
THE CYBER YEAR AHEAD
What is in store for the cyber industry this year, you may ask? AI will certainly take centre stage – for both the good and the bad – and its development and deployment promises to be rigorously regulated. Nevertheless, there’s much more than AI that will impact the world of cybersecurity in 2025 and beyond. Let’s explore some of the frontrunning predictions and the state of cybersecurity in 2025.
CLOUD PLATFORMS
Cloud-based platforms are increasingly becoming the foundation of cybersecurity, with AI-driven integration proving more effective than standalone tools. By unifying various security operations, these platforms reduce complexity, enabling organisations to address threats and vulnerabilities in the cloud with greater efficiency and effectiveness. Solutions such as CNAPP, ASPM, and DSPM combine to form comprehensive security posture management (SPM) suites.
AI MISUSE
As AI technologies become increasingly integrated into personal and workplace environments, concerns about their misuse continue to grow. This year, the risk of data breaches caused by employees inadvertently sharing sensitive information with AI platforms like ChatGPT or Google’s Gemini is a significant concern. Employees may input confidential information, such as financial data, to generate reports or analyses, often unaware that unauthorised parties could store and access this data. Implementing stricter controls on AI tools within an organisation’s systems will be essential to strike a balance between boosting productivity and safeguarding data privacy.
BUSINESS EMAIL COMPROMISE AND MORE
2024 began with headlines highlighting sporadic yet successful instances of financial crime powered by Generative AI. Cybercriminals have recognised the potential of GenAI and are increasingly investing in its integration into various technological tools, particularly for Business Email Compromise (BEC) and Know Your Customer (KYC) bypass techniques. These threats are expected to become more widespread this year, as cybercriminals continue to develop and implement GenAI in these malicious activities.
OPEN SOURCE THREATS
As open-source projects grow in popularity, they are becoming increasingly attractive targets for malicious actors seeking to exploit vulnerabilities in widely used software. In the wake of the sophisticated multi-year operation that embedded a backdoor into Linux XZ Utils, we can anticipate further similar attack attempts and the uncovering of previously planted backdoors. This escalating threat underscores the urgent need for improved security measures and heightened vigilance within the open-source community.
DECENTRALISED CYBERCRIME
Recent successes by law enforcement in disrupting major ransomware operations and botnets such as the LockBit crackdown, have driven malicious actors to shift towards smaller, more decentralised networks, methodologies, and operations. Large ransomware groups have splintered into smaller factions, while infostealer-driven ecosystems have become the primary method for facilitating initial access. This decentralisation demands that defenders adapt their strategies, emphasising the critical need for improved collaboration and intelligence sharing.
INCREASED REGULATION
Organisations will face mounting pressure from new cybersecurity regulations, including the EU IoT Regulations, SEC Cybersecurity Disclosure Rules, the Digital Operational Resilience Act (DORA), and the NIS2 Directive. Compliance with these frameworks will require a considerable investment of time and resources in areas such as policy development and the implementation of new security technologies. While these regulations aim to strengthen security measures, they also introduce additional operational complexities, demanding greater focus and effort from businesses to meet the required standards. Additionally, cyber insurance policies are expected to become more stringent, with insurers imposing stricter controls and compliance requirements as prerequisites for coverage. This will further amplify the regulatory challenges organisations must navigate.
SKILLS AND TALENT SHORTAGE
The global shortage of cybersecurity professionals presents a major challenge for organisations striving to defend against the growing complexity and volume of cyber threats. Although organisations continue to invest in versatile security products, the lack of skilled experts to effectively manage and integrate these tools leads to a fragmented and inefficient security approach. Reliance on multiple vendors, combined with insufficient in-house expertise, leaves organisations vulnerable to attacks as their security measures become harder to manage and less effective. To maintain resilience, companies will need to streamline security operations and prioritise the upskilling of their workforce.
MAKING LONDON THE SAFEST ONLINE CITY
With cybersecurity always at the forefront of everything we do, Cyber London remains focused on technologies that we believe will lead the way in the next few years – sustainable FinTech, Web 3.0, Quantum Computing and Cyber Wellbeing. To achieve our vision, we have developed a 2030 strategy that is aligned with the National Cyber Strategy and the strategic objectives of UKC3. This vision is underpinned by three strategic pillars – Innovation, Skills and Community. If you have a hankering to see London become the safest city in the world to do online business, then please reach out to us. Membership is still free at the moment and we would love to have you join our quest.
Comments