievement, representing sophisticated psychological warfare exploiting human cognitive vulnerabilities. Attackers eliminated room for suspicion and induced immediate action by perfectly recreating the appearance of colleagues the victims normally trusted. This suggests future cybersecurity must encompass not only technical defenses but also cognitive security.
2-4. Geopolitical Conflict Expansion into Cyberspace: Increased Aggressive Activities by China and North Korea
In the first half of 2025, nation-state attack group activities increased to unprecedented levels, establishing cyberspace as a new battlefield. The CrowdStrike report reveals the concrete reality of these changes.
China-linked cyber espionage attacks increased 150% year-over-year, with financial, media, and manufacturing sectors experiencing up to 300% surges. CrowdStrike discovered seven additional new China-linked hacking groups last year alone.Clear strategic intent is evident in China-linked threat actors' target selection. Concentrated attacks on critical industry sectors (up to 300% increase) are interpreted as systematic industrial espionage activities aimed at securing economic and technological advantages beyond simple information gathering. This demonstrates cyberattacks being utilized as new tools of economic warfare.
North Korea-linked threat group Famous Chollima led 304 cyberattacks last year, with 40% being insider threat attacks. They bypassed security systems through sophisticated methods of disguising as legitimate employees to access corporate systems before conducting malicious activities.
North Korea's insider threat tactics fundamentally differ from traditional insider threats. Rather than exploiting actual insider grievances or financial motivations, this is a 'fake insider' tactic involving malicious infiltration from the outset. This suggests fundamental review of recruitment processes is necessary.
03 2025-2026 Cybersecurity R&D Trends
3-1. Zero Trust Becomes the New Normal
Accelerated transition to cloud computing environments, widespread adoption of remote and hybrid work formats, and increased AI-based intelligent threats have signaled the end of traditional perimeter-based security models. The core principle of Zero Trust, "Never Trust, Always Verify," has established itself as the fundamental security paradigm all enterprises and organizations must pursue.
The traditional 'Castle and Moat' model that trusted network perimeter interiors while defending only against external threats is no longer effective. Recognition is spreading that all users, devices, applications, and network traffic must be considered potential threats requiring thorough verification.
Zero Trust transcends simply adopting specific technologies or products, representing a 'strategic framework' that changes organizations' fundamental security philosophy and approach. Therefore, successful Zero Trust implementation requires not only technical elements but also organizational culture change, close inter-departmental collaboration, and clear responsibility establishment.
Zero Trust has moved beyond theoretical concepts to become a practical security strategy actively adopted by many enterprises and institutions. According to one survey, approximately 63% of companies have already begun deploying or are pursuing implementation of some form of Zero Trust security model.
Energy management and automation solution specialist Schneider Electric has also adopted Zero Trust as its core security philosophy, particularly focusing on strengthening OT system cybersecurity.
At RSA 2025's "Cybersecurity tone at the top" session, discussions emphasized that Zero Trust is not just an IT department challenge but a change management project requiring enterprise-wide understanding and active participation from business departments and executives. Technology adoption alone has limitations; continuous communication and education are crucial to minimize internal member resistance or work inconvenience that may arise during the transition from trust-based to verification-based work methods.
3-2. Post-Quantum Cryptography(PQC) Implementation Becomes Urgent Priority
Quantum computer development holds potential to drive scientific and technological innovation while simultaneously posing serious security threats by potentially neutralizing most public key cryptographic systems currently in use. The first half of 2025 saw accelerated global preparation for Post-Quantum Cryptography (PQC) implementation to address these quantum computing threats.
Quantum computers use quantum bits called qubits to process information in fundamentally different ways from conventional computers. When such computers achieve sufficient scale and stability, they can rapidly decrypt public key cryptographic algorithms like RSA and ECC (Elliptic Curve Cryptography) currently used extensively in internet banking, e-commerce, and data encryption through algorithms like Peter Shor's 'Shor's Algorithm' published in 1994. This represents a serious threat to the foundation of global digital communication and data security.
China and several other countries are investing massive funds in quantum computer technology development, raising concerns that practical quantum computer emergence may be faster than expected. Moreover, if attackers' 'Harvest Now, Decrypt Later' scenario materializes - collecting large amounts of current encrypted communications or stored data and using future commercialized quantum computers to decrypt past data - confidentiality of sensitive information requiring long-term storage could be severely compromised.
