The 2025 Cybersecurity Landscape

It's that time of the year again when we reflect on what the current one has been like and what the next might bring. You won't be short of articles to read that reflect on the current cybersecurity landscape and what 2025 will bring. It's impossible to read them all, and I certainly haven't.

However, from those I have read, some common themes emerge that cybersecurity professionals think will be important in 2025. In this article, I will highlight four that I agree will be front and centre in our defensive activities next year, and I will mention one that won't but that many analysts are talking about as a future looming threat. I will also include a list of references for further reading. This is not an exhaustive list of 2025 cybersecurity prediction articles by any means. So, if you have come across any that you particularly enjoyed, please share them with everyone in the comments.

Before I discuss the common themes in the 2025 prediction articles, I'd like to wish you all an enjoyable holiday season and New Year. I also hope you have a successful 2025, and I look forward to collaborating with both existing and new clients to strengthen cybersecurity defences.

Ransomware - A Continuing Menace

It'll surprise no one that the threat from ransomware is discussed widely in articles looking forward at the 2025 cybersecurity landscape. Most analysts and commentators expect the attacks to become more sophisticated and be at least as common in 2025.

Analysts expect cybercriminals to employ advanced techniques alongside their ransomware, including double extortion tactics, in which data gets encrypted, and the criminals threaten the attacked organisations with exposure unless they pay the ransom. Many articles highlight that this evolution in ransomware tactics underscores the necessity for robust backup solutions and comprehensive incident response plans.

Commentators speculate that there may also be an increase in ransom demands to stop stolen data from being publicly exposed even without an encryption phase. This pure extortion approach threatens to damage an organisation's reputation or make it the subject of regulatory investigations and fines due to a public disclosure of the data breach.

The rise of Ransomware-as-a-Service (RaaS) platforms, which have lowered the barrier to entry for cybercriminals, will continue in 2025. This will likely lead to an increase in the frequency of ransomware attacks and a widening of the types and sizes of organisations impacted. The RaaS model allows less technically skilled attackers to launch sophisticated attacks, increasing the ransomware threat from these bad actors.

The financial impact of ransomware attacks is also expected to escalate. The median ransomware payment has skyrocketed from around $190,000 (S$245,000) in early 2023 to $1.5 million (S$ 2.1 million) by mid-2024 (as reported across many reports looking at ransomware costs). It's likely to increase again in 2025. This trend suggests that leading ransomware strains are prioritising targeting businesses and critical infrastructure providers that may be more likely to pay high ransoms. Something to think about if you are in those categories. But not something to use as a reason to be complacent if you are not. All businesses and other organisations are targets of ransomware gangs and petty criminals using RaaS.

Cybersecurity experts say organisations must adopt a proactive and comprehensive approach to cybersecurity to combat evolving ransomware threats. This includes implementing robust backup solutions, conducting regular security assessments, and developing comprehensive incident response plans. Additionally, fostering a culture of security awareness among employees is crucial, as human error remains a significant factor in the success of ransomware attacks.

Social Media Exploitation - A New Frontier for Cybercrime

Social media platforms have long been a double-edged sword for organisations. They offer avenues for communication and brand engagement while exposing both staff and the organisation to significant cybersecurity risks. In 2025, this risk is predicted to intensify as threat actors harness generative AI and advanced data analysis techniques to exploit personal and corporate information shared on social media platforms.

According to a report by Check Point Software, the increasing use of platforms like LinkedIn, Instagram, and TikTok has led to an uptick in targeted social engineering attacks such as spear phishing or more general phishing attacks (see ref 3).

The use of deepfake audio and video is expected to increase in 2025 and beyond. The advent of generative AI tools has allowed for the creation of realistic deepfakes. These can be weaponised to impersonate high-profile individuals, compromise organisations via phishing attacks, and even manipulate public opinion. For instance, a fake video of a CEO announcing sensitive business decisions could cause stock market fluctuations, which attackers could benefit from via stock market shorting.

GenAI - Here, There, and Everywhere

A 2024 article on technology wouldn't be complete without a section focusing on AI and generative AI (GenAI) in particular. The use of GenAI in cyberattacks is almost universally predicted to increase in 2025. 

GenAI enables attackers to automate and enhance the precision of their operations, leading to more effective and harder-to-detect attacks. For instance, attackers can use AI to craft highly convincing phishing emails and dummy websites designed to fool people into divulging information they shouldn't.

To defend against GenAI-enhanced attacks, organisations should invest in advanced security solutions that excel at network detection and response. Often using machine learning capabilities that can analyse network, application, and user data in real-time to detect threats or cyberattack activity.  

