Category: Predictions

With continued advancements in AI, the threat landscape is evolving quicker and more regularly than ever before. Combining this with persistent macro-economic pressures and a change in leadership across multiple countries, the world around us is undergoing huge changes. In turn, CISOs are faced with the ever-expanding task of protecting their organisations against a new frontier, in a world that is undergoing massive shifts. 

As cybersecurity and geopolitics continue to converge, governments and public sector organisations are going to need to reprioritise cyber resilience and improve legacy infrastructure across the board. Our research earlier this year found that governments saw a nearly 50% increase in ransomware extortion attacks in 2024. The general public expect – and deserve – their data to be properly protected. So, now more than ever, cybersecurity professionals must be tapped into the world around them and understand the nuances of a shifting geopolitical landscape. 

With this in mind, here are five predictions that I think will take shape throughout 2025. 

1) Nation-state and ransomware attacks will intensify their focus on the OT side; and data centers will fight back

As we look ahead to 2025, critical infrastructure and the manufacturing sector will face an increased volume of threats from both nation-states and ransomware operators. These threat actors will also look to target industries reliant on newer technologies, such as cloud computing and AI systems. And nation states are clearly looking to get ahead of this trend, evidenced by the UK designating data centers as critical infrastructure earlier this year, and I suspect others will follow suit. 

2) Geopolitics and cybersecurity will become increasingly inseparable as National Critical Infrastructure (NCI) becomes one of the biggest focuses for attackers

The intensifying geopolitical climate and the major global elections that have punctuated 2024 will absolutely drive transformation with regards to cybersecurity policies and regulations in 2025. With cyberattacks increasingly targeting political processes and attempting to influence election outcomes, businesses must adapt their operations to navigate geopolitical tensions and sanctions. Organisations should seek to deploy flexible security architectures that can quickly isolate threats and adjust to evolving political regulatory requirements. 

While advancements in digital transformation offers significant benefits, it acts somewhat as a double-edged sword and makes infrastructure more vulnerable to attacks. Given cyberattacks often precede physical ones, protecting critical infrastructure from exposure is crucial and organisations must take responsibility for their security beyond mere regulatory compliance. Over the coming year, we will see a heightened focus on critical infrastructure from both defensive and offensive perspectives. 

3) Economic pressures will drive cybersecurity consolidation and optimisation 

The broader macro-economic landscape, and persistent inflationary environment has resulted in many industries taking a more measured approach to their spending, and cybersecurity is no different. In fact, in 2025, we’re going to see the effects of economic pressures ending the era of unlimited cybersecurity spending. Instead, organisations are going to be forced to optimise their security investments, driving a trend toward the consolidation of security tools. In addition, we’re going to see the adoption of integrated platforms, and businesses embracing cloud solutions to simplify complex security infrastructures. The added bonus here is that the shift to automated, consolidated platforms will also help to address issues around the security skills shortage, given that service-based models reduce the burden of hardware maintenance. 

4)  Connectivity sovereignty will reshape global IT architectures 

In 2025, connectivity sovereignty will emerge as a crucial factor in global IT planning, building on 2024’s data sovereignty focus. As nations increasingly implement digital borders through national firewalls, organisations will turn to distributed cloud and edge computing to maintain control over data and networks within national boundaries. 

As a result, this trend will transform large data lakes into smaller “data puddles”, as data becomes increasingly localised. While organisations will still need to integrate data across geographical and organisational boundaries, data will need to be organised into smaller, location-specific datasets. This data segmentation could offer security advantages, as it may limit Machine Learning models access to comprehensive datasets that could attract attackers. 

5) Cyber resilience will become a mandatory design principle

In 2025, the concept of cyber resilience will evolve from being a buzzword to becoming a fundamental design principle for organizations. As cyber threats become more sophisticated and disruptions more frequent, it will become more a matter of “when” not “if” a cyber incident will happen. Organizations will be forced to move beyond traditional prevention approaches to embrace true, embedded reaction and response capabilities in every aspect of their operations. Consequently, we will see organizations turn their attention to more proactive risk management and threat hunting practices to help contain the blast radius of an incident. This necessary shift will ensure that organizations not only withstand attacks, but continue functioning during them, with security and business continuity becoming inseparable concepts.

The year ahead

As 2025 begins to take shape, and with new political leaders either already in role or commencing their leadership soon, CISOs and IT leaders are going to have to weather the storm that naturally accompanies change. To do this, they must tap into the world around them, engage the C-suite, simplify IT architectures, and ensure that even if budget constraints persist, that good cybersecurity practice remains at the forefront of their organization’s agenda. 

 

The post The convergence of geopolitics and cybersecurity: Five predictions for 2025 appeared first on Cybersecurity Insiders.

With the ever-increasing rise of software supply chain attacks, 2025 marks a pivotal year for organizations to step up and lead in managing third-party risks rather than falling behind. According to Verizon’s “2024 Data Breach Investigations Report” attackers increased their use of vulnerabilities to initiate breaches by 180% in 2023 compared to 2022. 15% involved a supplier or third party, such as data custodians, hosting partner infrastructures, or software supply chains.  

So, the question remains, “Why aren’t organizations better at managing security risks in the third-party software supply chain?” 

Here are my insights and predictions on how organizations can move to a proactive posture over the next year. 

Understand The Challenges First 

Reflecting on third-party software-related attacks in 2024, several persistent challenges highlight areas where organizations must focus to strengthen resilience: 

• Lack of Comprehensive Software Inventory – Many organizations lack visibility into their third-party software: where it’s installed, the key business processes it supports, and its security posture. This absence of context hinders secure configuration, the application of compensating controls, and a risk-based approach to mitigation, leaving software open to exploitation. 

