Five Cyber Attack Trends to Prepare for in 2025

January 29, 2025 Holt Hackney Applications & Technology, Artificial Intelligence, Cloud, Elevating Architecture, Security, Software, Strategy & Planning 0

By Wayne Cleghorn, Cyber Security Partner, Excello Law

Cyber attacks are increasing in frequency, complexity, and intrusiveness. Incidents are becoming more expensive to manage and repair. Monitoring and understanding threat intelligence is vital along with training, monitoring, patching, supply chain resilience measures and constant system hardening.

The World Economic Forum’s Chief Risk Officers Outlook in October 2024 ranked cyber security risk among the top three threats severely affecting businesses. In the Global Cybersecurity Outlook in January 2025, the World Economic Forum reported that cyberthreats continued to escalate, with 72% of respondents to the survey reporting a rise in cyber risks. The survey also revealed that cybercrime grew in both frequency and sophistication, especially ransomware attacks and AI-enhanced tactics including phishing, vishing and deepfakes. There has been a marked increase in supply chain attacks.

As we look at 2025, and the year ahead, there a several trends that enterprises should monitor, report on, plan for and mitigate.

  1. Threat landscape increasing due to AI software and Generative AI

AI Co-pilots, AI bots and Generative AI all widen the threat landscape. These new additions to networks also increase the number of endpoints and access points by creating new areas where risks can increase.

According to the World Economic Forum, 66% of organisations expect AI to have the most significant impact on cybersecurity in the year to come, only 37% report having processes in place to assess the security of AI tools before deployment.

There is a knowledge gap, a solutions gap and a resilience gap as AI use cases and AI adoption accelerates, while cybersecurity governance, risk, and compliance struggle to keep up with this unrelenting pace. Generative AI is augmenting cybercriminal capabilities, contributing to an increase in social engineering attacks.

  1. Geopolitics

Businesses and organisations need to understand that many cyberattacks are no longer personal. Global political instability is becoming a cybersecurity risk factor, as well as organised crime migrating online, creating new forms of cybercrime, especially ransomware. An isolationist unpredictable America, unstable Middle East, Russia’s war in Ukraine and political uncertainty in key countries can be the breeding ground for cyberwarfare and cyber espionage to seek advantage, gather information and exert control.

Many Advanced Persistent Threat (APT) groups, linked to certain states seek maximum impact, chaotic disruption and to cause a loss of trust in the government and key institutions. They often target critical national infrastructure like government services, utilities, banks, telecom providers, hospitals, and schools, motivated by political, economic, or political aims. They also target insecure parts of the supply chains of these kinds of organisations. APT groups linked to Russia, China, Iran, North Korea are active and display sophisticated offensive capabilities.

Businesses, governments, and critical infrastructure organisations must monitor geopolitical tension, especially in new markets and among new supply chain partners. Updated threat intelligence on APT groups and having access to trusted networks that share threat intelligence are key.

  1. Cloud Services

Hackers and cyber criminals are inventing new ways to attack cloud infrastructure and data. CrowdStrike, the cybersecurity company, reported a rise in cloud-environment intrusions by 75% from 2022 to 2023, in its 2024 Global Threat Report. CrowdStrike warned against the rise of stealth cyberattacks that are planned and executed in stages. Initial access and lateral movements are planned by targeting the network periphery. Intruders discretely pre-position themselves on IT networks to allow lateral movement to operational technologies at a later stage. This strategy is increasingly being seen. It can be lethal to network security, especially in cloud environments and in complex IT infrastructure.

  1. Supply Chain

Cybercriminals are finding backdoors into businesses via weak and insecure suppliers. It is an often-utilised strategy. Breaches that occur at key global suppliers is also a risk. In 2024, Microsoft and CrowdStrike became the sources of the largest IT outage in history. This disrupted airlines, banks, broadcasters, healthcare providers, retail payment systems and cash machines (ATMs) globally and causing an estimated $5 billion in losses. This incident showed the vulnerabilities arising from dependence on a limited number of critical technology providers. Supply chains must be fully engaged, monitored, audited and new ways developed to share threat intelligence and data breach lessons.

  1. AI for Cyber Security and Resilience

Artificial Intelligence is improving threat intelligence and firewalls and reducing phishing. AI offers methods to defend against cyberthreats with advanced tools to quickly spot and respond to threats and risks. AI can augment human abilities, making cyber defence stronger and more efficient. AI technologies can enhance threat alert triage, prioritisation, anomaly detection and pattern recognition. It can also classify vulnerabilities, automate patching, accelerate data processing, and manage configurations.

Large Language Models (LLMs) allow richer intelligence to be collected, strengthening threat-intelligence lifecycle and insights. AI models can also analyse and categorize the types of questions cyber attackers ask, their linguistic markers and their interaction patterns. AI techniques and machine learning can empower continuous monitoring and real-time visibility to better identify and address software vulnerabilities. The integration of LLMs into honeypots is a growing innovation in deception-based cybersecurity. These LLMs can simulate human-like responses, making honeypots far more convincing to attackers, enough to create a decoy and lure them into traps.

 

Managing Cyber Risks: Practical Steps

  • Board-level and leadership engagement in cybersecurity is crucial. A diverse multi-skilled internal and external team is vital. This should include leadership team members, IT security, lawyers, auditors, HR, IT forensics, PR, and communications experts.
  • Enterprises must constantly improve technical cybersecurity resilience measures, apply systematic patching, and educate staff. It is also important to practice how to respond to data breaches using table-top exercises and realistic simulations. Breach response teams should always stand ready and learn from near-miss incidents.
  • Although it is tempting to rush into the adoption of new AI systems and services, especially Generative AI, it is wise to take time to fully assess the security and cyber risk credentials of new systems and services before these are introduced.
  • It is not enough for organisations to consider their internal cyber resilience in isolation, each business must actively diversify and audit their supply chains and take swift action to remove or reduce the roles of risky suppliers.