The cyber environment is more unstable than ever. A recent report by Microsoft highlighted a 2.75-fold surge in ransomware attempts this year, while research suggests that global cyber attacks in 2024 will skyrocket by 105% compared to 2020.
There is a pressing need for more skilled cyber experts as generative AI is reducing the entry barriers for attacks. Unfortunately, shortages in cyber expertise have been noted in both the United Kingdom and Australia, with women constituting only a quarter of the sector.
But, how will we move forward into the following year? Cyber experts were questioned by TechRepublic to predict the main trends that will influence the security arena in 2025.
EXPLORE: Highest Number of Active Ransomware Groups Recorded
1. Focused emphasis on third-party risk management, encompassing the AI software supply chain
This year, the CrowdStrike debacle dominated headlines, causing disruptions to essential services worldwide. This incident disabled around 8.5 million Windows devices and affected emergency services, airports, law enforcement, and other crucial organizations.
EXPLORE: Comprehensive Guide to CrowdStrike
This isn’t the first instance of a supply chain attack making headlines; last year’s MOVEit attacks remain fresh in memory. Due to the frequency of such incidents, Forrester analysts anticipate that in 2025, governments will prohibit specific third-party software.
Moreover, more businesses are embracing Generative AI for coding new software, potentially exposing it to vulnerabilities. AI-generated code has been known to trigger outages, with security leaders contemplating the prohibition of AI technology in software development.
For executives, this highlights the criticality of third-party risk management for operations, leading to a fresh focus in 2025.
Max Shier, the head of information security at cyber consultancy firm Optiv, stated to TechRepublic via email: “Third-party risk management, supply chain risk management, and heightened oversight and regulatory demands will necessitate companies to concentrate on and enhance their governance, risk, and compliance schemes.”
Adding to this, Jacob Kalvo, the CEO of proxy provider Live Proxies, remarked: “It can be anticipated that in 2025, organizations will likely transition to proactive methods of evaluating and monitoring supply chains. They might leverage zero-trust architectures to authenticate at different access points where they interact with external collaborators.
“This shift towards increased scrutiny of the supply chain signals a broader trend in integrating cybersecurity into general enterprise-wide risk management.”
AI software emerges as a significant weak point in the software supply chain
While companies rush to leverage Generative AI solutions, the swift adoption has led to oversights in security. A study by HackerOne revealed that 48% of security professionals view AI as posing the most substantial security risk to their organization.
Cache Merrill, the founder of software development firm Zibtek, stated to TechRepublic via email: “As AI tools increasingly integrate into software development, we envision attackers focusing on the most vulnerable AI-driven components of the software supply chain. The focus will no longer solely be on verifying third-party code but on scrutinizing AI models which may have inadvertently introduced security vulnerabilities through data manipulation or bias exploitation.
“By 2025, supply chain security will necessitate an additional layer of alertness, where even the datasets and AI models fueling our applications are examined for malicious interference. A secure supply chain will not only revolve around code but will involve curating secure and verifiable AI training sources.”
Paul Caiazzo, VP of security services at Quorum Cyber, informed TechRepublic that attackers might specifically target weaker AI tools to extract sensitive data. “CISOs will grapple with securing them due to insufficient AI expertise and tools,” he added.
2. Macs are set to be the focus of increased cybercrime attacks
Experts anticipate that Macs will attract more attention from cybercriminals in the upcoming year. Kseniia Yamburh, malware research engineer at Mac security specialist Moonlock, shared with TechRepublic via email: “Formerly regarded as secure, macOS is now confronting escalating threats, particularly from stealer malware aimed at harvesting sensitive data.
“Our investigations at Moonlock reveal a significant surge in macOS-targeted stealer malware, with 2024 witnessing 3.4 times more unique samples than 2023.’
EXPLORE: Report Finds Threat Actors Increasingly Target macOS
The exploitation of macOS vulnerabilities surged by over 30% in 2023, with attackers leveraging infostealers, fake PDFs, fake Mac apps, authentic Microsoft apps, and other innovative tactics to breach the operating system this year. In November, several malevolent macOS applications were linked to North Korea.
