The cyber landscape is more turbulent than ever. Microsoft recently reported a 2.75-fold increase in ransomware attempts this year, while research predicts that global cyber attacks in 2024 will surge 105% compared to 2020.
There is a dire need for more qualified cyber professionals as generative AI is lowering the barrier to entry for attacks. Unfortunately, cyber skills gaps have been reported in both the U.K. and Australia, with women making up only a quarter of the industry.
But how will we roll into next year? TechRepublic asked cyber experts to predict the top trends impacting the security field in 2025.
SEE: Number of Active Ransomware Groups Highest on Record
1. Renewed focus on third-party risk management, including the AI software supply chain
This year, headlines were dominated by the CrowdStrike incident, which disabled about 8.5 million Windows devices worldwide and caused huge disruption to emergency services, airports, law enforcement, and other critical organisations.
SEE: What is CrowdStrike? Everything You Need to Know
However, this is far from the first instance of a supply chain attack being put on the public’s radar; the MOVEit attacks from last year may also still be fresh in the mind. Due to the prevalence of these incidents, Forrester analysts predict that governments will ban certain third-party software in 2025.
Additionally, more companies are using Generative AI to code new software, which could open it up to weaknesses. AI-generated code has been known to cause outages, and security leaders are even considering banning the use of technology in software development.
For executives, this all illustrates how essential third-party risk management is to operations, leading to a new focus in 2025.
Max Shier, the chief information security officer at cyber advisory firm Optiv, told TechRepublic in an email: “Third party risk management, supply chain risk management, and increased oversight and regulatory requirements will drive the need for companies to focus on and mature their governance, risk, and compliance programs.”
Jacob Kalvo, the CEO of proxy provider Live Proxies, added: “It is expected that in 2025, organisations will likely shift toward proactive ways of assessing and monitoring supply chains. It could be leveraging zero-trust architectures that will verify at stages of access, where the companies deal with external partners.
“This shift to increased supply chain scrutiny marks a wider trend of bringing cybersecurity into general enterprise-wide risk management.”
AI software is one of the weakest links in the software supply chain
While businesses race to capitalise on generative AI solutions, the speed of their adoption has resulted in some areas of oversight when it comes to security. A study from HackerOne found that 48% of security professionals believe AI poses the most significant security risk to their organisation.
Cache Merrill, founder of software development company Zibtek, told TechRepublic by email: “As AI tools increasingly integrate into software development, we anticipate attackers targeting the software supply chain’s weakest AI-driven components. The focus will no longer be just on vetting third-party code but scrutinising AI models that may have inadvertently introduced security gaps through data poisoning or bias exploitation.
“By 2025, supply chain security will demand a whole new layer of vigilance, where even the datasets and AI models feeding into our applications are analysed for adversarial tampering. A secure supply chain won’t just be about code but curating safe and verifiable AI training sources.”
Paul Caiazzo, VP of security services at Quorum Cyber, told TechRepublic that attackers may specifically target weaker AI tools to exfiltrate sensitive data. “CISOs will struggle to secure them due to a lack of AI skills and tooling,” he added.
2. Macs will become more targeted by cybercriminals
Experts say that Macs will become even more of a target for cybercriminals in the next year. Kseniia Yamburh, malware research engineer at Mac security provider Moonlock, told TechRepublic by email: “Once considered safer, macOS now faces rising threats, particularly from stealer malware designed to collect sensitive data.
“Our research at Moonlock shows a notable spike in macOS-targeted stealer malware, with 2024 seeing 3.4 times more unique samples than 2023.’
SEE: Threat Actors Increasingly Target macOS, Report Finds
The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, with attackers using infostealers, fake PDFs, fake Mac apps, legitimate Microsoft apps, and other novel techniques to breach the operating system this year. In November, several malicious macOS apps were linked to North Korea.
The growing interest in Apple devices may be due to their increasing prevalence in organisations and greater competition amongst cybercriminals in the Windows landscape.
3. Identity to shift into the jurisdiction of security teams
Security experts predict that in 2025, responsibility for identity and access management within companies will shift from IT departments to security teams. Sagie Dulce, VP of research at segmentation firm Zero Networks, said identity-based attacks are the leading cause of breaches, and this is not looking to change. As these attacks escalate, security professionals are needed to eliminate potential entry points.
Dulce told TechRepublic: “This is not new, but is a growing trend as more identities belong to services and apps — they are harder to manage and control. Most organisations are currently blind to their exposure from service accounts, privileged identities, secrets spread, third party access, and more.
“These identities are often the lowest-hanging fruits in organisations and attackers know it. As many web applications are still exposed to the internet, getting initial access via compromised credentials to a web app remains the main attack vector utilised to gain initial access.”
4. Cyber regulations will divide countries
Global cyber regulations are becoming stricter — especially with the rise in nation-state cyber attacks. As a result, legislation will focus on geopolitics and national security interests.
Vishal Gupta, CEO of security software provider Seclore, told TechRepublic in an email: “In the coming year, long raging wars and general geopolitical tensions will drive the bulk of regulations. Countries and groups of countries will create regulations to protect their own interests over deemed enemies and will prevent the broad spread of supply chains.
“This is already evident in the CHIPS act and more recent [export control law] interpretations. ‘Country over collaboration’ may well be the theme of these regulations.”
Douglas McKee, executive director of Threat Research at security firm SonicWall, added that it will become increasingly difficult to detect the origins of attacks because “the line between state and criminal operations will continue to blur further.”
SEE: Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks
As a result, decision-makers should strengthen international collaboration rather than create more division. McKee told TechRepublic in an email: “Governments and private organisations must adapt to this evolving threat landscape, focusing more on proactive intelligence sharing and threat-hunting to disrupt collaborative efforts before they impact critical sectors.”
Critical national infrastructure will fall behind in compliance
Critical national infrastructure, such as transport, telecommunications companies, and data centres, is a key target for attackers because it can lead to widespread disruption. A recent report from Malwarebytes found that the services industry is the worst affected by ransomware, accounting for almost a quarter of global attacks.
SEE: 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year
According to Christian Borst, EMEA CTO at security firm Vectra AI, attacks on CNI will surge in 2025, partly because these firms are not keeping up with regulations. These include NIS2, which aims to establish a consistent, minimum cybersecurity baseline across all E.U. member states.
Borst told TechRepublic in an email: “Regulators aren’t asking the world, but CNI firms are already struggling to stick to the timelines set out by regulators and get their houses in order, as we’re already seeing E.U. member states who are lagging behind on NIS2 implementation.
“Threat actors will be well aware of lagging compliance, so will concentrate efforts on targeting critical infrastructure before the security gaps are closed.”
5. Specific employees targeted via social media and AI
At the start of the year, a finance worker in Hong Kong paid out $25 million to hackers that used AI and publicly available video content to impersonate the chief financial officer. The hackers mimicked the executive’s voice during phone calls to authorise the transfer.
Experts predict that this behaviour will continue into 2025. According to Garner, AI-enhanced malicious attacks were the top emerging business risk throughout the year’s first three quarters.
The number of business email compromise attacks detected by security firm Vipre in the second quarter was 20% higher than the same period in 2023, and two-fifths of them were generated by AI. The top targets were CEOs, followed by HR and IT personnel.
Darius Belejevas, head of data privacy platform Incogni, told TechRepublic: “An ever-increasing number of data breaches are now the result of criminals actively targeting specific employees, in some cases armed with personal information they have managed to source on that individual. Unfortunately not enough people realise they are being targeted because of where they work.”
Leave a Reply