• Struggles with Vulnerability Management and Accountability – Keeping pace with newly disclosed software vulnerabilities remains a challenge, exacerbated by unclear accountability between IT teams (managing desktops, servers, and cloud environments) and third-party software users (end users, developers, and business teams). This gap delays patching and limits understanding of software’s role in critical business processes. Until organizations can shift software risk management left—beyond reactive patching—they will remain vulnerable to attackers. 

• Challenges with Software Sprawl and Governance – Software sprawl continues to expand the attack surface, making it unpredictable and difficult to defend. Without governance and rationalization of their software inventory, organizations will struggle to manage risk effectively, perpetuating a cycle of reactive defenses against an ever-growing threat landscape. 

Now that some of the challenges have been defined, here are a few strategies that organizations can take to tackle third-party software risk in the new year. 

Develop A Common Operating Picture Across Various Teams – Without a shared view, teams like Third Party Risk Management, vulnerability management, security architecture, and cyber defense lack alignment and an operational perspective that would: 

  • Define the problem for specific pieces of software 
  • Identify collaboration points for managing it 
  • Quantify risk outcomes in ways that are measurable, testable, and reportable 

Visibility alone isn’t enough to get ahead of software security risk, but it’s essential for moving from reactive responses—like vendor notifications and emergency patches—to an organized, proactive posture. While cybersecurity is full of overused military analogies, here’s one that holds true: a common operating picture is essential for effective combined operations. With a unified view, teams can collaborate effectively, and leaders can build structures that enable a coordinated, predictable, and sustainable approach to managing software supply chain risks. None of this is revolutionary thinking for those with experience in enterprise security, but unique insights are needed to power it. 

Don’t Rely Solely on Reactive CVE Analysis 

Organizations relying heavily on reactive CVE analysis often find themselves overwhelmed by the constant stream of vulnerabilities, many of which lack critical context or relevance to their specific environments. CVE-focused tools, while useful for tracking known issues, can inadvertently contribute to alert fatigue and inflate vulnerability management workloads. Instead of fostering proactive risk reduction, these tools may divert attention from prioritizing the most impactful threats. Shifting to a more strategic approach that focuses on behavioral analytics to uncover hidden security issues in software, can empower teams to address vulnerabilities that matter most and bolster overall security posture. 

Enhance Software Security Through Comprehensive Management and Monitoring 

• Adopt Rigorous Software Inventories: Maintain comprehensive visibility into all software used within the organization, including third-party and niche applications. 

• Embrace Continuous Risk Monitoring: Regularly evaluate software for vulnerabilities, misconfigurations, and behavioral risks. 

• Demand Vendor Transparency: Work with software suppliers who prioritize secure SDLC practices and provide detailed Software Bills of Materials (SBOMs) that focus on what vulnerable components are actually in use by the software so that exploitable vulnerabilities can be mitigated. 

• Leverage Behavioral Analytics: Monitor software activity to detect abuse of excessive permissions or insecure functionality early, even before exploitation spreads. 

Conclusion 

In 2025, the ability to understand, rationalize, and govern software risk will become essential for staying ahead of attackers. Organizations that embrace a proactive, unified approach to managing third-party software risks—grounded in visibility, accountability, and strategic prioritization—will not only reduce vulnerabilities but also foster greater resilience. 

The post 2025 Cybersecurity Predictions appeared first on Cybersecurity Insiders.

In 2024, advancements in artificial intelligence (AI) have led to increasingly sophisticated threat actor exploits, such as deepfake technology used in misinformation campaigns and AI-driven phishing attacks that mimic legitimate communications. As we approach 2025, significant transformations in the use of AI in threat detection, threat intelligence, and automated response/remediation will reshape the tools, strategies, and collaborative efforts used in combating sophisticated threat actors and their AI-powered attacks. 

According to a recent report by Cybersecurity Ventures, there has been a 35% increase in the adoption of advanced threat detection tools among Fortune 500 companies. Also, Gartner predicts that 70% of organisations will have integrated AI-driven threat intelligence systems by 2025, enhancing their ability to identify and mitigate threats before they manifest into major incidents. 

Threat detection and response is likely to evolve over the next year, emphasising the necessity of using AI-driven threat intelligence to fight fire with fire. This includes preemptive, early warning strategies, which emphasise proactive measures to identify and neutralise threats before they can inflict damage.

Strategic Incident Prevention and Response Planning with Early Warning

Organisations are increasingly focusing on early warning strategies to detect and prevent threats before they materialise. By leveraging actionable intelligence, they can proactively address common vulnerabilities, reducing the likelihood of attacks at their source. Identifying the root weaknesses behind these vulnerabilities and addressing them comprehensively allows organisations to prevent entire categories of similar attacks. For instance, many organisations employ multi-factor authentication (MFA) to prevent account takeover attacks, exemplifying a “left of boom” approach.

In military terms, “left of boom” refers to actions taken to disrupt adversary plans before an explosive event occurs. In cybersecurity, it signifies a proactive stance to detect and mitigate threats before they penetrate defences. Just as intelligence gathering is essential in military operations to foresee and thwart attacks, cyber threat intelligence plays a similar role in identifying potential weaknesses and threat vectors early on.

More organisations and government agencies will likely conduct internal tabletop exercises for various attack scenarios. These exercises and regularly updated incident response playbooks, will ensure preparedness against current threats. These proactive approaches will help minimise potential damage and speed recovery in the event of an attack.

Rise of Detection-as-Code     

Today’s Security Operations Center (SOC) detections often lack robust validation for accuracy, resulting in limited effectiveness against real threats. This is largely due to the ad-hoc implementation of detection processes, where rules are hastily added to SIEM systems without rigorous testing. However, the widespread adoption of detection-as-code (DaC) is expected to transform SOC capabilities. This methodology will allow SOC teams to program, version control, and deploy detection logic with the precision and efficiency of continuous integration/continuous delivery (CI/CD) pipelines in software development.

