2025 Security Predictions

Increasing Cybersecurity issues will lead to Ransomware increase

Ransomware will continue to be a major issue and it will affect not only large corporations but also small and medium-sized businesses as well. Threat actors have already found very good returns on their investment in ransomware attacks and will likely double down on them. With more AI tools and an ever-increasing presence of dark web data, ransomware will be combined with social engineering attacks on businesses and individuals. Attackers will show threatening AI generated pictures or insinuate other physical threats against their ransomware victims as a way to persuade them to pay. New generative AI will be used to scale content creation, produce more persuasive content, and even employ deepfake/voice replication for sophisticated phishing and social engineering attacks.

Malicious AI will start creating attacks from start to finish

It is very possible that the malicious use of multimodal AI will eventually be used to craft an entire attack chain. Remember, multimodal AI combines the power of more specialized generative AI models that can do one thing well, such as create code or images. Once multimodal AI systems gain the ability to integrate text, images, voice, and sophisticated coding, they will allow threat actors who leverage them to streamline and automate the entire pipeline of a cyberattack. This includes profiling targets on social media, crafting and delivering realistic phishing content, including voice phishing (vishing), sometimes finding zero-day exploits, generating malware that can bypass endpoint detection and deploying the infrastructure to support it, automating lateral movements within compromised networks, and exfiltrating stolen data. This hands-off, entirely seamless approach will democratize cyber threats even more radically than malware-as-a-service offerings have in recent years. This will enable less-skilled threat actors to launch advanced attacks with minimal human interactions. If and when this happens, it will prove that organizations and security teams, regardless of size, will face an increase in highly tailored cyber threats that will be difficult to detect and combat.

Recommended Remediations: End User Security Training, Security Operations Center.

Shadow IT risks will rise

Shadow IT has always been a risk, but now its risk will become very extreme. Shadow IT is the use of IT systems and services without the knowledge of an organization's IT department. It can include software, hardware, and cloud services. When the IT department does not properly secure these items or, worse yet, is not properly involved in securing of these items, risks will exponentially increase. With so many cloud software as a service (SaaS) products being introduced by employees, contractors, or others as more innovative tools are available for easy deployment without a security review, there is a heightened risk of data leakage and general security threats. Additionally, the use of unsanctioned AI SaaS tools will increase, posing risks of downloading malicious AI Tools or legitimate AI Tools that have been tampered with.

Recommended Remediations: Vulnerability Management.

Threat Actors will move to the long con

It is believed that attackers will intensify their attempts to target little-known but widely used third-party open-source libraries and dependencies to avoid detection and execute malicious attacks. This was already accomplished in 2024 with the SSH Backdoor that was created from Compromised XZ Utils Library. This library exists on all Linux, Unix, and macOS computers. Since this technique has already proven to be successful and based on this success, malicious actors will expand their efforts on this "long-con" approach. They will target the software supply chain over a long period of time, building up a false reputation as a good-faith actor rather than just instigating a point attack. This could even involve impersonating or compromising reputable maintainers to enter the software supply chain. By quietly invading these trusted sources that many applications use, attackers can push malware, making the threat much more challenging for organizations and open-source ecosystems to detect and defend against.

Bad Actors will start to profit with Generative AI

Generative AI has not quite yet found a way to be able to deliver transformative changes to organizations or produce the returns on investment that has been promised. Even if the broad impact hasn’t materialized, the technology has seen dramatic improvements in areas involving audio and video generation used in deepfakes. Whether GenAI continues to dominate mainstream headlines or not, the technology itself will continue to improve exponentially in the background. As humans tend to remember the instances of bad deepfakes and other issues, they may believe GenAI is a far-off promise that cannot fool them. This will open up new attack vectors for bad actors to profit by combining GenAI with other sophisticated tactics to earn the trust of organizations when performing what they believe is a legitimate business transaction.

Recommended Remediations: End User Security Training, Dark Web Monitoring, Security Operations Center.

Social engineering attacks will get better

We will see very convincing social engineering attacks like never before. Threat actors will use AI to scale content creation, produce more persuasive content, and employ deepfake/voice replication for sophisticated phishing and social engineering attacks. Phishing already provides a good ROI for threat actors, and we fully expect to see high-quality phishing to warm up the target with layered follow-up social engineering tactics.

Recommended Remediations: End User Security Training, Dark Web Monitoring, Security Operations Center

AI Powered Detection will start to take the lead role

Companies will need to get serious about building cybersecurity resilience. To do this, XDR will evolve beyond reactive monitoring to become the backbone of predictive and automated security operations. Expect XDR platforms to integrate with broader ecosystems like SOAR and AI-driven threat intelligence. This will enable dynamic risk scoring and prioritized responses across cloud, endpoint, and network detections. AI will play a central role, enabling XDR to analyze vast volumes of data in real-time, detect subtle attack patterns, and predict potential threats before they materialize. This AI-driven evolution will transform XDR from a responsive tool into a proactive security strategy, capable of adapting to an ever-changing threat landscape.

Small and medium businesses, which have been seen as low low-hanging fruit for attackers because of their lack of IT security, will need to increasingly adopt XDR as a cost-effective solution to consolidate their defenses. This will be mirroring enterprise-grade security for a fraction of the cost. AI’s automation capabilities will make advanced security attainable even for resource-constrained organizations and significantly reducing their reliance on large SOC teams. Decision makers and business owners must think of XDR not just as a 911 system for your business, but as a full-service command center, driven by AI, preemptively defusing threats and continuously learning to enhance resilience.

The CISO becomes the least desirable role in business

The Chief Information Security Officer (CISO) is a human-centric role and the biggest issues that CISOs typically encounter are not the technical problems but human and governance problems. As regulatory and policy demands grow, including requirements for the CISO to personally certify the cybersecurity integrity of their business, they will face greater personal accountability and legal risk in 2025 and beyond. Because of this CISOs are facing increased burnout. Not to mention the growing challenge of gaining support across departments and managing the actual security threats. Budgeting is also becoming a huge issue as companies look cost cutting and at direct ROI of expenditures. Cybersecurity has a long-term ROI and this is not realized as directly as other more tangible expenses. This ROI problem is one reason why small and mid-sized businesses have been slow to adopt security solutions.