The cyber-world is getting increasingly dangerous. With the rise of AI tools, it’s becoming easier for hackers to launch attacks. Reports show a massive surge in ransomware attacks and other cyber threats. Microsoft recently reported a 2.75 times increase in ransomware attempts in 2024. To combat this, we need more skilled cybersecurity professionals. But there’s a shortage of qualified people, especially women. Women’s representation and participation in the cybersecurity workforce is estimated to be only about 25%. It is time to bridge this gap and protect our digital world.
What are the top trends that we can expect to see in 2025? Let’s find out.
Third-party Risk Management and AI Software Supply Chain
A major headline in 2024 was the CrowdStrike outage which took down about 8.5 million Windows systems globally, disrupting critical services including emergency services, airports, law enforcement, and many more. Though this was not the first-ever supply chain attack or disruption in history, it was considerably larger than most. The MOVEit attacks also made the news and caused significant disruption. Based on all these occurrences, experts at Forrester predict that many governments might ban some third-party software in 2025.
Additionally, as Generative AI increasingly gets used in coding new software, it also opens up vulnerabilities in the process. AI-generated code is not 100% reliable and has been known to cause multiple outages. Owing to this, many security leaders are considering completely banning the use of technology, especially AI, in software development.
All this highlights one thing – how crucial third-party risk management is to operations. 2025 is expected to be the year where third-party risk management, supply chain risk management, as well as tighter oversight & regulatory requirements are given due importance with companies focusing on these significantly. Assessing and monitoring supply chains is set to become more proactive. Verification of accesses would also leverage zero-trust architectures.
A study by HackerOne found that 48% of security professionals believe AI poses the most significant security risk to their organizations. While it is important to vet the third-party code, AI models should also be scrutinized for any potential security gaps, especially through data poisoning or bias exploitation.
Rising Cyberattacks on Macs
Most of the cyberattacks focus on Windows and other systems, while Macs have usually been considered safer. This is, sadly, set to change in 2025. MacOS is increasingly under attack, especially from stealer malware that is designed to steal sensitive data. A Moonlock research finds that there have been 3.4 times more unique samples of stealer malware in 2024 compared to 2023. The number of vulnerabilities in macOS being exploited has also increased significantly. This includes attacks like stealing information, fake PDFs, and fake Mac apps. Some agencies have found quite a chunk of these attacks to have links to North Korea.
Why are these new attacks on Mac? Well, the prevalence of Apple devices, especially in enterprises is on the rise. Moreover, there is tough competition in the Windows landscape when it comes to cyberattacks, but not so much in Mac. These could be contributing factors and attacks on Apple devices are going to rise in 2025.
Security Teams Taking Charge of Identity and Access Management Functions
Identity and Access Management (IAM) is a security framework that helps ensure that only authorized individuals can access specific resources within the enterprise architecture. It includes components like authentication, authorization, Single Sign-On, provisioning and de-provisioning, Role-Based Access Control, etc. So far, IAM has been a responsibility of the IT functions in the organization. However, in 2025, this is set to start changing. IAM responsibilities would move more into the security teams’ domain, moving away from being IT function responsibilities.
This is not exactly a new trend. It has been happening in pockets. Identities have been increasingly belonging to services and apps, making it challenging to control and manage them. Most organizations today do not have a solid understanding of how service accounts, privileged identities, secret spread, third-party accesses, etc. lead to exposure and vulnerabilities in the enterprise.
Greater Regulation And Governance
There has been a significant rise in nation-state cyberattacks in recent times. This necessitates a need for regulations and laws that focus on geopolitical and national security interests. The bulk of these regulations in the coming years are going to be driven by the long-standing geopolitical conflicts and wars that have been raging for a long time now. In 2025 and beyond, countries are expected to pass regulations that are designed to protect their interests from foreign threats like nation-state attacks. This would also prevent the broad spread of supply chains.
With nation-state attacks becoming more common and technologies advancing, it is becoming increasingly difficult to accurately detect the origin of cyberattacks as the lines between state and criminal operations are getting blurred. To fight this, there is a need for proactive intelligence sharing, proactive threat-hunting, and fool-proof regulations, especially for critical national infrastructure. Attacks on CNI are already surging, especially since most of them do not have the latest infrastructure and are operating on legacy structures. CNI companies are already struggling to meet the deadlines that regulators have set in a lot of countries and the cyberattackers are aware of this struggle, making them easy targets.
2025 is going to be a year that sees a greater push in cybersecurity on all fronts. To make the most of this, sharpen your cybersecurity skills by getting CISSP certified today.