DaC will empower SOCs to rapidly respond to evolving threats, enabling automated and continuous updates to detection rules aligned with the latest threat intelligence. Integrating CI/CD principles will allow for continuous testing of detection logic, reducing false positives and enhancing detection accuracy while fostering collaboration between security engineers and developers. Moreover, embedding AI within the detection pipeline will enhance the adaptive capabilities of SOCs, allowing for advanced threat detection and response. Ultimately, DaC will bring agility to SOC operations, enabling organisations to stay ahead of fast-evolving adversaries with real-time, validated detections and highly adaptable detection strategies tailored to emerging attack vectors.

Synthetic Data for AI Training

In 2025, the growing concerns around data privacy and regulatory constraints will drive a significant increase in the use of synthetic data for training AI models in cybersecurity. Synthetic data will enable AI systems to learn patterns, detect threats, and improve defences without accessing sensitive or personally identifiable information (PII). This approach ensures compliance with privacy laws like GDPR while allowing for robust AI-driven security measures to be developed.

Open Source Software Libraries

Open-source software libraries will remain a prime target for threat actors, as they are integral to many commercial and enterprise applications. The inherent transparency of these libraries offers attackers an accessible entry point to exploit vulnerabilities, insert malicious code, or compromise supply chains. As dependency on open-source components grows, securing these libraries becomes paramount. Threat actors persistently scrutinise popular libraries for weaknesses, using them as launchpads for widespread attacks. Consequently, ensuring software supply chain security is becoming an imperative priority for both developers and security professionals. By implementing rigorous assessment and monitoring strategies, organisations can fortify their defences against these pervasive threats.

Generative AI in Cybersecurity

Generative AI models are poised to play a critical role in cybersecurity for attackers and defenders. On the defensive front, these models will aid in crafting advanced playbooks, formulating security policies, generating test cases for security solutions, and streamlining processes such as patch management. Conversely, adversaries may harness generative AI to refine social engineering techniques or automate the development of malicious code. Cybercriminals could utilise AI to tailor phishing attacks, weaponise existing vulnerabilities, and create AI-driven malware that adapts dynamically to bypass security measures. Consequently, cybersecurity experts will require robust AI-powered tools to identify and counteract these evolving threats, underscoring the importance of staying ahead in the AI arms race to secure digital environments.

SOAR with AI: The Future of Cybersecurity Operations

The promise of SOAR (Security Orchestration, Automation, and Response) has been significant in streamlining cybersecurity operations. However, it has yet to fully deliver on its potential. The integration of AI into SOAR platforms promises to revolutionise this landscape, transforming these systems into the intelligent, responsive tools they were always envisioned to be. By utilising AI for dynamic and adaptive defence strategies, SOAR can enhance its capabilities to automate complex threat detection, analysis, and response processes with unprecedented efficiency and precision. This evolution will realise the true potential of SOAR, establishing it as a critical component in contemporary cybersecurity defence frameworks. With AI-driven reasoning, organisations can achieve faster mean time to detect (MTTD) and mean time to respond (MTTR), streamlining incident response processes and bolstering overall threat management.

In the cybersecurity landscape in 2025, organisations must adopt proactive measures and leverage AI-driven tools to stay ahead of evolving threats. By focusing on understanding and implementing early threat detection, real-time intelligence, and cutting-edge technologies, businesses can fortify their defences and ensure robust protection against cyber adversaries.

 

The post 2025 AI Insights: Threat Detection and Response appeared first on Cybersecurity Insiders.

What’s Old is New: Network and Web Application Vulnerabilities

The first newsworthy AI breach of 2024 didn’t come from a mind bending prompt injection, it came from classic exploit tactics. As we see organizations everywhere testing LLM and AI products to see how they fit into their business, they are rapidly introducing new software and attack surface into environments. This is especially true as organizations attempt to limit public cloud based AI models (e.g. OpenAI) and instead use open source software, open source models or custom on-premise deployments. As a penetration testing team, we are beginning to see these products deployed on internal and external networks. Organizations should take care as these products often inherit all the classic vulnerabilities we’ve exploited on engagements in the past. Even more so because everything is moving so quickly.

The AI ecosystem’s continuing explosive growth in 2025 will dramatically expand the attack surface while inheriting traditional cybersecurity vulnerabilities. Supply Chain Concerns

Unfortunately, supply chain concerns hit on two fronts for AI. First, we see the same supply chain concerns that we are already dealing with throughout the industry; malicious packages, vulnerable dependencies, and insufficient Software Bills of Materials (SBOMs). For example, n8n (https://github.com/n8n-io/n8n), which is arguably the most popular agentic framework and has 50.8K stars on Github, has a dependency package lock file with 25,780 lines in it. While line count isn’t a perfect complexity metric, it illustrates a critical issue: these rapidly evolving tools depend on libraries from hundreds of different authors. In aggregate, with all of the tools being tested out across environments, this is an obvious ticking time bomb.

Second, there are supply chain risks with the models themselves. That is, a malicious actor who can poison a model and adjust the model’s decision making or privacy permanently destroys the products the model depends on. For example, ByteDance currently has a 1.1 million dollar lawsuit in place against an ex-intern who poisoned a large number of their models. Organizations need to be carefully verifying the providence of any models they deploy, as compromised or maliciously trained models could introduce backdoors or biases that are difficult to detect through conventional testing.

Both of these issues are so concerning they are already on the 2025 OWASP Top 10 for Large Language Model Applications (LLM05: Supply Chain Vulnerabilities). We are sure to see more of this in the coming year. Prompt Injection Evolution

While prompt injection attacks are well-documented, they’re likely to become more sophisticated. As LLMs are integrated into more complex systems, attackers will likely find new ways to craft inputs that manipulate the model’s behavior or extract sensitive information from its training data. At Sprocket we have already found this on a few different assessments. This is particularly concerning when LLMs are connected to internal systems, databases, and agentic frameworks.

