2025: A New Year Of Cybersecurity Challenges

Uploaded on 2024-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

In the wake of the global outage in July, and other - thankfully less impactful - breaches, CISOs already have a list of remediation, maintenance, and new implementation activities to see them into 2025.

Given the sad predictability of the economics of cyberthreats, making predictions as to the types of business and technologies risks and their impact is often a safe bet. Society could update Ben Franklin’s quote to state that ‘nothing is certain except death, taxes, and cyberthreats’.

Social Engineering, Particularly Phishing, Will Remain The Most Significant Threat For SMBs 

Small businesses often lack dedicated InfoSec teams, making employee awareness of risks, clues, and dodgy behaviours, crucial. They should identify and prioritise their critical functions and software. Contingency plans are essential to maintain operations if these are disrupted.

Beating the threats required CISOs to apply non-negotiable security measures. SMBs should implement antivirus/anti-malware, MFA, and phishing defences in their email platforms as foundational security measures. They must also do much more to raise cultural awareness. Security is a team sport, a shared responsibility.

Leaders should cultivate a culture of vigilance, even in the face of fatigue, encouraging employees to be suspicious of unexpected requests or unfamiliar communications.

SMBs must be able to stand up against well-known tactics, and consistently beat them. With adversaries also leveraging GenAI’s power, having one’s wits about you will remain the most effective defence.

The Impact Of AI On Cybersecurity Will Cause Real-World ImpactI In 2025

AI enables more sophisticated threats, particularly social engineering attacks by making it easier to create targeted phishing campaigns. The volume of these threats has and will continue to increase. On the other side there's a growing reliance on AI tools within cybersecurity, but businesses should be cautious trusting it throughout 2025. While AI can process vast amounts of data and improve efficiency, it still requires human oversight to avoid commonsense errors.

It’s likely that GenAI powered threats get past human gatekeepers using lifelike and realistic deceptions. More technically, it’s also likely behind the scenes to support faster and more targeted attacks at scale.

AI Will Create Fresh Challenges & Thus New Myths In Cybersecurity

Antivirus is not a comprehensive solution. Modern threats, particularly social engineering, require more robust defences like MFA and continuous employee education. AI will challenge organisations both technically (to manage and understand new threats) and at a human level (with risks to human fatigue and the ability to see past deceptions).

The risks of deceptive threats mean that the nature of a specific threat may not be what it seems. Critical thinking will only become more essential. Organisations may wish to see this demonstrated with education and credentials. Simple actions, like reporting suspicious activities or properly securing devices, must be emphasised to help prevent breaches - as while threats may be complex, they will still often rely on simple mistakes or actions to succeed.

Maintaining Customer Trust Will Become More Important As Risks Rise

With greater AI involvement, greater levels of potential risk and deception from threats, keeping strong levels of customer trust will be essential for weathering cyber storms in the year ahead. Transparency and communication will be essential to keep customers' confidence high. They should know how their data is protected and what their rights and responsibilities are.

When using AI tools like ChatGPT, customer data must be handled according to privacy requirements, and there must be policies around sharing sensitive information with third parties. Then beyond AI, businesses of all sizes rely on many third-party providers for critical services like payment processing and others. It’s important to ensure these providers meet security standards - and ideally exceed them. 

Moving Into 2025, Be Confident In Cybersecurity Investment & Organisational Visibility

Security spending should always be justified in terms of financial risk. CEOs should understand that the cost of a breach, fines, loss of customer trust, lost revenue, and so on, often outweigh any investment in preventative measures, and hedge against worse case scenarios. The greater care taken in both hardening the business technically, as well as training, testing, and improving employees, the more likely 2025 won’t be a year of disaster.

No security system can be 100% foolproof, but robust security measures across the people, processes, and technology defences in play will significantly reduce the likelihood and impact of an attack as we really get into the era of AI.

John Mutuski Is Chief Information Security Officer at Pipedrive

Image: Ideogam

You Might Also Read:

The AI Future: Three Tips For SMBs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« How AI Is Reshaping The Cybersecurity Landscape 
AI Used For Extortion & Sexual Abuse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.