To address these threats, the US National Institute of Standards and Technology (NIST) has been working since 2016 with cryptographers worldwide to develop and standardize new cryptographic algorithms difficult to decrypt even with quantum computers - Post-Quantum Cryptography (PQC). As of the first half of 2025, NIST's PQC standardization has shown considerable progress.
NIST, the US National Institute of Standards and Technology established in 1901 under the Department of Commerce, clearly stated through internal report IR 8547 plans to phase out currently widely used cryptographic keys and quantum-vulnerable cryptographic algorithms (RSA, ECDSA, Diffie-Hellman, etc.). According to this plan, these algorithms are recommended for deprecation by 2030 and will be disallowed by 2035. This strongly suggests enterprises and institutions must recognize PQC transition as an urgent task that can no longer be postponed.
04 Conclusion Navigating the Intelligence vs. Intelligence Era
The first half of 2025 has definitively established cybersecurity as a battle of intelligences rather than technologies. Organizations that successfully navigate this transformation will share common characteristics: adaptive AI-driven defenses, resilient architectures that assume breach, and integrated security platforms spanning all attack surfaces.
The evidence from CrowdStrike's comprehensive threat intelligence, combined with real-world incidents across all sectors, demonstrates that traditional security models are not merely inadequate—they are obsolete. The 442% increase in AI-powered voice phishing, 48-minute average attack times, and sophisticated nation-state operations require fundamentally new approaches to cybersecurity.
Success in this new era demands more than technological solutions. It requires organizational transformation, cultural change, and strategic thinking that acknowledges cybersecurity as a business-critical function rather than a technical afterthought. Organizations must invest not only in technology but in people, processes, and partnerships that enable rapid adaptation to evolving threats.
As we look toward 2026 and beyond, the organizations that thrive will be those that embrace the intelligence vs. intelligence paradigm, implementing adaptive, AI-driven security operations while maintaining the human expertise necessary for strategic threat analysis and response. The future of cybersecurity lies not in perfect defense, but in intelligent resilience.
Key Recommendations for Organizations
1. Accelerate Zero Trust Implementation: Move beyond pilot programs to enterprise-wide Zero Trust architectures with identity-centric security models.
2. Invest in AI-Driven Security Operations: Deploy behavioral analytics, automated threat hunting, and orchestrated response capabilities to match attack speeds.
3. Prepare for Post-Quantum Cryptography: Begin inventory of cryptographic implementations and develop migration strategies for quantum-resistant algorithms.
4. Build Resilient Architectures: Design systems assuming compromise, with focus on rapid detection, containment, and recovery capabilities.
The cybersecurity transformation of 2025 represents both unprecedented challenge and extraordinary opportunity. Organizations that recognize this inflection point and act decisively will not only survive the intelligence vs. intelligence era—they will thrive in it.
© STK. All rights reserved. Unauthorized reproduction, distribution, modification, or commercial use of this content is strictly prohibited and may result in civil or criminal liability under applicable laws.
AI-Driven
Cybersecurity Paradigm Transformation
Jaekown Son , Founder & CEO, The Miilk
AI drives cybersecurity’s shift from defense to resilience.
The cybersecurity landscape in the first half of 2025 has demonstrated unprecedented dynamism and unpredictability. AI is being weaponized to sophisticate malware creation, phishing attacks, and social engineering techniques, while simultaneously revolutionizing defensive systems through threat detection, analysis, and automated response capabilities. AI has become both spear and shield.
This carries profound implications: cybersecurity is now transitioning from a 'technology vs. technology' competition between nations and enterprises to an 'intelligence vs. intelligence' warfare paradigm.
Against this backdrop, the limitations of traditional security models have become starkly apparent. Conventional approaches that distinguished between external and internal networks, assuming internal network safety, are no longer viable against intelligent threats. Zero Trust architecture has emerged as a practical alternative, gaining widespread adoption under the principle of "never trust, always verify."
The cybersecurity paradigm of 2025 is shifting from 'defense-centric' to 'resilience-centric.' Operating under the premise that perfect defense is impossible, an organization's survival now depends on its core capability to rapidly detect, isolate, and recover from breaches when they occur.
01 Global Market Scale and Growth: Google's Largest M&A Ever Emerged from Cybersecurity
The global cybersecurity market is projected to maintain robust growth through 2025. According to major market research institutions, the 2025 market size is estimated between $215 billion and $301.9 billion, reflecting strong demand for cybersecurity measures driven by persistent increases in data breaches, hacking, and cybercrime, alongside deepening dependence on digital systems and networks.
