2025: A New Year Of Cybersecurity Challenges

Uploaded on 2024-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

In the wake of the global outage in July, and other - thankfully less impactful - breaches, CISOs already have a list of remediation, maintenance, and new implementation activities to see them into 2025.

Given the sad predictability of the economics of cyberthreats, making predictions as to the types of business and technologies risks and their impact is often a safe bet. Society could update Ben Franklin’s quote to state that ‘nothing is certain except death, taxes, and cyberthreats’.

Social Engineering, Particularly Phishing, Will Remain The Most Significant Threat For SMBs 

Small businesses often lack dedicated InfoSec teams, making employee awareness of risks, clues, and dodgy behaviours, crucial. They should identify and prioritise their critical functions and software. Contingency plans are essential to maintain operations if these are disrupted.

Beating the threats required CISOs to apply non-negotiable security measures. SMBs should implement antivirus/anti-malware, MFA, and phishing defences in their email platforms as foundational security measures. They must also do much more to raise cultural awareness. Security is a team sport, a shared responsibility.

Leaders should cultivate a culture of vigilance, even in the face of fatigue, encouraging employees to be suspicious of unexpected requests or unfamiliar communications.

SMBs must be able to stand up against well-known tactics, and consistently beat them. With adversaries also leveraging GenAI’s power, having one’s wits about you will remain the most effective defence.

The Impact Of AI On Cybersecurity Will Cause Real-World ImpactI In 2025

AI enables more sophisticated threats, particularly social engineering attacks by making it easier to create targeted phishing campaigns. The volume of these threats has and will continue to increase. On the other side there's a growing reliance on AI tools within cybersecurity, but businesses should be cautious trusting it throughout 2025. While AI can process vast amounts of data and improve efficiency, it still requires human oversight to avoid commonsense errors.

It’s likely that GenAI powered threats get past human gatekeepers using lifelike and realistic deceptions. More technically, it’s also likely behind the scenes to support faster and more targeted attacks at scale.

AI Will Create Fresh Challenges & Thus New Myths In Cybersecurity

Antivirus is not a comprehensive solution. Modern threats, particularly social engineering, require more robust defences like MFA and continuous employee education. AI will challenge organisations both technically (to manage and understand new threats) and at a human level (with risks to human fatigue and the ability to see past deceptions).

The risks of deceptive threats mean that the nature of a specific threat may not be what it seems. Critical thinking will only become more essential. Organisations may wish to see this demonstrated with education and credentials. Simple actions, like reporting suspicious activities or properly securing devices, must be emphasised to help prevent breaches - as while threats may be complex, they will still often rely on simple mistakes or actions to succeed.

Maintaining Customer Trust Will Become More Important As Risks Rise

With greater AI involvement, greater levels of potential risk and deception from threats, keeping strong levels of customer trust will be essential for weathering cyber storms in the year ahead. Transparency and communication will be essential to keep customers' confidence high. They should know how their data is protected and what their rights and responsibilities are.

When using AI tools like ChatGPT, customer data must be handled according to privacy requirements, and there must be policies around sharing sensitive information with third parties. Then beyond AI, businesses of all sizes rely on many third-party providers for critical services like payment processing and others. It’s important to ensure these providers meet security standards - and ideally exceed them. 

Moving Into 2025, Be Confident In Cybersecurity Investment & Organisational Visibility

Security spending should always be justified in terms of financial risk. CEOs should understand that the cost of a breach, fines, loss of customer trust, lost revenue, and so on, often outweigh any investment in preventative measures, and hedge against worse case scenarios. The greater care taken in both hardening the business technically, as well as training, testing, and improving employees, the more likely 2025 won’t be a year of disaster.

No security system can be 100% foolproof, but robust security measures across the people, processes, and technology defences in play will significantly reduce the likelihood and impact of an attack as we really get into the era of AI.

John Mutuski Is Chief Information Security Officer at Pipedrive

Image: Ideogam

You Might Also Read:

The AI Future: Three Tips For SMBs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« How AI Is Reshaping The Cybersecurity Landscape 
AI Used For Extortion & Sexual Abuse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

Nine23

Nine23

Nine23 are a highly focused cyber security solutions company that defines, builds and manages innovative services, enabling end-users to use technology securely in today’s workplace.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.