Prompt injection is largely an unsolved problem and it’s going to get worse before it gets better. In 2025, we will see prompt injection used for more impactful and newsworthy exploits. Resource Consumption Attacks

LLMs face a critical yet overlooked vulnerability: resource consumption attacks. These threats extend beyond computational load to target financial resources, exploiting the per-token pricing models of LLM services. These systems are expensive to operate from a computational perspective and API cost issue. This is very different from most other cloud-based deployments. Cost related threats in 2025 are likely to become more real than in other deployed application stacks.

AI and LLM products are expensive to operate. We will see a rise threat model around cost and cost mitigation for AI deployed products. 

 

The post Predictions for 2025’s biggest attacks from a pentester perspective appeared first on Cybersecurity Insiders.

Almost every single organisation, large or small, is acutely aware of the need to implement robust security measures. However, this is easier said than done. As the threat landscape continues to evolve, only heightened by tools such as AI, it can be difficult to stay ahead and ensure appropriate security measures are in place. Furthermore, there are a lot of security tools out there, and many organisations have tried to implement security measures and are now overwhelmed with an influx of information trying to figure out how best to manage it. 

However, though it may not be the easiest task, it’s certainly one worth doing right. So, as we look ahead to 2025, what are the main trends that organisations need to be aware of and how can they use this knowledge to stay protected? 

1.Nation-state threats will worsen 

The global geopolitical landscape is increasingly influencing the cyber threat environment. Nation-state actors, motivated by political or strategic goals, are launching more sophisticated cyberattacks which target critical infrastructure, government agencies and private enterprises. These attacks are often highly targeted and can have devastating consequences that disrupt society and economies.

In 2025, we can expect an uptick in cyberattacks from nation-state actors as global tensions rise. The UK, like many other countries, has already experienced the consequences of these kinds of attacks – and new technologies such as AI and quantum computing are only making things more complex. Just last month, UK minister, Pat McFadden, warned that Russia and other adversaries of the UK are attempting to use AI to enhance cyber-attacks against the nation’s infrastructure. Worryingly, however, over half (52%) of IT leaders in the UK do not believe the government can protect its citizens and organisations from cyberwarfare. 

As we move into the new year, we will increasingly see nation-state attacks move away from the direct theft of sensitive information and focus more on destabilising economies, disrupting services, or causing widespread panic. When it comes to threats such as these, catching the early warning signs is vital. Organisations need to ensure they are using proactive measures to detect and prevent threats before they materialise.

2.Supply chain attacks will continue to cause major disruption 

For the last few years, it has become increasingly evident how vulnerable organisations are to supply chain attacks. Attacks on third-party vendors and partners have been responsible for some of the highest-profile breaches this year, such as the Synnovis and the Network Rail attacks. Additionally, the estimated global cost of supply chain attacks is expected to reach $60 billion in 2025. 

As such, supply chain security is now a priority for many businesses, particularly as they depend more on external vendors for critical services and products. This broadens the scope of cybersecurity efforts beyond the organisation itself to include partners, suppliers, contractors and service providers. As such, organisations need to view their cybersecurity strategy holistically. It’s no longer enough to adopt a security posture that focuses solely on internal assets – businesses must extend their scope to the entire ecosystem.

3.Regulatory compliance becomes more complex 

The importance of regulatory compliance in cybersecurity has shifted from being a mere checkbox exercise to a fundamental aspect of any organisation’s strategy. And, with new regulations on the horizon, especially in the UK and Europe, businesses are now faced with even more stringent requirements.

For example, the EU’s Network and Information Systems Directive (NIS2) and Digital Operational Resilience Act (DORA) are pushing organisations to establish more robust cybersecurity frameworks. However, meeting these compliance requirements is not just about avoiding penalties. Organisations that invest in comprehensive cybersecurity programs, those that go beyond compliance and look to proactively protect against risks, are better positioned to maintain their reputation and trust among customers. 

Additionally, as the number and complexity of regulatory frameworks continue to increase, the demand for compliance-as-a-service solutions – which help organisations navigate the complex landscape of local and international regulations – will increase. These services can offer businesses tailored solutions that simplify the process of ensuring adherence while also enhancing their overall cybersecurity posture.

4. Solution consolidation will be vital 

Lastly, in response to the growing complexities of the threat and regulatory landscape, another trend we should expect to see in 2025 is the move toward single-platform solutions. Currently, organisations are heavily relying on point solutions designed to address specific security concerns, such as firewalls, anti-virus software and intrusion detection systems. However, as the threat landscape grows increasingly complex, the demand for integrated solutions will increase and it’s important that organisations have the ability to easily work through the influx of information that is out there with single-platform solutions.

Looking ahead

When it comes to cybersecurity, playing catch-up is not an option. In 2025, UK organisations need to ensure that they are staying one step ahead of bad actors. By being aware of the current trends in the threat landscape, businesses can make better-informed decisions regarding their cybersecurity posture. The threat landscape is always evolving, but organisations that stay informed, adopt a proactive cybersecurity approach, and make the most of the latest technologies will be far better positioned to protect themselves. 

 

The post The UK’s Cybersecurity Landscape: Key Trends and Challenges for 2025 appeared first on Cybersecurity Insiders.

Prediction 1: Robust supply chain security is not optional; it’s essential for safeguarding against software vulnerabilities.

•In 2025, businesses need to safeguard themselves from security risks linked to software dependencies – that is, external applications or code they rely on. While they save development time, they can pose cybersecurity risks, including vulnerabilities from outdated or unpatched components, supply chain attacks, and malicious code insertion. These are what we call “zero-day” risks as the flaws remain unknown and unpatched, leaving zero-days to respond to threats.

