Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Predictions for 2025 from cybersecurity experts

November 2024 by Marc Jacob

Here are the predictions of cybersecurity experts for 2025. These opinions will allow you to better prepare for this year which will see many challenges to overcome.

KARL HOLMQVIST
FOUNDER AND CEO, LASTWALL

1. Escalating “Steal-Now, Decrypt-Later” Threats Will Drive Broad Integration of Post-Quantum Encryption: In 2025, the intensifying threat of “Steal-Now, Decrypt-Later” attacks will force organizations to accelerate the adoption of post-quantum cryptography (PQC). With quantum computing advancements making traditional encryption methods increasingly vulnerable, adversaries are actively stockpiling encrypted data today to decrypt it with future quantum capabilities. The recent standardization of FIPS-203 in August 2024 enables organizations to legally deploy proven PQC algorithms like ML-KEM, pushing CISOs to establish comprehensive cryptographic asset registers and proactively overhaul encryption strategies. Without immediate action to secure high-value assets, organizations face a growing risk of quantum-enabled breaches, threatening not just data but national security and global stability.

2. Escalation of Cyberattacks on Critical Infrastructure: In 2025, cyberattacks on critical infrastructure will intensify, targeting sectors such as energy grids, water supply systems, and communication networks. Driven by a range of factors, including geopolitical tensions, these attacks will disrupt essential services and erode public trust. Governments and private sectors will be forced to fortify their detection systems, enhance threat intelligence sharing, and take proactive measures to defend against increasingly sophisticated and coordinated threats, including those from nation-states.

3. Fallout from the “Wild West” of AI Deployment: The unchecked, mass deployment of AI tools—which are often rolled out without robust security foundations—will lead to severe consequences in 2025. Lacking adequate privacy measures and security frameworks, these systems will become prime targets for breaches and manipulation. This “Wild West” approach to AI deployment will leave data and decision-making systems dangerously exposed, pushing organizations to urgently prioritize foundational security controls, transparent AI frameworks, and continuous monitoring to mitigate these escalating risks.

DR. DARREN WILLIAMS
FOUNDER AND CEO, BLACKFOG

1. Lesser-known ransomware gangs like Hunters International will grow at an expedited rate. As threat actors’ use of AI continues to proliferate, their attack rate will allow them to work more efficiently and successfully than ever before. There’s no honor amongst thieves, and the trend of "gang-hopping" by individual cybercriminals between ransomware groups will further complicate attribution and containment efforts. Attackers will follow the money and choose financial gain over any allegiance to a group.

2. Deepfake scams will be a significant frontier for digital fraud through 2025. As threat actors evolve their tactics for maximum impact, they will continue to use advanced AI-driven tools to deploy highly tailored phishing attacks. AI is also ushering in a new generation of highly convincing deepfake technology that will introduce unprecedented risks for personal and corporate brands alike. Organized crime groups are aiming to cash in by creating increasingly convincing videos impersonating executives and public figures, such as Jeff Bezos and Elon Musk.

3. Collateral damage of ransomware attacks on healthcare providers will extend beyond personal records. High-profile healthcare provider attacks in 2024, from Change Healthcare in the US to pathology services provider Synnovis in the UK, were notable not only for the significant data loss but also for their impact on services and, ultimately, patient wellbeing.

Ongoing issues with resources and legacy infrastructure, along with the wealth of valuable data across the healthcare sector, mean it is perceived as a “weak link” by cyber attackers and will likely continue to bear the brunt of serious cyber attacks. As criminal gangs leverage patients’ privacy, safety, and health in ransom demands, it is vital for providers across the sector to protect their most vulnerable points to safeguard patients and staff.

JAKE WILLIAMS
FACULTY, IANS RESEARCH
& VP OF R&D, HUNTER STRATEGY

1. Escalating Threats to Network Devices: Advanced threat actors, primarily nation-state threat actors, are likely to focus more on targeting network devices, specifically routers and firewalls. While threat actors continue to struggle to stay ahead of endpoint detection and response (EDR) software on endpoints, similar monitoring software can’t be installed on network devices. We’ve already seen multiple threat actors targeting networking devices to gain access to networks. While this isn’t exactly unprecedented, we can expect the scope and scale of these efforts to increase as threat actors encounter more difficulty maintaining operations with EDR software. It’s also worth noting that the number of compromised network devices is almost certainly underreported today. The vast majority of organizations lack a dedicated threat hunting program for compromised network devices. Very few have the telemetry needed to perform such threat hunts, and even fewer know what to look for. All of this creates a perfect storm for threat actors targeting network devices. Finally, threat actors may target network devices for their lawful intercept capabilities or to disrupt operations in a destructive cyberattack. Some evidence of such prepositioning was seen with Salt Typhoon in 2024, doubtless a sign of more to come.

