2025 Forecasts: Trends from Sophos Experts

New year, same threats. Ransomware, AI vulnerabilities, state-sponsored attacks, and more are equipped to strike at any moment. In a threat landscape that’s ever-changing, we’re committed to arm your team with insights around rising adversary behavior, so you can implement proactive defense strategies and solutions. As you lay out your cybersecurity strategy for 2025, consider the following threat predictions from four members of our leadership team.

Ransomware attacks will continue to target important sectors

Education and healthcare institutions often have limited cybersecurity budgets. As a result, legacy systems, compounded by limited cybersecurity budgets, leave many critical organizations under protected. Add in an enormous amount of personal data and both sectors are ripe for ransomware, says Chester Wisniewski, director and global field CTO at Sophos.  These sectors faced intense adversary attention last year. 2025 will be no different.

The AI honeymoon is over. Expect vulnerabilities.

After any new technology’s adoption phase, reality sets in. Bad actors inevitably seek and discover vulnerabilities — Microsoft already issued a handful of patches for its AI products last year. We’ll see AI security risks more clearly in 2025, predicts Christopher Budd, director, Sophos X-Ops. 

We’ve also seen how generative AI makes it easier to create credible fraudulent websites and other content, which only makes it easier to launch complex, large-scale scam campaigns. But cybersecurity pros stand to gain from generative AI advancements as well. Ben Gelman, senior data scientist at Sophos, expects incremental LLM changes will be a helpful co-pilot for stretched security teams. 

 State-sponsored attacks target companies of all sizes

State-sponsored groups already target edge devices to create proxy networks for disruption and sabotage. Many of these devices remain unpatched and vulnerable, especially with end-of-life (EOL) devices still in use. Wisniewski believes this shift will expand the victim pool and put businesses of all sizes at risk.

Attackers lean on new plays

Adversary groups never stand still. To evade detection, cybercriminals are using new tactics to distract incident response from their primary objective. Attackers strive to overwhelm response teams with “noise,” like minor attacks or false incidents, to sneak through larger attacks . Aaron Bugal, field CTO, says  creating noise doesn’t just lead to a successful attack, it also drains resources, weakens defenses and stretches even well-equipped security teams thin.

In addition, expect more supply chain attacks this year. Attacks on third party software suppliers  have reverberating consequences far beyond the initial company targeted — which empowers attackers to pressure victims to meet their demands. 

How can you prepare? 

These insights may be overwhelming. But strategic, proactive protection enables your organization to fend off ever-evolving risks. In response to all these threats, security professionals can prioritize patches, safeguard against malware, and devise robust incident response plans. Given most breaches start with unpatched systems or stolen passwords, patching and MFA are especially important. And in an effort to mitigate supply chain risks, initiatives like Secure by Design and Secure by Demand from CISA encourage vendors to build secure, high-quality products from the start. 

With proper support, your people can become some of your greatest defenses. During onboarding processes, train users to report suspicious activity promptly to encourage early detection. When fatigue, burnout, and skills gaps weaken your human-based protection, Managed Detection and Response (MDR) services offer additional, expert resources. 

Some of these trends are already taking shape. That’s why strong defenses and an effective incident response plan go a long way, so your organization can always be prepared for the evolving threat landscape. Follow our page on LinkedIn to stay up to date on everything cybersecurity including upcoming webinars and access to additional resources.