•The increase in cyber attacks on popular applications underscores the importance of strong supply chain security. Companies should establish strict controls, including regular audits, timely software updates, and thorough management of vulnerabilities to reduce risks from third-party software.

•Effective crisis management will be crucial. Businesses should adopt a structured approach known as ‘Red Teaming’, whereby a group of skilled security experts, known as the “red team,” simulate real-world cyberattacks on an organisation’s systems, networks, and physical infrastructure. The goal is to identify vulnerabilities and test the effectiveness of the organisation’s defenses by emulating the tactics, techniques, and procedures of potential adversaries. Regular drills and scenario planning will help ensure organisations are prepared to respond effectively to security incidents.

•A comprehensive Third Party Risk Management Program should ensure compliance by managing evolving requirements and assure due diligence through proactive management responsibility. It must be flexible to adapt to varying risks across different third-party engagements and act as a platform that utilises automation for adequate coverage and frequent assessments. Additionally, it should integrate with the organisation’s risk culture and appetite, providing visibility and management capabilities, and produce repeatable, coherent results that drive continuous improvement. 

Prediction 2: As geopolitical tensions rise, businesses must be prepared to swiftly isolate network segments to mitigate risks.

•The ability to segment networks and implement robust controls to remotely switch off locations will be critical in 2025. As geopolitical tensions escalate, businesses must be ready to swiftly isolate parts of their network in response to potential sanctions or security threats. This is essential for maintaining operational security and continuity, especially for companies in high-tension regions. 

•Advanced network segmentation involves creating distinct, isolated segments within a company’s network, each with its own security controls and access policies. This can help limit the spread of potential cyber threats and allow for more precise control over data flow and access. By segmenting their networks, businesses can help better protect sensitive information and critical infrastructure from cyberattacks and espionage. 

•In addition to network segmentation, businesses must develop robust remote control capabilities to manage and secure their operations from a distance. This includes the ability to remotely switch off or isolate specific locations in the event of a security breach or geopolitical crisis. By having these controls in place, companies can quickly respond to emerging threats and minimise the impact on their operations. 

Prediction 3: NIS2 mandates 24-hour reporting of cyber incidents; this will push businesses to enhance their incident response frameworks for greater transparency.

•The new NIS2 Directive will require in-scope organizations to report significant cyber incidents within 24 hours, down from the previous 72 hours. This accelerated timeline will challenge some, as thorough investigations often take longer. While the aim is to enhance transparency and prompt response, initial reports may lack detailed information. Organizations will need robust incident response frameworks to meet these deadlines, ensuring timely updates while continuing investigations.

•NIS2 will push organizations to improve their cybersecurity hygiene and compliance management. Emphasising risk frameworks and duty of care, the Directive will compel organizations to adopt comprehensive cybersecurity measures. This includes regular security assessments, employee training, and advanced security technologies. By enhancing their cybersecurity posture, organizations can better protect against threats and ensure compliance, mitigating the risk of penalties and reputational damage.

•NIS2 will also highlight the importance of supply chain security, requiring enterprises to assess and manage risks associated with third-party vendors. Companies must ensure their suppliers adhere to stringent security standards, extending evaluations to multiple tiers of the supply chain. 

•Customers will leverage cyber risk quantification tools and processes to enhance risk management, facilitate board communications, demonstrate effective risk management, and evaluate the efficacy of their cybersecurity programs. Additionally, supply chain security plays a crucial role in this process.

The post 2025 Cybersecurity Predictions appeared first on Cybersecurity Insiders.

Cybersecurity is dynamic, ever changing and unpredictable. This past year contained significant surprises. Who would have thought the largest data breach incident of 2024 would involve no malware or vulnerability exploitation?

Subject matter experts often make inaccurate predictions. Rather than try to predict the future, here are insights into what 2025 may hold based on Intel 471’s historical analyses of trends and intelligence collection.

Artificial intelligence (AI) will enhance, scale attacks.

In 2024, the AI naysayers became almost as loud as its proponents, with questions regarding how much large language models (LLMs) can improve, questionable scraping of training material and why LLMs aren’t great at math. But AI shows strong capabilities with narrow-focused tasks, such as search, chatbots, image and text generation and simple coding tasks. Cybercriminals and nation-state actors have shown interest in applying LLMs to some of the mundane tasks they’re faced with when trying to breach organizations. Microsoft and OpenAI disabled accounts used by Russian, Iranian, Chinese and North Korean threat actors. Those actors were using OpenAI’s services for productivity-enhancing tasks, such as researching companies, finding cybersecurity tools, debugging code, writing basic scripts, creating content for phishing campaigns and translation.

Predicting AI’s course over the next year would be foolish, as this is a field that has surprised machine learning (ML) and AI experts with years of middling progress, which has been punctuated with sudden leaps in forward movement. AI is becoming cheaper and more accessible via open source models that allow more malicious actors to experiment. This has resulted in more customized AI tools being offered on forums. In short, the risks are already here.

While threat actors may not be writing exploits with AI (yet), productivity gains are worrisome in that it increases the scale and quality of attacks, whether it be through polished phishing, better selected targets or faster and more complete reconnaissance. Also, visibility into how nation-state adversaries are using LLMs will fall as countries develop their own LLMs. The status quo now — where natively developed LLMs aren’t as good as OpenAI — gives OpenAI and Microsoft an insightful window into threat actor activity. Actors have to enter prompts, and all of those prompts can be correlated and analyzed as to where they’re coming from, what they’re asking and their likely goals. It’s like looking over the shoulder of adversaries while they’re plotting. This position won’t last, however.

Malware distribution will bounce back.

One of the most significant law enforcement operations of 2024, Operation Endgame, targeted several types of “dropper” or “loader” malware — initial stage infections that can download other malware. The operation focused on IcedID, SystemBC, Pikabot, SmokeLoader and Bumblebee, which threat actors used to distribute other malicious code that could eventually lead to ransomware, data theft, or further illicit activity. The operation led to four arrests and the takedown of more than 100 servers worldwide. This action appeared immediately successful, with the targeted malware families dropping in circulation. These law enforcement operations impose costs on threat actors, as it takes time, effort and money for them to reconstitute malware distribution infrastructure.

