2025: A New Year Of Cybersecurity Challenges

Uploaded on 2024-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

In the wake of the global outage in July, and other - thankfully less impactful - breaches, CISOs already have a list of remediation, maintenance, and new implementation activities to see them into 2025.

Given the sad predictability of the economics of cyberthreats, making predictions as to the types of business and technologies risks and their impact is often a safe bet. Society could update Ben Franklin’s quote to state that ‘nothing is certain except death, taxes, and cyberthreats’.

Social Engineering, Particularly Phishing, Will Remain The Most Significant Threat For SMBs 

Small businesses often lack dedicated InfoSec teams, making employee awareness of risks, clues, and dodgy behaviours, crucial. They should identify and prioritise their critical functions and software. Contingency plans are essential to maintain operations if these are disrupted.

Beating the threats required CISOs to apply non-negotiable security measures. SMBs should implement antivirus/anti-malware, MFA, and phishing defences in their email platforms as foundational security measures. They must also do much more to raise cultural awareness. Security is a team sport, a shared responsibility.

Leaders should cultivate a culture of vigilance, even in the face of fatigue, encouraging employees to be suspicious of unexpected requests or unfamiliar communications.

SMBs must be able to stand up against well-known tactics, and consistently beat them. With adversaries also leveraging GenAI’s power, having one’s wits about you will remain the most effective defence.

The Impact Of AI On Cybersecurity Will Cause Real-World ImpactI In 2025

AI enables more sophisticated threats, particularly social engineering attacks by making it easier to create targeted phishing campaigns. The volume of these threats has and will continue to increase. On the other side there's a growing reliance on AI tools within cybersecurity, but businesses should be cautious trusting it throughout 2025. While AI can process vast amounts of data and improve efficiency, it still requires human oversight to avoid commonsense errors.

It’s likely that GenAI powered threats get past human gatekeepers using lifelike and realistic deceptions. More technically, it’s also likely behind the scenes to support faster and more targeted attacks at scale.

AI Will Create Fresh Challenges & Thus New Myths In Cybersecurity

Antivirus is not a comprehensive solution. Modern threats, particularly social engineering, require more robust defences like MFA and continuous employee education. AI will challenge organisations both technically (to manage and understand new threats) and at a human level (with risks to human fatigue and the ability to see past deceptions).

The risks of deceptive threats mean that the nature of a specific threat may not be what it seems. Critical thinking will only become more essential. Organisations may wish to see this demonstrated with education and credentials. Simple actions, like reporting suspicious activities or properly securing devices, must be emphasised to help prevent breaches - as while threats may be complex, they will still often rely on simple mistakes or actions to succeed.

Maintaining Customer Trust Will Become More Important As Risks Rise

With greater AI involvement, greater levels of potential risk and deception from threats, keeping strong levels of customer trust will be essential for weathering cyber storms in the year ahead. Transparency and communication will be essential to keep customers' confidence high. They should know how their data is protected and what their rights and responsibilities are.

When using AI tools like ChatGPT, customer data must be handled according to privacy requirements, and there must be policies around sharing sensitive information with third parties. Then beyond AI, businesses of all sizes rely on many third-party providers for critical services like payment processing and others. It’s important to ensure these providers meet security standards - and ideally exceed them. 

Moving Into 2025, Be Confident In Cybersecurity Investment & Organisational Visibility

Security spending should always be justified in terms of financial risk. CEOs should understand that the cost of a breach, fines, loss of customer trust, lost revenue, and so on, often outweigh any investment in preventative measures, and hedge against worse case scenarios. The greater care taken in both hardening the business technically, as well as training, testing, and improving employees, the more likely 2025 won’t be a year of disaster.

No security system can be 100% foolproof, but robust security measures across the people, processes, and technology defences in play will significantly reduce the likelihood and impact of an attack as we really get into the era of AI.

John Mutuski Is Chief Information Security Officer at Pipedrive

Image: Ideogam

You Might Also Read:

The AI Future: Three Tips For SMBs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« How AI Is Reshaping The Cybersecurity Landscape 
AI Used For Extortion & Sexual Abuse »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.

HardTarget

HardTarget

HardTarget is a cutting-edge cyber training company serving HWN (High-Net-Worth) Families and their trusted Advisors.