2025: A New Year Of Cybersecurity Challenges

Uploaded on 2024-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

In the wake of the global outage in July, and other - thankfully less impactful - breaches, CISOs already have a list of remediation, maintenance, and new implementation activities to see them into 2025.

Given the sad predictability of the economics of cyberthreats, making predictions as to the types of business and technologies risks and their impact is often a safe bet. Society could update Ben Franklin’s quote to state that ‘nothing is certain except death, taxes, and cyberthreats’.

Social Engineering, Particularly Phishing, Will Remain The Most Significant Threat For SMBs 

Small businesses often lack dedicated InfoSec teams, making employee awareness of risks, clues, and dodgy behaviours, crucial. They should identify and prioritise their critical functions and software. Contingency plans are essential to maintain operations if these are disrupted.

Beating the threats required CISOs to apply non-negotiable security measures. SMBs should implement antivirus/anti-malware, MFA, and phishing defences in their email platforms as foundational security measures. They must also do much more to raise cultural awareness. Security is a team sport, a shared responsibility.

Leaders should cultivate a culture of vigilance, even in the face of fatigue, encouraging employees to be suspicious of unexpected requests or unfamiliar communications.

SMBs must be able to stand up against well-known tactics, and consistently beat them. With adversaries also leveraging GenAI’s power, having one’s wits about you will remain the most effective defence.

The Impact Of AI On Cybersecurity Will Cause Real-World ImpactI In 2025

AI enables more sophisticated threats, particularly social engineering attacks by making it easier to create targeted phishing campaigns. The volume of these threats has and will continue to increase. On the other side there's a growing reliance on AI tools within cybersecurity, but businesses should be cautious trusting it throughout 2025. While AI can process vast amounts of data and improve efficiency, it still requires human oversight to avoid commonsense errors.

It’s likely that GenAI powered threats get past human gatekeepers using lifelike and realistic deceptions. More technically, it’s also likely behind the scenes to support faster and more targeted attacks at scale.

AI Will Create Fresh Challenges & Thus New Myths In Cybersecurity

Antivirus is not a comprehensive solution. Modern threats, particularly social engineering, require more robust defences like MFA and continuous employee education. AI will challenge organisations both technically (to manage and understand new threats) and at a human level (with risks to human fatigue and the ability to see past deceptions).

The risks of deceptive threats mean that the nature of a specific threat may not be what it seems. Critical thinking will only become more essential. Organisations may wish to see this demonstrated with education and credentials. Simple actions, like reporting suspicious activities or properly securing devices, must be emphasised to help prevent breaches - as while threats may be complex, they will still often rely on simple mistakes or actions to succeed.

Maintaining Customer Trust Will Become More Important As Risks Rise

With greater AI involvement, greater levels of potential risk and deception from threats, keeping strong levels of customer trust will be essential for weathering cyber storms in the year ahead. Transparency and communication will be essential to keep customers' confidence high. They should know how their data is protected and what their rights and responsibilities are.

When using AI tools like ChatGPT, customer data must be handled according to privacy requirements, and there must be policies around sharing sensitive information with third parties. Then beyond AI, businesses of all sizes rely on many third-party providers for critical services like payment processing and others. It’s important to ensure these providers meet security standards - and ideally exceed them. 

Moving Into 2025, Be Confident In Cybersecurity Investment & Organisational Visibility

Security spending should always be justified in terms of financial risk. CEOs should understand that the cost of a breach, fines, loss of customer trust, lost revenue, and so on, often outweigh any investment in preventative measures, and hedge against worse case scenarios. The greater care taken in both hardening the business technically, as well as training, testing, and improving employees, the more likely 2025 won’t be a year of disaster.

No security system can be 100% foolproof, but robust security measures across the people, processes, and technology defences in play will significantly reduce the likelihood and impact of an attack as we really get into the era of AI.

John Mutuski Is Chief Information Security Officer at Pipedrive

Image: Ideogam

You Might Also Read:

The AI Future: Three Tips For SMBs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« How AI Is Reshaping The Cybersecurity Landscape 
AI Used For Extortion & Sexual Abuse »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

Glasswall Solutions

Glasswall Solutions

Glasswall Solutions has developed a disruptive, innovative security technology which provides unique protection against document based cyber threats.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.