Intel 471’s patented malware emulation and monitoring system showed a sharp drop between the second and third quarter in delivered payloads, or to put it another way, malware observed delivering other malware. This could be the result of the disruptions. Since the distribution of loader or dropper malware is critical for follow-on attacks, there is market demand for access to compromised machines. As such, Intel 471 has observed one targeted malware family, Bumblebee, rebound with a new version circulating in October 2024. The Bumblebee campaign yet again proves that dismantling a malware campaign’s infrastructure does not guarantee its permanent elimination. Despite exhibiting low activity and lacking significant sophistication or unique distribution methods, the observed changes in development indicate the actors are actively refining their malware. We would expect overall malware distribution to increase in 2025.

Rising geopolitical tension will influence cyber.

Geopolitical events and cybersecurity are becoming ever closer entwined. Offensive cyber actions are used by nations for espionage, intellectual property (IP) theft, pre-positioning in case of conflict and spreading misinformation. China poses one of the most formidable adversaries, as it has targeted government and civilian infrastructure at scale. U.S. FBI Director Christopher Wray has said China “has a bigger hacking program than every other major nation combined. In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.” Russia, which continues a grinding war campaign in Ukraine, has long-running and highly effective advanced persistent threat (APT) groups that have continually demonstrated their expertise in infiltrating supply chains and compromising major software vendors.

The election of Trump for a second, non-consecutive term could change how the U.S. Department of Justice conducts cyber-related investigations. For at least a decade, the department has been aggressive in identifying, naming, sanctioning and indicting Russian, Chinese, Iranian and North Korean threat actors, both in the nation-state and financially motivated cybercrime spheres. A perceived weakening in how the U.S. approaches holding threat actors publicly accountable for their actions could open the door to more aggressive activity. However, cybersecurity has generally been one of the few non-partisan issues in an increasingly hostile U.S. political environment, so the department may be left to continue its solid work in holding threat actors accountable.

The post What 2025 May Hold for Cybersecurity appeared first on Cybersecurity Insiders.

The cybersecurity landscape in 2025 is sure to undergo transformative shifts driven by technological advancements and evolving global threats. The integration of AI into cybercriminal operations, the growing reliance on tokenized payment systems, and the increasing intersection of geopolitics with cyber aggression will define the year ahead. As the landscape evolves, it is essential for organisations and individuals to understand and prepare for the key threats on the horizon. Stefan Tanase, Cyber Intelligence Expert as CSIS, provides his cyber security threat landscape predictions for the year ahead.

1. AI-driven cybercrime becomes pervasive

Advancements in artificial intelligence will revolutionise cybercrime. Generative AI will automate reconnaissance, develop adaptive malware, and facilitate highly targeted phishing campaigns. Deepfakes, now capable of real-time manipulation, will enable convincing impersonations for fraud, social engineering, and misinformation campaigns. These attacks will challenge both technical defences and human trust in familiar voices and faces.

2. NFC attacks on tokenised payments

The adoption of mobile payment systems like Google Wallet and Apple Pay has grown exponentially, making them prime targets for cybercriminals. In 2025, we anticipate a significant rise in NFC-based attacks, exploiting vulnerabilities in tokenised card payment systems. These platforms will face unprecedented exploitation as attackers adapt to sophisticated payment technologies.

3. Targeting the crypto industry

As cryptocurrency becomes increasingly regulated and integrated into traditional finance, cyberattacks on the crypto ecosystem will intensify. From Bitcoin wallets to DeFi (decentralised finance) platforms, attackers will exploit vulnerabilities in smart contracts and target the growing number of investors in the crypto space.

4. Evolving ransomware tactics

While organisations are becoming more resilient with better defences and backup strategies, ransomware attacks will adapt. Data leaks, once a powerful extortion tool, are becoming less impactful. However, attacks that significantly disrupt business operations (e.g., halting logistics or sales) will drive higher ransom payments. The divergence between median and average ransom payments will highlight the varying impact of these attacks.

5. Emergence of hard-to-detect malware

Cybercriminals are increasingly using modern programming languages like Go and Rust to develop malware that is harder to detect and reverse-engineer. These binaries will pose a significant challenge to traditional security solutions, marking a shift toward more resilient and evasive malware. The use of “living off the land” binaries (LOLBins) for attack execution will further complicate detection and defence.

6. Supply chain attacks proliferate

The exploitation of open-source projects and generally technological supply chains will remain a favoured tactic. Attackers will continue to insert backdoors into widely used libraries, leading to increased supply chain vulnerabilities. Enhanced scrutiny of open-source projects will be critical, but attackers will still find creative ways to evade safeguards.

7. Increased zero-day exploitation

The trend of nation-state actors using zero-day vulnerabilities aggressively will accelerate. In 2024, actors like North Korea demonstrated a willingness to “burn” zero-days for immediate impact. In 2025, expect an escalation in zero-day usage, with countries like Russia and China pushing boundaries in their cyber espionage and sabotage campaigns.

8. Shifting cybercrime underground

Law enforcement crackdowns on platforms like Telegram and Matrix will force cybercriminals to innovate. A resurgence of underground forums is expected, coupled with a fragmentation of the cybercriminal community. However, replacing Telegram’s unique “social media” model for crowdsourcing attacks will be a major challenge for these groups.

9. Expansion of Chinese-speaking cybercrime

Chinese-speaking threat actors will become global leaders in cybercrime innovation. Historically adept at intellectual property theft, these actors will broaden their focus to include Europe and Latin America. Using advanced Android banking Trojans, remote access tools (RATs), and phishing campaigns, they will efficiently target new victims on a global scale.

