This month we do our annual review of some of the top cybersecurity issues of the year and look ahead to 2025. As cybersecurity threats continue to evolve and become more sophisticated and challenging to detect, we will explore what experts believe will be the crucial areas of new potential cybersecurity risk in the upcoming year.
A recent article in Forbes reports that the complexities of cyber defense are ongoing and increasingly advanced. Cybercriminals have begun to use Generative AI in advanced attacks at scale; allowing for a high level of authenticity, these attacks render phishing threats more effective and defense against these infiltration techniques more challenging. The reactive strategy utilized by many organizations means that security teams are overburdened with internal operations, leaving environments more exposed to external threats. Complexity (of both threats and internal infrastructure) is a central challenge and primary obstacle to achieving true cyber resilience against sophisticated cyber criminals. AI and machine learning will continue to transform the cyber environment for both malicious actors and those defending against such attacks (and is predicted to be a major player in cyber defense in 2025 as well).
Zero-trust principles (see the CYRIN November newsletter), a.k.a. never trust, always verify, was a major issue of 2024 and is expected to become standard practice in the coming years in an effort to reduce the capability of bad actors and decrease ransomware attack risk. Protecting the supply chain and managing third-party risk will force companies to level up their governance, risk and compliance (GRC) initiatives.
Rapidly advancing technology means that businesses, organizations and government agencies need to be hyper-vigilant about proactive cybersecurity.
Cybercrime is alarming and dangerous, no doubt, but it is also expensive. Heading into 2025, the global average cost of a data breach has reached an all-time high of $4.88 million, a 10% rise over 2023. Other outlets predict that cybercrime is expected to reach or exceed $13.82 trillion by 2028. Being one step ahead of the threats is key.
Cyber Defense Magazine reports that the AI market is expected to surpass $826 billion by 2030. Because AI has become and will remain crucial in the cyber landscape, the number of U.S. companies investing $10 million or more in AI will nearly double in 2025. AI is expected to enhance and automate threat detection while analyzing large datasets and predicting potential breaches in real time. AI expedites response times because it quickly analyzes patterns and recognizes anomalies that human analysts might miss.
However, AI systems are vulnerable to attacks as “manipulated inputs” can cause the models to misfire or behave erratically. Cybercriminals can also leverage AI to advance their campaigns and malware attacks. That said, bad actors are expected to use AI to create more complex threats, such as AI-generated malware and advanced phishing campaigns. In industries like healthcare, finance, and autonomous vehicles, these cyber-attacks pose devastating and life-threatening consequences.
One major idea to boost cybersecurity is to utilize zero trust frameworks, where every user, device, and connection must be authenticated and authorized whether they are inside or outside the network. This will provide greater control and defense, shrinking attack surfaces and protecting against inside threats.
Businesses will need to bolster their zero trust infrastructures as a main line of cyber protection as well as change the organization’s philosophy and culture around cybersecurity.
Supply chain protection will become a priority as businesses acknowledge the exposures posed by third-party vendors and partners. The SolarWinds hack highlighted the risks within supply chains, pointing to the need for increased security protocols for external vendors. A recent survey showed that security incidents linked to third parties have nearly doubled year over year. Plus, high-profile breaches like the SolarWinds hack have put a spotlight on the risks within supply chains. In response, organizations must implement stricter vetting, monitoring, and security protocols for external vendors. Enhanced collaboration and information sharing across industries will be key to detecting and mitigating supply chain risks before they spread through interconnected systems.
A 2021 Gartner report proved particularly prescient, saying that the majority of companies across the globe would join the cloud revolution by 2025. But protecting these environments is complicated as well as vitally important. Security measures like cloud-native defense solutions will be required.
One way to defend against cybersecurity breaches, in addition to solutions such as zero-trust architectures, is cyber insurance, which will become increasingly relevant in 2025. This will require companies to report their best practices for security measures and it is used to proactively combat future costs and risks. A 2024 survey reported that more than 59% of businesses cited data breaches as their number one concern, so coverage has become very important. Beyond reducing direct costs, cyber insurance offers resources that help organizations recover, including PR services to manage reputational damage. Cyber insurance needs to be a key component of an overall risk management strategy. Without it, it may be difficult for businesses to recover from incidents and mitigate long-term financial damage.
In 2023, almost 73% of businesses worldwide were impacted by ransomware.
According to Tech Target’s 2024 ransomware report, there are now companies offering Ransomware as a Service (RaaS). This is a subscription-based business model that enables cyber criminals to launch ransomware attacks by accessing and using pre-developed ransomware tools. These ransomware kits are expected to become increasingly accessible to non-technical criminals, which will increase attack frequency and severity.
Ransomware tactics continue to evolve, from targeted attacks on high-value data to automated mass campaigns that demand cryptocurrency payments. As attackers have evolved, businesses and all organizations will have to respond in kind. To mitigate this, organizations must develop comprehensive backup and recovery plans, regularly patch vulnerabilities, and invest in advanced Endpoint Detection and Response (EDR) systems.
According to the American Hospital Association (AHA), 2023 was the worst year for breaches in health care. It certainly seemed to continue in early 2024 with February’s catastrophic attack on the nation’s largest medical claims clearinghouse, Change Healthcare, which is owned by UnitedHealthcare Group. Change Healthcare was infiltrated and taken down by cybercriminals affiliated with hacker collective AlphV.
For several years experts grew concerned about hospital infrastructure and warned that as the number of interconnected IoT devices grows, so too does the attack surface and with it, increased vulnerabilities. Cybercriminals have been empowered to infiltrate such systems in industrial environments and critical infrastructure such as healthcare. This is a particular risk for hospitals and other concentrated health care environments.
Cyber Defense Magazine predicts that in 2025 the adoption of SBOMs will expand beyond traditional software, with AI and ML applications driving demand for more advanced BOM frameworks. Concepts like ML-BOMs (as defined by CycloneDX) will need rapid evolution to address the intricacies of modern LLM applications. For government and defense organizations, effectively managing this complexity will require an expanded ML-BOM standard that can account for continuous updates, complex dependencies, and provenance tracking across AI and ML systems. Achieving interoperability across ecosystems will be critical.
Kevin Kirkwood, CISO at Exabeam, stated in Cyber Defense Magazine, that “As geopolitical tensions rise, cybercriminals from nations like Russia, China and Iran may increase ‘living off the land’ attacks, where attackers exploit legitimate tools and processes within an organization’s network to avoid detection. Nation states like China, Russia and Iran may increase their use of this technique, spreading across networks, establishing multiple backdoors and ensuring they can re-enter if initial access points are cut off.” As these attacks grow more sophisticated, organizations will need to refine their ability to distinguish between normal operations and subtle deviations, focusing on baseline behavior and anomaly detection. State sponsored attacks to achieve geopolitical objectives will pose ongoing threats.
One example, reported in Cybersecurity Dive in early December, was that Salt Typhoon, a China-affiliated threat group, gained access to many telecom networks and stole large amounts of data, including audio and text of targeted people involved in government or politics. Federal officials warned that a wave of China-linked attacks on U.S. telecom networks is so widespread and actively evolving that officials still don’t know the full extent of damages caused by the global espionage campaign or what remains at risk.
In the coming months CYRIN looks to have several new labs and exercises in many of these upcoming areas including Crypto and AI. The security and integrity of these rapidly developing fields will be crucial in the upcoming years.
Train, Train, Train. At CYRIN we know how to train, monitor, track and provide ample metrics for the results of that training. Down to keystroke level we can tell where students, learners and trainees might be struggling, need more help or appear to be well on their way to understanding both basic and advanced cybersecurity principles. Research indicates that employees who are “rusty” in cybersecurity training are most fearful of using technology at work.
In 2025 it will be critical to get the “hands-on” feel for the tools and attacks and train on real-world scenarios. Otherwise, you just won’t be prepared for when the inevitable happens. The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, with no special software required. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!