In the early 2000s, one of the hardest choices many of us faced online was selecting our MySpace “Top 8” — the ultimate public display of friendship. Choosing which friends to feature required serious thought, some strategic prioritization, and let’s be honest — risking a few hurt feelings. I wonder if Tom still thinks about the impossible position he created for a generation of young internet users.
Fast-forward to today, where many of the same millennials — now security experts — face another challenge of strategic prioritization. For security teams up against a quickly evolving threat landscape, setting resolutions and prioritizing cybersecurity goals feels similar to creating a Top 8 (albeit with quite different stakes). Not everything can be tackled at once, so organizations must focus on the most impactful changes to strengthen their security posture.
Unlike Tom, who never posted a handy bulletin or blog to advise your strategy, Sysdig can help inform your Top 8 list of 2025 cybersecurity resolutions based on the usage data we’ve collected and the threat intelligence we’ve analyzed year over year. Each of these priorities is chosen for its potential to reduce risk, improve compliance, or bolster resilience in a threat landscape that, like your old MySpace page, is constantly evolving.
1. Tighten up your account credentials
Unused credentials are like a neglected Top 8 friend who hasn’t logged on in a decade. Over-permissioned accounts are low-hanging fruit for attackers, creating unnecessary risk. This year, focus on cleaning up your organization’s digital Rolodex by auditing account credentials. Reduce permissions that haven’t been used in the last 30 days and make multi-factor authentication (MFA) mandatory. Setting up a monthly process for permission auditing can help. Aim to reduce unused credentials from 98% to 70% by the end of the first quarter.
2. Enable AI logging and prevent LLMjacking
LLMjacking is a new kind of attack discovered by the Sysdig Threat Research Team (TRT) where malicious actors hijack large language models to sell access or run unauthorized operations, potentially costing victim organizations upwards of $100,000 daily. Enabling AI workload logging is like using the “last logged in” feature on MySpace, giving you visibility over AI usage activities to identify and prevent resource hijacking. Make it a resolution to activate logging on all of your AI tools and platforms, which will boost transparency and might even save your company (or you personally) significant costs.
3. Fortify your threat detection and response capabilities
Threat detection and response is your ride-or-die bestie. It helps you sort out drama and, for that reason, never leaves a Top 3 spot. Last year, we found that a majority of attacks — 65% to be exact — required behavioral detections. But through 2024, Sysdig TRT consistently found cryptomining and DDoS attacks leveraging well-known malware source code, easily identified by static IoC detections. Up-to-date detections are the second best thing for your security program behind proactive security enhancements. Don’t neglect this crucial part of your security posture; instead, feed it as much current, relevant threat intelligence as you can throughout 2025.
4. Cut your critical and high vulnerabilities in half
The efforts made between 2023 and 2024 paid off, with critical and high vulnerabilities cut in half to 8%. But there’s still room to improve! Just as a Top 8 friend list had to be selective, cybersecurity teams should prioritize reducing the most pressing vulnerabilities even further. As a group, we should aim to slash that number another 50% to 4% by year’s end, which will directly correlate with improved organizational security by reducing your attack surface and keeping your digital assets even safer.
5. Fully embrace the DIE philosophy
Container drift control is vital to prevent unintended changes in your production environment, a belief that is central to the Distributed, Immutable, Ephemeral (DIE) operating philosophy. As of January 2024, only 4% of users enabled controls to stop workloads if unexpected changes are detected, and only 25% even have alerting enabled. Like having a friend remind you to remove your ex from your Top 8, container drift alerting is similar. Adopt the DIE operating philosophy for containers, setting a goal of using automated response actions for alerts on drift, malware, and cryptominers.
6. Expand generative AI implementation
AI implementation is steadily making its way into cloud environments, with 31% adoption as of January 2024. However, only 15% of their integrations are generative AI (GenAI). Think of GenAI as that talented friend in your Top 8 who’s always creating something fresh and exciting. By the end of 2025, we expect to see nearly 100% of organizations implementing AI in their cloud-native environments, with more than 50% of packages being GenAI (as opposed to ML or automation), helping your organization leverage the creative and strategic capabilities that generative AI brings to the table — just make sure you’re prioritizing AI workload security by reducing public exposure and remediating in use vulnerabilities.
7. Reconsider and secure your registries
Since 2019, public registry usage has bloomed in popularity. As of early 2024, 66% of registries hosting and managing container images were public, making them more vulnerable to attacks. Think of these registries like a public profile that anyone can see and interact with — often, going private is safer. Make it a goal to increase the use of private or private-instance registries, shifting the balance closer to 50/50 and better safeguarding your container images and data. If you pull from public sources, ensure you are mitigating the risk of pushing vulnerabilities into production by using a runtime scanner and regularly updating images.
8. Reduce image bloat
Although choosing your Top 8 posed a significant challenge, it allowed users to think about an important topic: Necessity. Much like it may have been if Tom from MySpace had given us a “Top 20” or a “Top 50,” adding people we barely knew to our extended top friends, open source or vendor-managed images often include components, like dependencies, that may not be essential for every implementation. These unnecessary components can, and likely should, be removed as needed on a case-by-case basis. For 2024, resolve to review and remove image bloat by reducing the number of unused components in your images. Reducing image sizes offers a cost advantage for vulnerability scanning. Since images, particularly those from public repositories, must be scanned regularly, larger images result in higher scanning costs.
Prioritizing YOUR Top 8
Achieving every possible cybersecurity goal in a single year is as unrealistic as fitting all of your friends and family into your Top 8. The key is prioritizing the areas that will yield the most impact while aligning with your team’s strategic direction. Not every goal will make the cut, but that’s okay. By focusing on your top resolutions, or the resolutions we’ve suggested above, security teams can make measurable progress on patching vulnerabilities, reducing unnecessary risks, and fostering a more resilient security environment.
As you set your cybersecurity resolutions for 2025, remember that — just like that beloved Top 8 — every choice represents a focused commitment. Here’s to a year of securing not only our applications, our data, and our peace of mind!