10. Geopolitically driven cyber aggression

Rising geopolitical tensions will drive a surge in advanced persistent threat (APT) activities. Nation-state actors, particularly from China and Russia, will persistently target critical infrastructure, telecom providers, and cloud environments. These campaigns will demonstrate advanced tactics, with some threat actors maintaining access to sensitive systems for months or even years. Hacktivism and DDoS will also be fueled by geopolitical tensions.

The post The 2025 cyber security threat landscape appeared first on Cybersecurity Insiders.

[By Paul Fuegner – QuSecure]

The rapid advances we are seeing in emerging technologies like AI, ML and quantum computing will have a devastating impact on organizations not prepared and who have not considered updating existing modes of asymmetric data encryption.  As nation-states and threat actors continue to work hard to gain the upper hand, find new ways to infiltrate and steal data, it is very possible that our adversaries will gain the ability to decrypt virtually every secret possessed by the United States government and private industry that relies on asymmetric encryption. From your bank accounts to the nuclear codes and all data in between is at risk now for this scenario known as steal now, decrypt later (SNDL), otherwise known as screwed now, destroyed later. 

Many cyberattacks are already automated, yet if we add in AI’s learning potential, these attacks could be dramatically increased in size, scale and disruption. With quantum, early planning is necessary as cyber threat actors are targeting data today that would still require protection in the future – the plan “steal now, decrypt later” plan. 

Quantum is coming at a faster pace than anyone previously contemplated. In addition, the unprecedented power of quantum computers might enable nation-states and threat actors to crack the digital encryption system upon which the modern information and communication infrastructure depends. By breaking that encryption, quantum computing could jeopardize military communications, financial transactions, the support system for the global economy and even the foundations of liberty from which our society operates. 

Add in the potential for AI to increase cyber threats exponentially, CISA, NSA, and NIST urge organizations to begin preparing now by creating quantum-readiness roadmaps, applying risk assessments and analysis, and engaging vendors to test solutions that involve crypto agility and quantum resilience leading to a zero-trust architecture.

Changes That Can Happen Right Now – Crypto Agility is a Must Have  

Crypto agility allows organizations to apply any of the NIST Post Quantum Cryptography (PQC) candidates or their own custom developed algorithms.  Quantum-resilience providers then create a hyper encrypted trusted channel resilient to the threat of decryption from quantum-based computers. Any adversary will be unable to identify that PQC has been employed and will waste valuable time and compute power collecting data that they will never be able to decrypt.  

Much of the cryptography that we use today was first invented in the late ’70s. Most of our society fundamentally runs on the same cryptographic schemes, albeit with increased key sizes. And while these cryptographic methods might be effective against classical computers, they simply do not stand a chance against the combined force of AI and quantum computing. 

Here are some steps that you can take to bolster defenses for an AI / Quantum future:  

1. Begin with a cryptographic assessment: 

This will help determine which cryptographic schemes you are using, where they are located, and which ones are most vulnerable to AI and quantum attacks. This can help in identifying any weaknesses or vulnerabilities in these algorithms or deployments, leading to the development of more secure cryptographic techniques. 

2. Implement an orchestrated, cryptographic agility approach: 

This means you have an effortless way to change cryptography if it is breached, or for any other reason. Orchestrated cryptographic agility, powered by AI, could have the potential to stay one step ahead of attackers by shifting algorithms and keys so hackers see no consistent patterns. Given that multiple post-quantum algorithms are being proposed and developed, AI can assist in determining which of these algorithms is best suited for a particular use case, based on factors such as security, performance and available resources. 

3. Consider quantum resilient technologies: 

There are several innovative technologies to consider when aiming to ensure cyber resilience within your organization. Post-quantum cryptography (PQC), for example, uses new cryptographic algorithms that are resistant to quantum computers and may also help with AI-based attacks. You can learn more about new, approved cybersecurity standards by going to the National Institute of Standards and Technology (NIST) website. 

4. Address the entire network including servers, cloud and edge: 

Think of phones, laptops, servers behind the firewall, cloud-based servers and even satellites. For rapid scalable, advanced cryptographic deployment, look for PQC that can be deployed without installing anything on edge devices. This will make it much easier and quicker to secure your organization as there is no change to the endpoint or user experience. 

5. Use AI and ML for security: 

AI or machine learning (ML) can be used to manage and dynamically update security policies based on the threat landscape. Think of active defense, active attack mitigation and more to ensure that you are set for the future. 

6. Use AI for cryptanalysis: 

AI can be used for cryptanalysis of post-quantum cryptographic algorithms. This can help in identifying any weaknesses or vulnerabilities in these algorithms, leading to the development of more secure cryptographic techniques. 

It is important to know that new quantum safe encryption methods can be deployed now. The challenge is to make them work with existing encryption algorithms. Through crypto-agility, advanced quantum secure encryption solutions can map the network and identify which encryption algorithms and protocols are being employed for security between endpoints and servers. These solutions can deploy a proxy that can “speak” with each protocol being used between clients and encapsulate the data being sent with post-quantum resilient encryption. 

The days of relying on outdated encryption algorithms are gone.  Don’t let the fear of quantum computing hold you back from achieving digital transformation and quantum safety today. The time is now to understand AI and quantum threats and work to ensure your data and networks are resilient against powerful unexpected adversarial threats. Too much is at stake to find yourself screwed now and destroyed later.

The post It’s time to bolster defenses for an AI / Quantum Future appeared first on Cybersecurity Insiders.

[By Dominik Samociuk, PhD, Head of Security at Future Processing]

When more than 6 million articles of ancestry and genetic data were breached from 23 and Me’s secure database, companies were forced to confront and evaluate their own cybersecurity practices and data management. With approximately 2.39 million instances of cybercrime experienced across UK businesses last year, the time to act is now.

