Experts look ahead part 2: Cybersecurity in 2025

Cybersecurity 2025

Cybersecurity 2025Last week, we consulted several cybersecurity experts to gain insights into potential threats that may emerge in 2025. Given the variety of opinions and expertise available, we decided to reach out again this week and compiled an equally diverse and extensive list of predictions for the future of cybersecurity.

Social engineering will become turbocharged

Chetan Honnenahalli, Engineering Lead at HubSpot, says, “In 2025, one of the biggest threats to Cybersecurity will be “turbocharged social engineering with artificial intelligence (AI) powered phishing agents.”

Currently, the biggest threat to Cybersecurity is Social Engineering, which is when a fraudster establishes a rapport with a victim and learns information about them to guess the victim’s usernames and passwords. These are then used for Account Takeover (ATO) to exploit users for financial gain.

Fraudsters take two approaches to this, 1) broad-stroke automated social engineering efforts using emails and text messages, 2) pointed in-person social engineering efforts over Facebook messenger, text messages, emails, etc.,

The second approach is time-consuming but effective. The first, the broad stroke approach, is cheaper but ineffective as most users can tell that the text is from a bot. That is, until now.

With the improvements in conversational AI technology, fraudsters can now merge both approaches and create AI agents that will socially engineer for them en masse, an approach that is both automated and effective. The conversations will be indistinguishable from a human, and even the very tech-savvy can easily fall prey to this.

Organizations will have to double down on their efforts to detect AI-based conversations. AI companies will have to bear responsibility for who can use their technology. This is arguably the biggest threat to Cybersecurity in 2025 as this affects organizations and regular people alike.

Deepfakes and AI-driven scams will become more common

Vinicius Perallis, CEO and Specialist in Cybersecurity Awareness at Hacker Rangers believes that deepfakes and AI-driven frauds will be the top cybersecurity challenges in 2025. “As AI blurs the line between what’s real and what’s not, strengthening cybersecurity awareness will be crucial in the coming year,” he says, adding, “With humans being the primary attack vector, it’s vital to equip individuals with the knowledge to identify and defend against these evolving threats.”

Vlad Cristescu, Head of Cybersecurity at ZeroBounce, explains that “AI will continue to revolutionize the way we live and work, but it will also be a tool for bad actors.”

He goes on to say, “We can expect to see sophisticated AI-driven scams, like deepfake phishing and voice impersonation, becoming more common and harder to detect. Imagine receiving a perfectly convincing voicemail from your boss that’s actually fake. Scary, right?”

Quantum computing will mature

Quantum computing is another game-changer. With breakthroughs like Google’s latest quantum chip, the potential for cracking today’s encryption grows closer. Hackers might start saving encrypted data, planning to decrypt it later when quantum technology matures. This is why adopting quantum-resistant encryption will soon move from being optional to being essential.

On a positive note, organizations are catching up. Many are investing in smarter security tools, like AI-powered systems that can detect threats in real-time and automate responses. The shift toward Zero Trust strategies, where no user or device is trusted by default, will become the norm as companies work to stay one step ahead of cybercriminals.

2025 will be a year of adapting to these changes, with collaboration and innovation leading the charge in keeping us safe.

Freddie Tubbs, Technical program manager at Academized.com, believes that in 2025, the biggest cybersecurity narratives will likely be related to how AI-powered attacks – such as hyper-realistic deepfake attacks for fraud and espionage, or increasingly sophisticated ransomware for critical infrastructure. “New threats from quantum computing and exploiting IoT and edge-device vulnerabilities might also control the market, a threat we are only just learning to understand,” he says.

Ransomware and supply chain breaches will continue to grow

Vincentas Baubonis, Head of Security Research at Cybernews points out that “Cybercriminals are expected to leverage generative AI to craft sophisticated phishing campaigns, develop autonomous malware, and execute social engineering attacks capable of bypassing traditional defenses.”

The Business Digital Index by Cybernews shows that more than 80 percent of Fortune 500 companies received poor cybersecurity grades. This highlights significant vulnerabilities in foundational measures, such as email and web application security, which AI-powered attackers are ready to exploit.

Next, attacks on IoT devices and critical infrastructure will increase, especially in the energy and healthcare sectors, following the trend of increasing attacks in most fields, especially for gangs operating in ransomware, and thoroughly exposing exploitable weak spots in connected systems.

According to the Ransomlooker developed by Baubonis, in 2024 alone, there were 1,695 ransomware attacks in the US, compared to 1,323 attacks in 2023. Baubonis says, “Despite the joint forces of FBI and Interpol tackling ransomware operators, we saw a steady increase in other reported verticals compared to 2023. For example, there were 67 active ransomware gangs, while in 2024 we noted at least 84.”

He adds, “Supply chain breaches will also grow as a preferred tactic, fueled by compromised vendor credentials, targeted spear phishing attacks, and weak implementation of multi-factor authentication (MFA).”

Manufacturing, technology, and critical infrastructure

The Business Digital Index revealed that manufacturing and technology sectors within the Fortune 500, key players in global supply chains, are among the most vulnerable, with over 80 percent scoring a D or worse for security measures.

According to Cybernews Personal Data Leak Checker in 2024 Q1-Q3, the US recorded 57 million compromised accounts, highlighting vulnerabilities in both private and public systems. “This surge in breaches underscores broader cybersecurity challenges, making critical infrastructure, like energy, finance, and healthcare, prime targets for nation-state actors and other sophisticated threat actors,” says Baubonis. “These advanced persistent groups will use malware, espionage, and disinformation to disrupt economies, gather intelligence, and destabilize governments.”

What will 2025 actually hold in the world of cybersecurity?  Keep checking in with SmarterMSP.com where we keep our fingers on the pulse of cybersecurity throughout the year!

Photo: Midnight Studio / Shutterstock

This post originally appeared on Smarter MSP.