Data Center Security in 2025: A Cybersecurity Awareness Guide

by Henry Chapman

October marks Cybersecurity Awareness Month, arriving this year at a critical moment in security management. The timing couldn’t be any more significant, as the data center industry faces unprecedented challenges on multiple fronts.

Federal funding for cybersecurity resources is getting slashed, creating resource constraints just when organizations need support most. Meanwhile, the rapid rise of AI is escalating the cybersecurity arms race, turbo-charging both the tools available to attackers and the defensive capabilities needed to counter them.

The Department of Homeland Security and the Cybersecurity Alliance launched Cybersecurity Awareness Month in 2004 to educate Americans about online threats and promote security best practices. Fast forward to 2025, and the data center industry is well-versed in foundational practices, such as employing password managers, patching vulnerabilities, and keeping software up to date. But what about the threats that fly under the radar, and those impacting the digital infrastructure sector?

Data Center Knowledge spoke with cybersecurity experts to uncover the issues that keep them awake at night and identify actionable protection steps

The Rotten Fruit of Dependency Trees

One of the most pressing concerns raised by experts is the growing vulnerability of supply chains and dependencies. Leslie Daigle, chief technical officer and internet integrity program director at Global Cyber Alliance, issued a stark warning: “Every provider in your supply chain is a potential back door. If you’re not vetting them, cybercriminals and attackers will. One weak link can ripple through industries and bring entire sectors to a standstill.”

Organizations depend heavily on external providers, from third-party integrations to software supply chains. These dependencies, while essential for efficiency, introduce significant risks that attackers can exploit.

Third-party integrations, such as APIs, often lack sufficient security vetting, said Cameron Prescott-Young, director of cyber consulting services at Atos UK&I. “Modern businesses depend heavily on APIs to link everything from payments to logistics, yet they often have limited visibility into the security of the providers behind them,” he said. “If one of these lightly vetted services is compromised, it can offer attackers a trusted route into the organization.”

This visibility problem extends beyond APIs to the software components that power modern applications. Anirudh Batra, head of research at CloudSEK, highlighted the risks of hidden vulnerabilities in software dependency trees. “Organizations typically lack visibility into their complete dependency tree, making these attacks difficult to detect until after deployment,” Batra said. Recent NPM hacks and emerging risks in AI models, such as compromised pre-trained models, underscore the need for a “verify, then trust” approach to external dependencies.

Batra elaborated on the dangers of adopting capabilities without proper vetting.  “Attackers can embed malicious executable instructions in model files [and] distribute compromised LoRA [Low-Rank Adaptation] adapters that inject backdoors while leaving the base model appearing safe,” he said. To counter these threats, pr recommended treating pre-trained models as critical intellectual property requiring strict access controls.

Malicious Traffic and Route Leaks

Daigle emphasized risks posed by outbound traffic, which can harm an organization’s reputation and even lead to its infrastructure being blocklisted. “That includes traffic that ‘piggybacks’ on some free VPN services, using your IP address as an exit point for others’ connections,” she said. The Internet’s fragile routing system presents another critical vulnerability. Daigle urged organizations to take proactive measures to secure their networks, recommending the implementation of the MANRS (Mutually Agreed Norms for Routing Security) actions. These include:

1. Maintain accurate IRR (Internet Routing Registry) records to prevent route hijacks and leaks.

2. Filter out bogons and invalid routes to block malicious traffic.

3. Collaborate with other network operators to strengthen collective security.

4. DeployRPKI (Resource Public Key Infrastructure) validation to ensure route authenticity.

AI Voice Cloning: A Growing Threat

Mark Frost, principal security consultant at NCC Group, cited vishing (voice phishing) attacks as an under-recognized threat. “Many still believe creating and using AI voice cloning requires advanced knowledge and expensive equipment,” Frost said. “On the contrary, much of the tooling is freely available to the public, and the hardware required can be rented for minimal cost.”

The potential consequences of AI-powered vishing are far-reaching. Frost noted scenarios in which attackers impersonate senior leaders, vendors, or partners to manipulate employees or gain unauthorized access. Additional risks include reputational damage if fake audio of an executive making inappropriate comments leaks, and potential compromise of voice authentication systems.

Internal Risks and Exploited Tools

Organizations face significant internal risks, ranging from employee behavior to the exploitation of legitimate tools.

Prescott-Young highlighted the dangers of employees inadvertently feeding confidential data into external systems through generative AI tools or personal assistants. “Many employees rely on generative AI tools or personal assistants to speed up their work, but in doing so, they may inadvertently feed confidential data into external systems,” he explained. “While these aren’t deliberately malicious acts, they open up new leakage channels that most organizations aren’t equipped to monitor.”

The pattern of exploiting legitimate business tools extends beyond AI applications. Batra added that attackers increasingly weaponize remote monitoring and management software, such as AnyDesk, TeamViewer, and ConnectWise. “These tools are designed for IT administration, making their presence appear legitimate and often [safelisted] by security solutions,” he said. “Once installed, they provide attackers with reliable remote access that survives reboots, security scans, and even some incident response efforts.”

Stay ahead of the curve by understanding the cybersecurity challenges.

Gradual, “almost invisible” changes within organizations also pose risk, Prescott-Young said. He warned of misconfigurations resulting from emergency fixes or workarounds, as well as dormant “zombie” accounts lingering after employees or contractors leave. “Attackers who uncover these accounts gain legitimate credentials, bypassing many traditional defenses without raising alarms,” he said.

Another internal risk comes from Shadow SaaS, where employees turn to unsanctioned cloud apps to get work done. “These tools … handle sensitive data beyond the reach of corporate controls, creating unseen exposure to data loss and compliance failures,” Prescott-Young said.

The Fundamentals Still Matter

Despite evolving and sophisticated cyber threats, foundational defenses remain critical. Jack Cherkas, global chief information security officer at Syntax, emphasized their importance: “The fundamentals … remain the most consistently effective defenses for both organizations and individuals. Getting them right is the cornerstone of cyber resilience and the foundation for safe innovation.”

Prescott-Young agreed, noting the irony that increased attention to niche threats can distract organizations from the basics. “The organizations that build lasting resilience are usually the ones that focus on getting the simple things right consistently, and without exception,” he said.

This year’s “core 4” recommended actions are consistent with last year’s guidance:

1. Strong passwords.

2. Multi-factor authentication.

3. Timely software updates.

4. Scam awareness.

By focusing on these foundational practices, organizations can establish a solid defense against both traditional and emerging threats.