With the new year here, we thought we’d check with various experts to see if they could peer into their crystal balls and predict what 2025 might bring to the world of cybersecurity. Their insights and predictions paint a picture of a year full of surprises and evolving cybersecurity.
Some experts could summarize the year in a single sentence or two, while others had more wide-ranging concerns. Interviews have been lightly edited for clarity. We will offer more insights from experts in part 2 of this series. But the takeaway from these interviews is to buckle up – 2025 could be quite a ride!
Evolving strategies and ongoing threats
Simon Wijckmans, CEO at c/side: Client-side web script security had a disastrous 2024. Hopefully, it’s been enough of a wake-up call for managed service providers (MSPs) and organizations to monitor these scripts (which run everything from payment portals to analytics to chatbots). Especially with new mandates for PCI DSS coming in 2025, the stakes of getting web security right are higher than ever. But we shall see.
Cam Roberson, Channel VP at Beachhead Solutions: We’ll see MSPs abandoning the fantasy of “perfect” protection. MSPs clinging to rigid, perimeter-focused security strategies set themselves up for catastrophic failure. Attackers *will* find a way in. They’ll discover the one outdated software patch, the one misconfigured device, or the one employee mistake. My prediction is that MSPs will turn this cybersecurity challenge into a competitive advantage (if they can also market it correctly, of course). Instead of pouring all their resources into building higher walls, they’ll create security mazes with layered defenses.
Robert Scott, chief innovator at MONJUR: I believe business email compromise and ransomware will continue to present the highest risks in cyber security in 2025.”
IoT risks, ransomware, and the end of Windows 10
Paul DeMott, CTO at Helium SEO: With the increase in IoT devices, we’re looking at an explosion in attack surfaces. By 2025, everything from your smart fridge to industrial sensors could be an entry point. Security for these devices will need to get smarter, with manufacturers potentially being held legally accountable for security lapses.
Jeff Le, VP, Global Government Affairs and Public Policy at SecurityScorecard: Proliferation in ransomware-as-a-service attacks to state and local governments and critical infrastructure (especially through more vulnerable contractors/subcontractors in the supply chain). Something to watch: bipartisan efforts to tackle federal privacy and pressure from states and global governments (who are further ahead on privacy and AI laws) to complete meaningful AI safety and standards legislation (also critical for cyber in 2025).
Aaron Shaha, Chief Threat Research and Intelligence at CyberMaxx: In 2025, we expect cyberattacks to increasingly target critical communications infrastructure, as evidenced by recent intrusions into U.S. systems and sabotage of undersea cables in Europe. Identity-based attacks will also surge, fueled by extensive personal data compromised in 2024 incidents such as the Change Healthcare breach. Attackers will also use Microsoft’s O365 graph to hide and exfiltrate data from victims.
Business leaders should invest in redundant communication systems and strengthen their identity and access management systems. They should also rigorously evaluate cloud security.
Morey Haber, Chief Security Advisor at BeyondTrust. Planned obsolescence will force electronic exodus. In October 2025, we’ll see one of the most significant end-of-life (EOL) announcements since Windows XP. Microsoft has plans to end-of-life Windows 10 (completely and for good—unless you are willing to pay for extended support). This means hundreds of millions of systems will lack the hardware requirements for Microsoft’s newest OS and cannot upgrade to Windows 11. Those systems will become obsolete, and many will end up in landfills. A flood of perfectly functional but vulnerable and obsolete notebooks, laptops, and desktop computers will hit the market in the second half of 2025. These devices will be sold or recycled as organizations and individuals move to alternative systems. As a result, the hardware market will get a much-needed boost, including a switch to ARM processors.
We can expect to see a significant increase in the use of alternative desktop operating systems. This includes Linux, Mint, or Ubuntu Desktop. Organizations and individuals will adopt these systems as a way to minimize the cost of hardware replacement.
Stay tuned as we bring together even more experts to share their insights on what 2025 may have in store!
Photo: Midnight Studio / Shutterstock
This post originally appeared on Smarter MSP.