GEORGE GERCHOW
FACULTY, IANS RESEARCH
& INTERIM CISO/HEAD OF TRUST, MONGODB

1. Nation-state actors will increasingly exploit AI-generated identities to infiltrate organizations: An emerging insider threat gaining traction over the past six months, these sophisticated operatives bypass traditional background checks using stolen U.S. credentials and fake LinkedIn profiles to secure multiple roles within targeted companies. Once inside, they deploy covert software and reroute hardware to siphon sensitive data directly to hostile nations. The FBI confirmed that 300 companies unknowingly hired these imposters for over 60 positions, exposing critical flaws in hiring practices. Traditional background checks can’t catch this level of deception, and HR teams lack the tools to identify these threats. This escalating risk demands stronger identity verification and fraud detection—ignoring it leaves organizations vulnerable to catastrophic breaches. This isn’t just an attack trend; it’s a wake-up call.

2. AI blurs the lines between novice and expert: Much has been said about AI’s risks, but a critical element often overlooked is how it’s empowering previously marginalized threat actors. Newcomers—known as “script kiddies”—are leveraging AI-driven automation and sophisticated deep fakes to rapidly escalate their capabilities. Less-experienced hackers now have the means to execute complex and damaging cyberattacks with unprecedented ease. Scaling up defenses against these AI-powered adversaries will be crucial. Organizations must adopt AI-enhanced security strategies and deploy internal and external AI bots to automate key functions like audits and incident response.

3. The end of optional MFA: The shared responsibility model in cloud security is breaking down, which will push cloud providers to enforce mandatory MFA for all customers. Rising supply chain attacks and multi-cloud complexities demand tighter collaboration between security teams and cloud-savvy developers. This shift will spark a critical push for both providers and customers to elevate security standards in an increasingly volatile landscape.

BRUNO KURTIC
CO-FOUNDER, PRESIDENT & CEO, BEDROCK SECURITY

1. Escalating Security Liabilities in AI Data Handling Will Drive Demand for Enhanced Data Visibility, Classification, and Governance: By 2025, increasing security risks and AI regulations on data handling will push organizations to enhance data visibility, classification, and governance. With agentic AI systems becoming integral to operations, companies will need full insight into data assets to use them responsibly, emphasizing data sensitivity classification to avoid exposing confidential or personal information during AI training.

A standard practice will emerge: creating a data bill of materials (DBOM) for AI datasets. DBOMs will detail the origin, lineage, composition, and sensitivity of data, ensuring only appropriate data trains AI models. Strict entitlements will limit access, allowing only authorized users to manage sensitive data, thereby reducing accidental or malicious exposures.

As data volumes surge, scalable solutions will be essential to handle diverse datasets. This focus on visibility, classification, and access control will drive new data platforms, advancing AI data governance and mitigating security risks.

ERIC KNAPP
CTO OF OT, OPSWAT

1. Securing the shift to cloud for ICS/OT systems will demand new approaches to tackle cyber risks and the expanding skills gap: The 2024 SANS ICS/OT Cybersecurity Report revealed a surge in cloud adoption for ICS/OT applications, with 26% of organizations now leveraging cloud solutions—a 15% increase from previous years. This shift brings greater flexibility and scalability but also exposes these critical systems to new cyber risks. With more organizations leveraging the cloud, robust network security controls at the perimeter are essential. To ensure secure communication, devices that regularly interact with cloud services should ideally be channeled through data diodes, allowing safe, one-way data transfer. However, many sites also require remote access into OT environments for maintenance, upgrades, and similar tasks, calling for separate, secure pathways tailored to specific OT functions and restricted to authorized personnel only.

In 2025, there is an expectation of increased adoption of both secure cloud controls and OT-specific pathways as organizations manage their cloud connections. Investment in proper controls will be crucial to achieving the asset and connection visibility many organizations are striving for. The question for next year is whether organizations are prepared to invest in a comprehensive, layered approach. Historically, the industry has tended to focus on a single “technology du jour,” but indications suggest that 2025 may bring a more balanced approach.

PEDRAM AMINI
CHIEF SCIENTIST, OPSWAT

1. Escalating sophistication and increasing abuse of AI as costs decrease: The drumbeat of threat evolution will continue, with nation-states increasing attacks on physical devices and appliances. ML-assisted scams will grow significantly in volume, quality, and believability. As costs associated with ML compute decrease, we’ll see a transition from ML-assisted to fully autonomous operations. Organizations should expect increased attacks on employees’ personal devices and should prioritize training and novel detection controls to prepare for AI-enhanced social engineering attacks. Production-grade zero-day vulnerabilities will likely be found—and perhaps even exploited—by AI. While we’re likely a few years out from the first fully agentic AI malware, the industry should brace for its emergence.

ARIEL PARNES
CO-FOUNDER AND COO, MITIGA

1. The lethal combination of AI-powered attacks and SaaS vulnerabilities will redefine the threat landscape. In 2025, two critical trends will converge to create a perfect storm and reshape the threat landscape: the growing availability of generative AI for cybercriminals and the rapid adoption of SaaS applications.