If even the most secure and unsuspecting businesses aren’t protected, then every business should consider themselves, and operate as a target. As we roll into 2024, it is unlikely there will be a reduction in cases like these. It is expected there will be an uptick in the methods and levels of sophistication employed by hackers to obtain sensitive data – something that continues to increase as a high-ticket commodity.

In the next two years, it is predicted that the cost of cyber damage will grow by 15% yearly, reaching a peak of $10.5 trillion in 2025. We won’t be saying goodbye to ransomware in 2024, but rather saying hello to an evolved, automated, adaptable, and more intelligent form of it. But what else is expected to take the security industry by storm in 2024?

Offensive vs. Defensive Use of AI in Cybersecurity

Cybersecurity is a symbiotic cycle for companies. From attack to defence, an organisation’s security experts must be constantly defensive against malicious attacks. In 2024, there will be a rise in the use of Generative AI with an alarming 70% of workers using ChatGPT not making their employers aware – opening the door for significant security issues, especially for outsourced tasks like coding. And while its uses are groundbreaking, Gen AI’s misuses, especially when it comes to cybersecurity, are cause for concern.

Cybersecurity breaches will come from more sophisticated sources this year. As artificial intelligence (AI) continues to surpass development expectations, systems that can analyse and replicate humans are now being employed. With platforms like LOVO AI, and Deepgram making their way into mainstream use – often for hoax or ruse purposes – sinister uses of these platforms are being employed by cybercriminals to trick unsuspecting victims into disclosing sensitive network information from their business or place of work.

Cybercriminals target the weakest part of any security operation – the people – by encouraging them to divulge personal and sensitive information that might be used to breach internal cybersecurity. Further, Generative AI platforms like ChatGPT can  be used to automate the production of malicious code introduced internally or externally to the network. On the other hand, AI is being used to strengthen cybersecurity in unlikely ways. Emulating a cinematic cyber-future, AI can be used for the detection of malware and abnormal system/ or user activity to alert human operators. It can then equip staff with the tools and resources needed to respond in these instances.

Fatally, like any revolutionary platform, AI produces hazards and opportunities for misuse and exploitation. Seeing a rise in alarming cases of abuse, cybersecurity experts must consider the effect these might have before moving forward with an adaptable strategy for the year.

Data Privacy, Passkeys, and Targeting Small Businesses

Cybercriminals using their expertise to target small businesses is expected to increase in 2024. By nature, small businesses are unlikely to operate at a level able to employ the resources needed to combat consistent cybersecurity threats that larger organisations face on a daily basis. Therefore, with areas of cybersecurity unaccounted for, cybercriminals are likely to increasingly exploit vulnerabilities within small business networks.

They may also exploit the embarrassment felt by small business owners on occasions like these. If their data is being held for ransom, a small business owner, without the legal resources needed to fight (or tidy up) a data breach is more likely to give in to the demands of an attacker to save face, often setting them back thousands of pounds. Regular custom, loyalty, trust, and reputation makes or breaks a small business. Even the smallest data breaches can, in one fell swoop, lay waste to all of these.

Unlikely to have dedicated cybersecurity teams in place, a small business will often employ less secure and inexpensive data management solutions – making them prime targets. Contrary to expectations, in 2024, we will not say goodbye to the employment of ransomware. In fact, these tools are likely to become more common for larger, well-insured companies due to gold-rush on data harvesting.

Additionally, changing passwords will become a thing of the past. With companies like Apple beta-testing passkeys in consumer devices and even Google describing them as ‘the beginning of the end of the password’, businesses will no doubt begin to adopt this more secure technology, stored on local devices, for any systems that hold sensitive data. Using passwordless forms of identification mitigates issues associated with cyber criminals’ common method of exploiting personal information for unauthorised access.

Generative AI’s Impact on Information Warfare and Elections

In 2024, more than sixty countries will see an election take place, and as politics barrel towards all-out war in many, it is more important than ever to safeguard cybersecurity to account for a tighter grip on fact-checked information and official government communications. It is likely that we will see a steep rise in Generative AI supported propaganda on social media.

In 2016, amidst the heat of a combative and unfriendly US Presidential election, republican candidate Donald Trump popularised the term ‘Fake News’, which eight years later continues to plague realms of the internet in relation to ongoing global events. It was estimated that 25% of tweets sampled during this time, related to the election, contained links to intentionally misleading or false news stories in an attempt to further a viewpoint’s popularity. Online trust comes hand-in-hand with security, without one the other cannot exist.

While in 2016, the contemporary use of AI was extremely limited in today’s terms, what becomes of striking concern is the access members of the public have to platforms where, at will, they can legitimise a controversial viewpoint, or ‘fake news’ by generating video or audio clips of political figures, or quotes and news articles with a simple request. The ability to generate convincing text and media can significantly influence public opinion and sway electoral processes, destabilising a country’s internal and external cybersecurity.

Of greatest concern is the unsuspecting public’s inability to identify news generated by AI. Cornell University found that people were tricked into finding new false articles generated by AI credible over two-thirds of the time. Further studies found that humans were unable to identify articles written by ChatGPT beyond a level of random chance. As Generative AI’s sophistication increases, it will become ever more difficult to identify what information is genuine and safeguard online security. This is critical as Generative AI can now be used as ammunition in information warfare through the spread of hateful, controversial, and false propaganda during election periods.

In conclusion, 2024, like 2023, will see a great shift in focus toward internal security. A network is at its most vulnerable when the people who run it aren’t aligned in their strategies and values. Advanced technologies, like AI and ransomware, will continue to be a rising issue for the industry, and not only destabilise networks externally, but internally, too, as employees are unaware of the effects using such platforms might have.

The post Securing The Future: Cybersecurity Predictions for 2024 appeared first on Cybersecurity Insiders.