The IT Nerd

This is going to be a lengthy list of predictions as I have several members of the Fortra team sharing their thoughts on what they think is going to happen in 2025.

John Wilson – Senior Fellow, Threat Research

1. Scams will become increasingly personalized. For example, there was a recent email extortion scam circulating that included a customized PDF attachment. The PDF included a Google Street View image of the victim’s home. I predict we will see a lot more of this type of personalization in 2025. By correlating data across multiple data breaches, a cybercriminal might threaten to expose a sensitive medical condition if the victim doesn’t pay up, for example. Thanks to breach data, scammers pretending to be the SSA or IRS will reference the victim’s actual SSN in their calls and emails.
2. We’ll see increased use of cross-channel social engineering attacks. For example, we started seeing hybrid vishing in 2023, where the attack starts out with an email instruction the victim to call a phone number. Quishing, or phishing using QR codes, is a way to cross from an email to a URL opened on a mobile device. I predict we’ll see more of these cross-channel attacks in 2025. For example, a user might receive a deep-fake voice message from their CEO instructing them to be on the lookout for an email, or a call from their “IT Security Team” instructing them to download a software “update” right away from a website mentioned on the call.
3. Our Geopolitical rivals will continue to leverage social media to deepen divides within NATO and within the USA. Russia in particular would love to see the dissolution of NATO and even of the United States itself.
4. In 2025 we will see a terrorist group use a cyberattack to target self-driving cars. The attack may directly cause injuries and fatalities by using the cars as a weapon, or the cars may be used to cause gridlock in order to slow the emergency response to a more traditional attack.
5. Swatting and Doxing are so last year. In the near future we’ll see hackers plant CSAM on their victim’s phone or laptop before tipping off the police.
6. Criminal street gangs will infiltrate Flock Safety in order to prevent their license plate readers from detecting the gang’s activities.

Chris Reffkin – Chief Security and Risk Officer

Security risk will be further integrated into broader risk management of business operations. The consolidation and market adjustment that is occuring in the security industry is really a result of the CISOs out there as after all the CISOs are the ones that lead acquisitions of new secuity technologies. This does not mean CISOs are being demoted or deprioritized but they will need to be in line with other business leaders when it comes to priority and spend.

The grey area between cyberwarfare and kinetic warfare will be redefined if not closed. We’ll see more of civilian systems and infrastructure reporting attacks, if not offering full blown disruption – with intent and purpose not accidental disruption.

Security organizations will need to invest more in “processes” than ever before looking for better efficiency and optimization of scarce personnel time and resources. This will become an area of continuous improvement and a primary operational initiative in security organizations.

Nick Franklin – Global AWS Technology Alliance Director

CIO’s will drive deeper reviews surrounding the impact security & observability tools can have on their organization in 2025

In July 2024, the world’s second largest cybersecurity ISV caused much of the globe to come to a halt as a result of a flaw in an update pushed to their agent. This has made plain to everyone all around the world, from my mother who can barely use her smart phone, to CEOs, to world leaders that resiliency is as critical as ever and CIO’s can no longer allow their teams to be satisfied with the features and benefits a security product may offer. CIO’s will require greater assurances they are protected from disaster inadvertently caused by the tools they use to protect and monitor their environments. We will see this materialize in legal and contract discussions around terms and SLA’s, enhanced scrutiny placed on the interaction between third party tools and first party systems and applications, and in deeper technical reviews security and observability vendors will need to be prepared to address. Does your endpoint agent have kernel access? Does your SaaS application’s cross account IAM role grant overly permissive access to your employees who have no business accessing end customer information captured by your tool? These are very basic but real scenarios I’m seeing come up with increased frequency that are just the tip of the spear of scrutiny coming to security ISVs as organizations strive to mitigate 3rd party risk to their businesses.

Hyperscalers turn increasingly toward native cybersecurity solutions to drive revenue growth

Hyperscalers will continue to aggressively pursue new customers, but I predict we’ll see an expansion of native cybersecurity capabilities these cloud providers develop and release to capture more and more customer revenue. We’re beyond the stage of cloud being the new and exciting thing everyone is running to for the first time. Cloud vendors now offer hundreds of native services and solutions to customers including security, but in 2025 and beyond to meet the revenue demands of their stakeholders, it seems highly likely the cloud behemoths will develop and launch a myriad of native security tools and features that promise customers the ability to secure and securely manage their data and applications from within the cloud control plane. Secondarily, we’re likely to see several strategic acquisitions of cutting-edge security companies by the hyperscalers themselves.

Wade Barisoff – Director of Product – Data Protection

Our confidence was shaken in the summer of 2024 due to a single vendor publishing an update, which triggered global outages that for some companies, it would take them several weeks to recover. What followed was a series of short-term process changes, and questioning the testing, updating, and rollback process for vendors of all different sizes and scope. 2025 will see companies execute longer term strategies from creating automated testing sandboxes to diversification and segmentation of their environments to ensure a simple update cannot take their entire company down for multiple weeks.

New regulations globally are being implemented in 2025 like the new privacy laws in Malasia, updates to GDPR, and new standards to do business with various governments and military organizations (like CMMC in the United States). These standards are forcing a relook at company technology stacks to see if they can meet the requirements of these new standards, as many of them include heavy fines or worse, the inability to continue to be a supplier. The core focus of a lot of these new regulations includes company hygiene, do you have the correct tools and processes in place as to not lose data or compromise the organization you are doing business with. As attackers dig for new vectors to compromise critical infrastructure, government entities, or simply data loss, this is forcing these organizations to expand their standards to 1st party suppliers. Over time you can expect these standards to expand beyond first party suppliers as cracks emerge, and new standards are put in place to counter them.