Notably, market growth rates are exceeding threat increase rates, indicating organizations are shifting investment patterns from 'reactive security' to 'proactive security.' Particularly, growth rates in AI, Zero Trust, and cloud security sectors significantly outpace overall market growth, confirming that technological innovation is the key driver of market expansion.
Investment enthusiasm in cybersecurity during the first half of 2025 has entered a consolidation phase, yet interest in companies with innovative technologies and high growth potential continues.
Google's acquisition of cybersecurity startup Wiz for $32 billion represents a prime example. This merger marked Google's largest acquisition in its history.
Additionally, Palo Alto Networks acquired AI security specialist ProtectAI for approximately $500 million last month, while Fortinet acquired Israeli SaaS security startup Suridata this month. Fortinet has been accelerating M&A activities, having acquired three security companies last year.
The announcement of these M&As signals market consolidation is gaining momentum. This carries dual significance: first, rapid technological advancement makes it difficult to maintain competitiveness through internal R&D alone; second, customer preference for integrated platforms is reducing survival space for point solutions.
However, examining Q1 2025 data overall, while investment volume increased, average investment amounts decreased. This indicates investors are pursuing diversified investments in companies with proven technologies and clear market positioning rather than seeking 'home run' companies. Interest is particularly heightened in specialized fields such as AI/LLM security, quantum security, and OT/ICS security.
02 2025 First Half Major Cyber Incidents: Cybersecurity Trends Analysis
The first half of 2025 vividly demonstrated that AI-based cyber threats have transcended mere possibilities to become realities directly impacting our lives and businesses. AI-weaponized attacks, supply chain vulnerability exploitations, and attacks targeting trusted service platforms themselves have aroused global alarm due to their reach and severity.
CrowdStrike's '2025 Global Threat Report' released in June 2025 illustrates the scale and severity of these changes through concrete figures. The report tracked over 250 attack groups and 140 new activity clusters, with China-linked adversary cyber operations increasing by 150% and generative AI-based social engineering attacks surging dramatically.
These trends are expected to persist beyond the first half of 2025 through 2026-2027.
2-1. AI Transforms Cybersecurity Landscape
Retail is a cornerstone of the global economy, encompassing everything from sprawling big-box chains to neighborhood convenience stores. As a multi-trillion-dollar industry, it impacts nearly every consumer and touches a broad range of sectors. In the United States alone, retail is one of the largest industries in terms of both revenue and employment, underscoring its vital role in everyday life. Globally, retail spans a vast diversity of categories—from groceries and fashion to e-commerce and automotive. The rise of artificial intelligence (AI) has further intensified the complexity and dynamism of this landscape.
- Generative AI Weaponization Reality
As confirmed in the CrowdStrike report, criminal groups like Curly Spider, Chatty Spider, and Plump Spider are systematically utilizing AI-enhanced social engineering techniques. They have maximized the efficiency of social engineering attacks that were previously manual processes by automating personalized attacks at scale through AI.
- National AI Utilization Pattern Analysis
Iran-linked threat actors particularly engaged actively in AI-powered vulnerability research, exploit development, and domestic network patching in 2024, aligning with government-led AI initiatives. This suggests AI technology is being systematized as national-level cyber warfare capabilities beyond individual hacker groups.
The most notable change with AI's full emergence is attack 'weaponization speed.' Average cyberattack time decreased 22% from 62 minutes to 48 minutes, with the fastest attack occurring in just 51 seconds. This signifies that traditional 'detect and respond' approaches can no longer cope with the current era.
Notably, AI-generated deepfake voices and forged digital credentials successfully bypassed multi-factor authentication systems. This demonstrates that traditional MFA cannot be a complete solution against AI-based attacks. Future authentication systems must integrate more sophisticated mechanisms like behavioral biometrics and continuous authentication.
At RSA Conference 2025, the world's largest cybersecurity conference, 'Agentic AI' emerged as the most prominent trend. AI agents that autonomously judge and act can perform more proactive defensive activities, such as automatically conducting red team activities or autonomously addressing compliance gaps. AI is moving beyond merely detecting known threats to predicting attacker behavior patterns and intentions, proactively blocking future attacks.
The key to victory in the AI arms race is 'adaptability,' not 'speed.' Rather than keeping pace with attackers developing new AI techniques, building 'meta-AI' systems that can rapidly learn and adapt to any new attack is more crucial.
