2025: A New Year Of Cybersecurity Challenges

Uploaded on 2024-12-02 in TECHNOLOGY--Resilience, FREE TO VIEW

In the wake of the global outage in July, and other - thankfully less impactful - breaches, CISOs already have a list of remediation, maintenance, and new implementation activities to see them into 2025.

Given the sad predictability of the economics of cyberthreats, making predictions as to the types of business and technologies risks and their impact is often a safe bet. Society could update Ben Franklin’s quote to state that ‘nothing is certain except death, taxes, and cyberthreats’.

Social Engineering, Particularly Phishing, Will Remain The Most Significant Threat For SMBs 

Small businesses often lack dedicated InfoSec teams, making employee awareness of risks, clues, and dodgy behaviours, crucial. They should identify and prioritise their critical functions and software. Contingency plans are essential to maintain operations if these are disrupted.

Beating the threats required CISOs to apply non-negotiable security measures. SMBs should implement antivirus/anti-malware, MFA, and phishing defences in their email platforms as foundational security measures. They must also do much more to raise cultural awareness. Security is a team sport, a shared responsibility.

Leaders should cultivate a culture of vigilance, even in the face of fatigue, encouraging employees to be suspicious of unexpected requests or unfamiliar communications.

SMBs must be able to stand up against well-known tactics, and consistently beat them. With adversaries also leveraging GenAI’s power, having one’s wits about you will remain the most effective defence.

The Impact Of AI On Cybersecurity Will Cause Real-World ImpactI In 2025

AI enables more sophisticated threats, particularly social engineering attacks by making it easier to create targeted phishing campaigns. The volume of these threats has and will continue to increase. On the other side there's a growing reliance on AI tools within cybersecurity, but businesses should be cautious trusting it throughout 2025. While AI can process vast amounts of data and improve efficiency, it still requires human oversight to avoid commonsense errors.

It’s likely that GenAI powered threats get past human gatekeepers using lifelike and realistic deceptions. More technically, it’s also likely behind the scenes to support faster and more targeted attacks at scale.

AI Will Create Fresh Challenges & Thus New Myths In Cybersecurity

Antivirus is not a comprehensive solution. Modern threats, particularly social engineering, require more robust defences like MFA and continuous employee education. AI will challenge organisations both technically (to manage and understand new threats) and at a human level (with risks to human fatigue and the ability to see past deceptions).

The risks of deceptive threats mean that the nature of a specific threat may not be what it seems. Critical thinking will only become more essential. Organisations may wish to see this demonstrated with education and credentials. Simple actions, like reporting suspicious activities or properly securing devices, must be emphasised to help prevent breaches - as while threats may be complex, they will still often rely on simple mistakes or actions to succeed.

Maintaining Customer Trust Will Become More Important As Risks Rise

With greater AI involvement, greater levels of potential risk and deception from threats, keeping strong levels of customer trust will be essential for weathering cyber storms in the year ahead. Transparency and communication will be essential to keep customers' confidence high. They should know how their data is protected and what their rights and responsibilities are.

When using AI tools like ChatGPT, customer data must be handled according to privacy requirements, and there must be policies around sharing sensitive information with third parties. Then beyond AI, businesses of all sizes rely on many third-party providers for critical services like payment processing and others. It’s important to ensure these providers meet security standards - and ideally exceed them. 

Moving Into 2025, Be Confident In Cybersecurity Investment & Organisational Visibility

Security spending should always be justified in terms of financial risk. CEOs should understand that the cost of a breach, fines, loss of customer trust, lost revenue, and so on, often outweigh any investment in preventative measures, and hedge against worse case scenarios. The greater care taken in both hardening the business technically, as well as training, testing, and improving employees, the more likely 2025 won’t be a year of disaster.

No security system can be 100% foolproof, but robust security measures across the people, processes, and technology defences in play will significantly reduce the likelihood and impact of an attack as we really get into the era of AI.

John Mutuski Is Chief Information Security Officer at Pipedrive

Image: Ideogam

You Might Also Read:

The AI Future: Three Tips For SMBs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« How AI Is Reshaping The Cybersecurity Landscape 
AI Used For Extortion & Sexual Abuse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.