Roberto Enea – Data Scientist II

We are going to see an increased use of LLM Agents to exploit targets with a process similar to

• Automatic scanning of targets to detect applications installed
• Ingesting vulnerability descriptions related to the applications detected
• Generation of scripts to exploit the vulnerability
• Vulnerability exploitation

Kurt Thomas – Senior System Engineer

The 2025 cybersecurity landscape will continue to be shaped by highly dynamic, and sometimes opposed, geopolitical, legal, and technological trends.

Attack-Side Trends

Distributed denial-of-service (DdoS), data leaks, and ransomware will remain the top threats in 2025.

Ongoing and expanding military conflicts will continue to drive quantity and sophistication globally. In all of the larger conflicts, cyber is one of the arenas in which they are played out. The most conspicuous example of that is the Russian war on Ukraine and the related intelligence, sabotage and information manipulation activities. These activities will continue and expand in 2025. Other geopolitical conflicts will similarly include cyber attacks.

Attacks that affect physical systems are likely to increase. Sectors most likely to be affected by that will be defense and all critical-infrastructure sectors

Chinese, Russian, Iranian and North-Korean services as well as various criminal gangs will continue to expand their arsenal of zero-day and few-day software vulnerabilities.

Nation-state actors will increasingly leverage cybercriminal gangs for their goals, to provide a level of plausible deniability, intended to shield them from direct sanctions.

Attackers will progress the use of artificial intelligence for attacks. They will focus on easy gains for their operations through by Large Language Models. Those AIs will help them word convincing phishing emails and assist them with their software development. Use of LLM-based voice deepfakes will proliferate, for “applications” such as business email-and-voice compromise.

While research in more sophisticated use of AI — for instance, to dynamically develop strategies and tactics for attacks — is ongoing, this kind of advanced use has not been spotted in real-life attacks so far and is hopefully still a few years off.

Defense-Side Trends

On the defense side, the need to invest in cybersecurity is slowly being recognized by more and more organizations. Cybersecurity investment is no longer the exclusive domain of a few sectors and is expanding into middle-sized and smaller organizations.

One reason for this trend are compliance frameworks for cyber- or cyber-affine topics like data protection and cyber risk reduction. Those frameworks can be laws, regulations, or industry required standards. Both the EU and the US will see the enactment of further frameworks to implement cyber risk reduction, and technical guidelines aimed at operationalizing that legislation. An example of this are the DORA regulation, which will become effective in January 2025, and the corresponding Regulatory Technical Standards.

Insurance companies create another kind of compliance pressure. Insurance companies are both in the position to, and incentivized to demand that their insurance takers implement proper cyber security.

Cybersecurity training will gain more ground and help to reduce the human factor risk. There is still a lot of ground to cover here, but as security awareness will improve, people will be less likely to fall prey to the most obvious cyber deceits and traps.

On the ransomware side, defense will improve by two trends: more organizations backing up their data and testing backups as well; and use XDR and MDR solutions that aggregate and analyze security data across multiple organizations, ingesting billions of data points and processing them to find threats sooner that any human analyst could.

Adoption of the new NIST-approved encryption algorithms for post-quantum cryptography for data in transit has started and will slowly climb in 2025, starting first in the especially risk-aware sectors like defense and finance. This will reduce the risk of harvest-now-decrypt-later attacks on confidential data.

As a final prediction, I predict more streaming shows and movies with hacking-related story lines.

Antonio Sanchez – Principal Cybersecurity Evangelist

• Synthetic media such as deepfakes and other artificially generated content will continue to increase forcing legislation to address privacy concerns.
• The number of unfilled cyber security roles has been hovering between 3.5 to 4 million in the past few years. This has put significant stress to existing staff which is surfacing a new trend of burnout and people leaving the cybersecurity field due to untenable situations. I expect an increase in people leaving the industry which will also result in security leaders putting less emphasis on technical skills and more emphasis on soft skills to address the staffing shortages.
• Expect an increase in the adoption of automation where repetitive tasks can be executed at machine speed which will reduce the need for human intervention. Increasing the adoption of automation will also help some of the burden of the staffing shortages.
• For 2025 we can expect organizations to implement more stringent requirements from their business partners. Organizations are unlikely to begin doing business or continue doing business with an entity that puts them at serious risk of operational disruption.

Theo Zafirakos – Cyber Risk and Information Security Expert

Service providers increasing their maturity and security controls

Increased customer expectations and the evolving digital landscape will force service providers to implement systems and processes of higher standards. Regulations like the General Data Protection Regulation (GDPR) in Europe, Digital Operational Resilience Act (DORA), or California Consumer Privacy Act (CCPA) mandate higher standards for data protection, privacy, and operational resilience. Non-compliance can result in heavy fines and penalties. Natural disasters and public health crisis are increasing in frequency, and cloud-based and resilient communications channels will become more important.

Chris Spargen – Associate Director, Solutions Engineering

Major Cybersecurity Event(s) drives major and rapid change.

• Impacts include Supply Chain Disruption, potential internet and/or electrical grid outages, and public fear & unrest.
• New legislation or policies are enacted in response to the event(s).
• Platforms will increase in importance for start to finish security solutions that cover all bases.
  First mainstream waves of blockchain currencies begin – likely central bank digital currencies.

AI & Blockchain Developments

• The continued global adoption of AI will drive market needs for human authenticity.
• The Blockchain will be a solution that serves as public ledger that validates human authenticity.

Automation & AI Developments

• We’ll see automation & AI growth in the cybersecurity space to augment the shortage of professionals and increase the speed of responses.
• This will be a double-edged sword, as cybercriminals will also look to these tools to develop complex threats.

Automated Driving takes off in 2025

• There will be new regulations to button down the cybersecurity risks associated with scaling automated driving.
• Tesla will be a controversial pioneer in this space.