2-2. Supply Chain Attacks: Shaking Trust Foundations
In business environments where software and services are delivered through complex networks of multiple components and partners, supply chains have become highly attractive targets for attackers. A single point penetration can cause cascading damage to multiple organizations.
The Change Healthcare ransomware incident that occurred in February 2024 and completed data review in January 2025 demonstrates the massive impact supply chain attacks can have. Change Healthcare was attacked by the BlackCat (ALPHV) ransomware group in February 2024. Hackers successfully infiltrated by exploiting insufficient multi-factor authentication in Change Healthcare's Citrix remote access system. The attack resulted in theft of approximately 6 terabytes of data, causing numerous pharmacies and hospitals across the US to suspend medical billing processing systems, leading to situations where patients had to pay full medication costs.
The true lesson from this incident is the danger of 'single points of failure.' Because Change Healthcare played a central role in the US healthcare system, a single supplier breach led to nationwide healthcare service paralysis. This reconfirmed the importance of 'decentralization' and 'redundancy' in critical infrastructure sectors.
2-3. The Reality of AI-Based Attacks: Intelligent Threats Striking Financial and Healthcare Industries
A particularly shocking case involved the use of AI-generated deepfake technology to impersonate a CFO during a video conference call. In this incident, attackers used deepfake audio and video technology to perfectly replicate the appearance and voice of a company's CFO, successfully deceiving finance team members during a video conference and inducing them to transfer $25 million to attacker-controlled accounts.
This incident transcended mere technical achievement, representing sophisticated psychological warfare exploiting human cognitive vulnerabilities. Attackers eliminated room for suspicion and induced immediate action by perfectly recreating the appearance of colleagues the victims normally trusted. This suggests future cybersecurity must encompass not only technical defenses but also cognitive security.
2-4. Geopolitical Conflict Expansion into Cyberspace: Increased Aggressive Activities by China and North Korea
In the first half of 2025, nation-state attack group activities increased to unprecedented levels, establishing cyberspace as a new battlefield. The CrowdStrike report reveals the concrete reality of these changes.
China-linked cyber espionage attacks increased 150% year-over-year, with financial, media, and manufacturing sectors experiencing up to 300% surges. CrowdStrike discovered seven additional new China-linked hacking groups last year alone.Clear strategic intent is evident in China-linked threat actors' target selection. Concentrated attacks on critical industry sectors (up to 300% increase) are interpreted as systematic industrial espionage activities aimed at securing economic and technological advantages beyond simple information gathering. This demonstrates cyberattacks being utilized as new tools of economic warfare.
North Korea-linked threat group Famous Chollima led 304 cyberattacks last year, with 40% being insider threat attacks. They bypassed security systems through sophisticated methods of disguising as legitimate employees to access corporate systems before conducting malicious activities.
North Korea's insider threat tactics fundamentally differ from traditional insider threats. Rather than exploiting actual insider grievances or financial motivations, this is a 'fake insider' tactic involving malicious infiltration from the outset. This suggests fundamental review of recruitment processes is necessary.
03 2025-2026 Cybersecurity R&D Trends
3-1. Zero Trust Becomes the New Normal
Accelerated transition to cloud computing environments, widespread adoption of remote and hybrid work formats, and increased AI-based intelligent threats have signaled the end of traditional perimeter-based security models. The core principle of Zero Trust, "Never Trust, Always Verify," has established itself as the fundamental security paradigm all enterprises and organizations must pursue.
The traditional 'Castle and Moat' model that trusted network perimeter interiors while defending only against external threats is no longer effective. Recognition is spreading that all users, devices, applications, and network traffic must be considered potential threats requiring thorough verification.
Zero Trust transcends simply adopting specific technologies or products, representing a 'strategic framework' that changes organizations' fundamental security philosophy and approach. Therefore, successful Zero Trust implementation requires not only technical elements but also organizational culture change, close inter-departmental collaboration, and clear responsibility establishment.
Zero Trust has moved beyond theoretical concepts to become a practical security strategy actively adopted by many enterprises and institutions. According to one survey, approximately 63% of companies have already begun deploying or are pursuing implementation of some form of Zero Trust security model.
Energy management and automation solution specialist Schneider Electric has also adopted Zero Trust as its core security philosophy, particularly focusing on strengthening OT system cybersecurity.