Generative AI, with its ability to craft sophisticated, context-aware content, will empower threat actors to automatically scan SaaS environments, find vulnerabilities, and launch precise, rapid attacks. The barriers to creating adaptive phishing campaigns or exploiting SaaS misconfigurations will drop, enabling even less-skilled hackers to conduct highly targeted attacks. AI will also help attackers evade detection by continually modifying their techniques.

Meanwhile, organizations are adopting more SaaS applications, creating sprawling, interconnected environments and introducing new security challenges. Many organizations lack visibility into their SaaS ecosystems, making it difficult to monitor user behavior, detect threats, and enforce security policies consistently across applications. Traditional security tools are ill-equipped to protect the decentralized and dynamic nature of SaaS platforms. As business functions shift to the cloud, this gap in SaaS visibility and detection will remain a significant weakness for cybercriminals to exploit.

Without real-time monitoring and detection, organizations will be at a disadvantage. To counter these threats, companies must close the SaaS visibility gap by investing in advanced security tools specifically designed for cloud environments. These tools must leverage AI to keep pace with evolving threats, focusing on real-time detection, anomaly identification, and continuous monitoring across all SaaS applications.

SCOTT KANNRY
CO-FOUNDER AND CEO, AXIO

1. Need for CRQ is rapidly moving beyond security teams, making usability the #1 requirement for CRQ solutions. Cybersecurity management has expanded beyond the sole domain of security teams and is increasingly influenced by business leaders and non-technical stakeholders, both inside and outside the org.

To be effective, CRQ solutions must be user-friendly, business-focused tools that inform decisions by internal leaders across all departments while facilitating collaboration with external partners through shared, business-oriented risk language.

2. Robust risk quantification will drive tech stack decisions. Risk quantification will play an increasingly critical role in guiding decisions around a) the adoption of new technologies and b) the cost and benefits of maintaining legacy systems.

This CRQ-centered approach ensures that companies’ tech stacks more precisely align with their risk tolerance and resilience strategies.

3. The traditional CISO role will continue to evolve (and even split into two roles in some orgs). As enterprises navigate an evolving global patchwork of regulations, the scope of the CISO has expanded beyond the traditional purview of overseeing data & information security to new areas like compliance management and boardroom disclosure.

Some CISOs will have adapted to—and thrived within—this expanded role. Many companies, however, will opt to split security leadership duties between a technically focused lead and a business/regulatory-focused one.

DALE HOAK
DIRECTOR OF INFORMATION SECURITY, REGSCALE

1. By 2025, AI-driven compliance tools will be widely adopted to manage the growing complexity of cybersecurity regulations and threats. As frameworks like FedRAMP and GDPR grow more stringent, manual GRC tools and processes will become too slow to keep up with regulatory changes. In response, organizations will increasingly use AI to automate real-time checks, monitor violations, and streamline audits. These AI-powered solutions—and the corresponding rise of compliance as code—will help companies proactively identify risks and cut costs.

2. A global convergence of privacy laws will reduce the friction caused by widely varying regulations like GDPR, CCPA, and PIPL. Currently, the lack of unified legislation presents major challenges for international commerce, but corporations and governments are pushing for more streamlined and standardized privacy frameworks. Businesses should invest in agile GRC solutions to prepare for the emergence of new global privacy agreements and partnerships.

3. In 2025, supply chain cybersecurity certifications will become a norm across industries. To prevent disastrous attacks like SolarWinds and Kaseya, businesses will require stringent compliance from third-party vendors, and governments will expand frameworks like NIST SP 800-161, CMMC, and ISO 27001. As a result, there will be increased demand for supply chain cybersecurity compliance platforms with robust risk assessment, real-time monitoring, and reporting features.

JAMES FISHER
DIRECTOR OF SECURITY OPERATIONS, SECURECYBER

1. Accelerated automation to outpace security threats: With AI tools enabling expedited attack timelines, automated security solutions are essential. Emerging automations within the security stack will allow teams to respond efficiently to streamlined attacks. AI will drive the implementation of creative responses to new threats, offering enhanced ways to safeguard against evolving risks. As teams update their security tools with new features and functionality, they’ll be able to automate these capabilities to increase resilience.

2. Heightened focus on supply chain resilience: In a time of global political volatility, organizations will scrutinize critical service providers and hosting sources to secure operations. This extends to hardware and software sourcing to ensure uninterrupted service. Now is the time to refresh disaster plans and consider alternative setups. If hardware or services become unavailable, does your team have a seamless backup strategy in place?

3. Rise in identity-based attacks: With breaches continually on the rise, new credentials will become available for exploitation by threat actors. Security teams must stay vigilant, regularly checking environments for weak passwords and outdated credentials. User fatigue with passwords is real, but solutions like Single Sign-On with hardware tokens will ease this burden. Expect to see hardware devices gradually replacing passwords on more secure systems.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts