What security trends and developments will have the biggest impact on organisations in 2025? Based on observations and analysis from security experts at Computest Security and the incident response specialists at Incide, there are 7 trends CSOs should be aware of and act upon to create a solid and sustainable cybersecurity strategy.
Increase in business email compromise attacks
Although organisations have invested heavily in security awareness in the past years, we conclude that Business Email Compromise (BEC) remains to be one of the most popular attack methods. Cyber criminals reap the benefits of CxO and ‘Adversery in the Middle’ (AitM) attacks to commit financial fraud. These attacks are fueled by the use deepfake techniques that facilitate impersonation and social engineering schemes. With AI becoming more and more sophisticated this trend will persist and urge companies to increase their security monitoring and measures.
Striking decrease in ransomware attacks
In 2024 we’ve seen a significant drop in ransomware. This trend first became prevalent after the escalation of the conflict between Russia and Ukraine. Especially from 2022 we have seen a decline in attacks that will continue this year. One of the more recent triggers that impact this trend, is the infringement of a large Russian based extensive money laundering network by the Russian authorities, making laundering of crypto into regular currencies much more complicated. Additionally, the detention of certain Threat Actor operators has created a climate of insecurity among ransomware groups, leading to a decline in activity from major players and an increase in attacks by lone wolves.
For the ransomware cases that do sustain, we observe that data based extortion has become the most prevalent focus. Attackers use a more ‘hit and run’ based methodology, stealing limited amounts of valuable and put high pressure on paying as soon as possible.
Rise of synthetic identity fraud
Synthetic identity fraud which combines real and fake information to create new identities, is clearly on the rise. These created, fake identities often fall through the cracks of detection systems and provide cybercriminals with the opportunity to leverage these identities for loans or even to apply or government services. Synthetic identity fraud is a growing threat to financial institutions, governments and also retail and healthcare organisations that are processing personal information to deliver their services.
Increased risk data theft and disruption by state actors
As geopolitical tensions increase, data theft and disruptions or core infrastructure are major security trends for 2025. Nation-state actors are increasingly targeting classified or critical data to gather intelligence from governments and corporations. And as also mentioned in this research by the University of Leiden, they are looking to sabotage and disrupt vital infrastructures to cause chaos and destabilase society.
To effectively respond to this threat, organizations should focus on data classification, enhance encryption and overall strengthen cyber resilience. This also applies to heightened attention for critical infrastructures, including Operations Technology (OT) which are specifically vulnerable to attacks in international disputes.
More zero-day vulnerabilities in edge devices
As cyber defense for office environments has become stronger, we’ve noticed an increased focus from threat actors on zero-day vulnerabilities in edge devices. These devices are not in the primary scope of private IT-environments, but potentially are a steppingstone to provide access to a vast attack surface which can be a serious security risk. The exploitation of Fortimanager vulnerabilities is a recent example of this. Also, we see an increased focus on relatively easy to find and exploit vulnerabilities in Operational Technology (OT) and Internet of Things (IoT). Many appliances are exposed and lack common security controls, including monitoring options. However, safeguarding security throughout the whole supply chain is crucial to protect environments against security threats.
Security compliance and Third Party Assurance as the new normal
Besides having to comply with new laws and compliance measures, we observe an overall trend towards the need to demonstrate control. For instance by providing third party control statements and evidence that independent security penetration testing has taken place. More specifically 2025 will entail new legislation with the Digital Operational Resilience Act (DORA) coming into effect increasing the overall security compliance need of already compliance heavy financial organisations. Also, we’ll likely see increasing supervisory efforts on NIS2 all over Europe in 2025.
With the Cyber Resilience Act (CRA) in effect, there will be an increased focus on security by manufacturers of smart (consumer) electronics and OT systems. Also, we expect to see more attention for security measures for supply chains, where MSP’s, SaaS-providers and MSSP’s or other affiliates need to demonstrate compliance.
AI turbocharges tool kit of cybercriminals
There is a lot of buzz and fuzz on AI threats. However, there are objective arguments to take these seriously as AI has equipped cybercriminals with new and sophisticated tools which also enable less experienced or knowledgeable cybercriminals to make serious impact. Besides new ways for social engineering and powerful deep fake content we’ve discussed already, AI powered tools can support and accelerate large scale phishing campaigns and enable continuous malware enhancement. In 2025 we’re bound to see more new tools that will require new security measures to mitigate the risks these entail.
“This year, our incident response practice has seen a surge in AI-enabled attacks, a significant decline in ransomware incidents and more focus on edge devices as a steppingstone for access to enterprise infrastructures”, says Dennis de Hoog, CEO at Computest Security. “We expect these threats will continue to grow in 2025 as cybercriminals will leverage more sophisticated methods. To stay ahead, organisations must remain vigilant by proactively monitoring for exfiltrated credentials or leaked confidential data, regularly assessing OT infrastructure, IoT devices and enhance their awareness and response. Only by being proactive they can build the resilience that’s needed to effectively defend themselves against the evolving cyber threat landscape.”