The heightened interest in Apple devices may stem from theirrising predominance within corporations and increased rivalry among cybercriminals in the Windows domain.
3. Transition of Identity under the authority of security teams
Cybersecurity professionals anticipate that by 2025, the accountability for identity and access control in enterprises will transfer from IT units to security teams. Sagie Dulce, VP of research at segmentation company Zero Networks, remarked that attacks based on identity are the primary reason for security breaches, and this trend is expected to persist. As these attacks intensify, security experts are essential to close potential entryways.
Dulce informed TechRepublic: “While not a new development, this is an expanding pattern as more identities are attributed to services and applications — making them more complex to oversee and govern. Many organizations are presently unaware of their vulnerability stemming from service accounts, privileged identities, dispersed secrets, external access, and more.
“These identities are usually the most accessible targets within organizations, a fact that attackers are fully aware of. Given that a multitude of web applications are still open to the internet, the primary attack method continues to be compromising credentials for initial access to a web application.”
4. Division of Countries by Cyber Regulations
The global landscape of cyber regulations is becoming more stringent — especially in response to the surge in cyber attacks by nation-states. Consequently, the focus of legislation will center around geopolitics and national security concerns.
Vishal Gupta, CEO of security solutions provider Seclore, noted in an email to TechRepublic: “In the upcoming period, ongoing geopolitical conflicts and general tensions will guide the majority of regulatory actions. Nations and coalitions of nations will establish regulations to safeguard their interests against perceived adversaries and restrict the broad propagation of supply chains.
“This inclination is already observable in initiatives like the CHIPS act and recent interpretations of export control laws. ‘National priorities over collaborative efforts’ might very well be the underlying theme of these regulations.”
Douglas McKee, executive director of Threat Research at security company SonicWall, added that the attribution of attack origins will become progressively intricate due to “the blurring line between state and criminal operations.”
SEE: Tenable: Cyber Security Professionals Should Be Concerned About State-Sponsored Cyber Attacks
Hence, decision-makers must enhance international cooperation rather than fostering further fragmentation. McKee asserted in an email to TechRepublic: “Governments and private entities must adapt to this shifting threat landscape, prioritizing proactive intelligence exchange and threat detection to disrupt collaborative schemes before they influence vital sectors.”
Critical National Infrastructure Falling Behind in Compliance
The critical national infrastructure, including transportation, telecom firms, and data centers, represents a prime target for malefactors due to the potential for extensive disruptions it poses. A recent study by Malwarebytes revealed that the services industry is the most impacted by ransomware, accounting for nearly a quarter of global attacks.
Christian Borst, EMEA CTO at cybersecurity firm Vectra AI, anticipates a surge in attacks targeting CNI in 2025, partially due to these organizations lagging in compliance with regulations. These regulations include NIS2, which aims to establish a uniform, minimum cybersecurity standard across all E.U. member states.
Borst expressed to TechRepublic via email: “Regulators aren’t asking for the impossible, but CNI enterprises are already grappling to adhere to the deadlines set by regulators and to put their affairs in order, as evidenced by E.U. member states lagging in the implementation of NIS2.
“Threat actors are well aware of compliance lags, and will concentrate their efforts on critical infrastructure before these security shortcomings are rectified.”
5. Targeting Specific Employees Through Social Media and AI
At the beginning of this year, a financial employee in Hong Kong succumbed to a $25 million payout to hackers who employed AI and publicly accessible video content to impersonate the chief financial officer. The hackers imitated the voice of the executive during phone calls to authorize the funds transfer.
Forecasters anticipate that this trend will persist into 2025. According to Garner, AI-enhanced malicious activities were the most prevalent emerging business threat in the first three quarters of the year.
The number of business email compromise attacks detected by security vendor Vipre in the second quarter rose by 20% compared to the same period in 2023, and two-fifths of these incidents were AI-generated. The primary targets were CEOs, followed by personnel from HR and IT departments.
Darius Belejevas, head of data privacy platform Incogni, shared with TechRepublic: “An increasing number of data breaches are the result of deliberate targeting of specific employees by criminals, who may possess personal information they gathered about the individual. Unfortunately, many individuals are unaware of being targeted based on their employment status.”
About Author