At RSA 2025's "Cybersecurity tone at the top" session, discussions emphasized that Zero Trust is not just an IT department challenge but a change management project requiring enterprise-wide understanding and active participation from business departments and executives. Technology adoption alone has limitations; continuous communication and education are crucial to minimize internal member resistance or work inconvenience that may arise during the transition from trust-based to verification-based work methods.
3-2. Post-Quantum Cryptography(PQC) Implementation Becomes Urgent Priority
Quantum computer development holds potential to drive scientific and technological innovation while simultaneously posing serious security threats by potentially neutralizing most public key cryptographic systems currently in use. The first half of 2025 saw accelerated global preparation for Post-Quantum Cryptography (PQC) implementation to address these quantum computing threats.
Quantum computers use quantum bits called qubits to process information in fundamentally different ways from conventional computers. When such computers achieve sufficient scale and stability, they can rapidly decrypt public key cryptographic algorithms like RSA and ECC (Elliptic Curve Cryptography) currently used extensively in internet banking, e-commerce, and data encryption through algorithms like Peter Shor's 'Shor's Algorithm' published in 1994. This represents a serious threat to the foundation of global digital communication and data security.
China and several other countries are investing massive funds in quantum computer technology development, raising concerns that practical quantum computer emergence may be faster than expected. Moreover, if attackers' 'Harvest Now, Decrypt Later' scenario materializes - collecting large amounts of current encrypted communications or stored data and using future commercialized quantum computers to decrypt past data - confidentiality of sensitive information requiring long-term storage could be severely compromised.
To address these threats, the US National Institute of Standards and Technology (NIST) has been working since 2016 with cryptographers worldwide to develop and standardize new cryptographic algorithms difficult to decrypt even with quantum computers - Post-Quantum Cryptography (PQC). As of the first half of 2025, NIST's PQC standardization has shown considerable progress.
NIST, the US National Institute of Standards and Technology established in 1901 under the Department of Commerce, clearly stated through internal report IR 8547 plans to phase out currently widely used cryptographic keys and quantum-vulnerable cryptographic algorithms (RSA, ECDSA, Diffie-Hellman, etc.). According to this plan, these algorithms are recommended for deprecation by 2030 and will be disallowed by 2035. This strongly suggests enterprises and institutions must recognize PQC transition as an urgent task that can no longer be postponed.
04 Conclusion Navigating the Intelligence vs. Intelligence Era
The first half of 2025 has definitively established cybersecurity as a battle of intelligences rather than technologies. Organizations that successfully navigate this transformation will share common characteristics: adaptive AI-driven defenses, resilient architectures that assume breach, and integrated security platforms spanning all attack surfaces.
The evidence from CrowdStrike's comprehensive threat intelligence, combined with real-world incidents across all sectors, demonstrates that traditional security models are not merely inadequate—they are obsolete. The 442% increase in AI-powered voice phishing, 48-minute average attack times, and sophisticated nation-state operations require fundamentally new approaches to cybersecurity.
Success in this new era demands more than technological solutions. It requires organizational transformation, cultural change, and strategic thinking that acknowledges cybersecurity as a business-critical function rather than a technical afterthought. Organizations must invest not only in technology but in people, processes, and partnerships that enable rapid adaptation to evolving threats.
As we look toward 2026 and beyond, the organizations that thrive will be those that embrace the intelligence vs. intelligence paradigm, implementing adaptive, AI-driven security operations while maintaining the human expertise necessary for strategic threat analysis and response. The future of cybersecurity lies not in perfect defense, but in intelligent resilience.
Key Recommendations for Organizations
1. Accelerate Zero Trust Implementation: Move beyond pilot programs to enterprise-wide Zero Trust architectures with identity-centric security models.
2. Invest in AI-Driven Security Operations: Deploy behavioral analytics, automated threat hunting, and orchestrated response capabilities to match attack speeds.
3. Prepare for Post-Quantum Cryptography: Begin inventory of cryptographic implementations and develop migration strategies for quantum-resistant algorithms.
4. Build Resilient Architectures: Design systems assuming compromise, with focus on rapid detection, containment, and recovery capabilities.
The cybersecurity transformation of 2025 represents both unprecedented challenge and extraordinary opportunity. Organizations that recognize this inflection point and act decisively will not only survive the intelligence vs. intelligence era—they will thrive in it.
© STK. All rights reserved. Unauthorized reproduction, distribution, modification, or commercial use of this content is strictly prohibited and may result in civil or criminal liability under applicable laws.