As the old saying goes, only two things are certain in life: death and taxes. If this phrase were updated for the 21st century, we could add scary cybersecurity incidents to the list of life’s certainties. Rarely a week goes by without a data breach, supply-side attack, or other crippling ordeal being reported.
Profitable and simple attacks, such as phishing and ransomware, will continue in 2025. But attacker capabilities are evolving at a rapid pace, changing the scale at which traditional attacks can be launched and leading to the emergence of new ones. threat actors. .
This is largely due to advances in generative AI. Just as organizations use GenAI to improve productivity, so do hackers. GenAI allows cybercriminals to gather intelligence quickly and efficiently, and easily create more sophisticated attacks, such as deepfakes. Attacks used to require a lot of time and investment; for example, authors had to identify high-value targets, study communication patterns, and research company documents. But machines can now do this prep work in a fraction of the time.
When it comes to cybersecurity, knowing what to defend against is half the battle. Here are the the biggest cybersecurity trends businesses need to prepare for in the coming year.
AI Compromise Attacks
Businesses are increasingly dependent on AI systems. But as companies integrate technology into their workflows, they create larger, more complex attack surfaces that are harder to repair in the event of a breach.
Organizations compromised through components of their AI systems may have difficulty tracing the entry point of such attacks, warns Bharat Mistry, field technical director at Trend Micro, an IT security company. This will make discovering these violations much more difficult.
Mistry believes attackers will soon start targeting AI models themselves, if they aren’t already doing so. Cybercriminals could infiltrate a very complex organization and corrupt its AI systems with questionable data. After a brief period of chaos, the criminals informed the organization that they were responsible for the attack and demanded a ransom to restore operations.
“The reliance on AI systems is becoming so high that it could cause real problems,” Mistry says. Even in the face of powerful ransomware attacks, businesses have been able to develop last-minute contingency plans on paper to stay operational. But operating on analog, even temporarily, will be nearly impossible as organizations become more and more dependent on AI.
“You won’t know to what extent the data has been corrupted,” Mistry continues. “If you’ve managed to turn the clock back with AI, the problem with automation is that it’s no longer a single user on a system, but multiple linked systems. How can you handle this?
Attackers could also add an “extra layer” to GénAI tools allowing them to access all data entered into the system. In this case, the model appears to function normally; users would have no reason to distrust the tool and could download all sorts of confidential information. But if a malicious actor has added a “man in the middle” on the user’s device, all data introduced there will pass into the hands of the attacker. Employees working remotely are particularly vulnerable to this type of breach.
More sophisticated deepfakes
The use of deepfakes – fictitious but convincing images or videos of real people – is on the rise. In fact, a 2024 Ofcom report found that 60% of Brits have encountered at least one deepfake. By 2026, 30% of organizations will consider their current authentication or digital identification tools inadequate to combat deepfakes, according to Gartnera research consultancy.
Next year may be the year that deepfakes become commonplace. This is a big concern for Marco Pereira, global head of cybersecurity at Capgemini, an IT company. “If you have someone on a video call who looks like the CEO, talks like the CEO, and has the right knowledge, it’s enough to fool yourself into saying, ‘Oh, my camera isn’t working well,’” says -he.
Deepfakes used to feature telltale signs that users were speaking with a digital impostor — for example, faulty speech or a strangely out-of-place floating nose. But as technology improves, deepfakes are increasingly difficult to spot.
This is bad news for businesses, which are already the target of personalized phishing attacks using this technology. Examples of successful deepfake attacks have made headlines. A Hong Kong employee, for example, transferred around £20 million to cyber attackers after being fooled by a deepfake posing as a senior executive.
Pereira adds that, for cybercriminals, a simple cost-benefit analysis shows that attacks on high-value targets are worth it. “Sophisticated fake whaling attacks may require investment, but the profits are very high,” he says. “We’re going to see a lot more high-fidelity deepfake attacks in the future.”
Metadata – a long-standing privacy problem
Metadata is data about data. The content of a text message consists of data. Metadata includes information such as when the message was sent, where it was sent from, who sent it, and to whom.
A single piece of metadata is practically worthless. But when volumes of metadata are analyzed by machines, patterns emerge, sometimes more revealing than just the content of messages. This type of data was collected by the Five Eyes – the intelligence agencies of the United States, Canada, United Kingdom, Australia and New Zealand – as revealed by Edward Snowden’s leaks .
According to Christine Gadsby, chief information security officer at BlackBerry, monitoring and protecting metadata will be a major trend by 2025. Because metadata is part of the ebb and flow of daily Internet traffic, it is incredibly difficult to secure. How do you protect seemingly harmless bits of information?
“People still rely on encrypted communications,” says Gadsby. “This solves part of the problem, but leaves the metadata part open. Your IP address is still exposed and your location is accessible. Nation-state attackers will use it, including in war.
Large metadata attacks are already underway. For example, several American telecommunications companies are delaying a huge hack orchestrated by a Chinese group called Salt Typhoon, which targets the metadata of millions of Americans.
Gadsby adds that because metadata is the language of machines, computational tools are very good at collecting it and making sense of it. “AI will be able to connect points A to B, to C and D and will allow attackers to link this data to individuals,” she warns. “What would have taken a human two years to analyze will take two minutes with AI. »
Further decentralization for attackers
Cybercriminals already organize complex supply chains where each actor or group has a specific role to play. A successful ransomware attack, for example, involves “access brokers” – people who open the door to the target organization, for a price – a set of technical specialists and even C-suite style executives.
Mistry believes that cyberattackers will become increasingly specialized, as the technical systems they use for their attacks, such as large language models, become more complex.
“The entire cybercriminal community is moving toward a model of stealthy businesses,” Mistry says. “They already carry out tailor-made attacks, but they will probably go even further next year.”
Even as defenders develop different skills and tools to combat the overwhelming number of threats, attackers also improve their own capabilities.. Mistry expects this trend to continue, as it is difficult to imagine that a criminal could single-handedly lead large, complex attacks. As these criminal networks become more specialized and decentralized, monitoring them will become much more difficult.
Store now, decrypt later
Encryption has made the modern digital economy possible. None of us would enter our credit card numbers into Amazon, for example, if they were stored in plain text, accessible to everyone. Instead, this data is encrypted – scrambled and made accessible only with a secret key. Almost all of our sensitive digital data is thus protected.
But what if this encryption was broken overnight? At the dawn of the quantum computing eraThis is a very real possibility. Roberta Faux, CTO of Arqit, a post-quantum security company, says: “Q-Day’ – the moment when quantum computers can break current encryption processes – perhaps in just a few years.
Although quantum computing is still in its infancyan important algorithm integral to its functionality, is now capable of calculating integer numbers of prime factors faster than any computer system available today. This means that the complex series of numbers that underpin cryptographic systems, which we all rely on, could be deciphered quickly and easily.
With these capabilities on the horizon, it makes sense for attackers – especially state adversaries developing their own quantum systems – to collect encrypted data now, which they can decrypt later when the technology is ready.
“Technologically advanced nation-states are investing heavily in quantum research and cybersecurity, and are likely collecting encrypted data now, hoping that quantum computers will decipher it in the near future,” says Faux. “Long-term sensitive information such as military plans, intellectual property and personnel records are particularly at risk: anything sent over public networks can be vulnerable. »