GenAI and other machine learning-based technologies are here to stay. We're not putting that genie back in the bottle, and 2025 will be the year when we see how this part of the technology and cybersecurity landscape starts to come into focus to become a new normal rather than the revolutionary change we've experienced over the last two years.

Supply Chain Attacks - A Growing Concern

Cybersecurity defence doesn't end at the network borders of your organisation. Given the links between businesses today that are essential for the smooth operation of supply chains, it's hard to define where such a network border would be. Supply chains don't just exist for companies that manufacture goods. They also exist in ones that create digital work and services. For example, most organisations will have third-party partners supplying support and business services, often via interconnected IT systems.

Supply chain attacks are projected to increase in frequency and complexity next year and beyond. By targeting less secure elements within an organisation's supply chain, attackers can infiltrate systems indirectly, making detection and prevention more challenging. This highlights the importance of comprehensive security assessments and the implementation of stringent security protocols across all supply chain components. 

Furthermore, the complexity of modern supply chains makes it difficult to track and mitigate risks, allowing a single flaw to potentially impact an entire software ecosystem. Palo Alto Networks' Unit 42 anticipates a rise in attacks targeting third-party vendors, as their vulnerabilities make them attractive to threat actors. They also believe that large-scale supply chain attacks, similar in scope to SolarWinds, are already underway but have yet to be discovered. 

Experts looking forward to 2025 say that to detect and defend against supply chain cyberattacks, organisations must adopt a proactive and multi-layered approach to cybersecurity. Beginning with rigorous due diligence when onboarding third-party vendors by evaluating their security policies, certifications, and incident response capabilities.

Continuous monitoring of vendor relationships is equally crucial. Establishing automated systems to track potential vulnerabilities and compliance with security standards for supply chain vendors is recommended. Employing advanced threat detection tools to identify anomalies within interconnected systems, which may indicate early signs of compromise, is also stressed. 

Additionally, enforcing the principle of least privilege by limiting access to only what is necessary for each vendor to carry out their functions is essential. This minimises the potential impact of an attack on a vendor jumping over into your systems. Security teams should also be regularly conducting security awareness training for employees, third-party partners, and contractors to reduce risks stemming from human error, phishing, and social engineering tactics. Finally, security teams should include third-party vendors in incident response planning and drills to ensure coordinated action across the supply chain in the event of a breach.

Quantum Computing: A Looming Threat?

Now, about that item from the introduction that many security analysts mention in their prediction articles but that I don't think is an issue yet: the post-quantum computing risk to encryption.

The advent of quantum computing certainly poses a potential risk to current encryption standards. As quantum computing advances, it will render some traditional encryption methods obsolete, necessitating a transition to quantum-resistant cryptographic solutions to protect sensitive data. This is not going to happen in 2025.

Even when it does happen, it'll be up to vendors of encryption software to update their solutions to use quantum computing-resistant algorithms. Only then will it be up to businesses and other organisations to update their deployed encryption and other cryptology solutions to the new versions. Will that be required this decade? Possibly if your cryptology solution vendors develop and release new software with quantum computing resistant algorithms included. If they do, we'll all hear about it! If your solution has a post-quantum computing (PQC) update now, then you should install it in 2025 if not already deployed.

Further Reading

Here are some articles that discuss the 2025 cybersecurity outlook that may be of further interest to you.

1. Gartner Identifies the Top 10 Strategic Technology Trends for 2025 - Gartner - https://www.gartner.com/en/newsroom/press-releases/2024-10-21-gartner-identifies-the-top-10-strategic-technology-trends-for-2025

2. Gartner Identifies the Top Trends Impacting Infrastructure and Operations for 2025 - Gartner - https://www.gartner.com/en/newsroom/press-releases/2024-12-11-gartner-identifies-the-top-trends-impacting-infrastructure-and-operations-for-2025

3. Unit 42 Predicts the Year of Disruption and Other Top Threats in 2025 - Palo Alto Networks - https://www.paloaltonetworks.com/blog/2024/11/unit-42-predicts-top-threats-in-2025/

4. 12 CIS Experts' Cybersecurity Predictions for 2025 - Center for Internet Security - https://www.cisecurity.org/insights/blog/12-cis-experts-cybersecurity-predictions-2025

5. 2025 Cyber Security Predictions – The Rise of AI-Driven Attacks, Quantum Threats, and Social Media Exploitation - CheckPoint Software - https://blog.checkpoint.com/security/2025-cyber-security-predictions-the-rise-of-ai-driven-attacks-quantum-threats-and-social-media-exploitation/