As we step into 2025, the cyberthreat panorama is as soon as once more extra dynamic and difficult than the 12 months earlier than. In 2024, we witnessed a exceptional acceleration in cyberattacks of every type, many fueled by developments in generative AI. For safety leaders, the stakes are larger than ever. On this submit, I’ll discover cyberthreat projections and cybersecurity priorities for 2025. These predictions will not be simply forecasts—they’re calls to motion to arrange for the challenges forward and guarantee companies keep forward of the risk curve.
Earlier than diving in, let’s mirror on a number of 2024 predictions that rang true, shaping classes we supply ahead into the brand new 12 months.
Reflecting on 2024: GenAI, RaaS, MiTM
Generative AI facilitated a surge in cyberattacks all through 2024. Risk actors used AI instruments to orchestrate extremely convincing and scalable social engineering campaigns, making it simpler to deceive customers and infiltrate methods. Organizations have responded—and should proceed to—by adopting AI-powered cybersecurity instruments and implementing zero belief structure as a essential countermeasure.
Ransomware-as-a-service performed its half in one other rush of ransomware in 2024, contributing to a 57.8% increase in extorted corporations listed on knowledge leak websites. RansomHub, recognized by the Zscaler ThreatLabz analysis group as one of many latest ransomware teams on the scene, emerged as a high RaaS associates program and gained notoriety for its function in a $22 million ransomware heist concentrating on a distinguished healthcare group.
Man-in-the-middle (MiTM) assaults made headlines in 2024, as anticipated. In a single high-profile incident, hackers focused Australian airport Wi-Fi networks with a basic ”evil twin” rip-off—a faux community designed to imitate a authentic one. An evolution in MiTM, adversary-in-the-middle (AiTM) assaults, was additionally noticed by ThreatLabz, as detailed within the ThreatLabz 2024 Phishing Report. Collectively, these tendencies reminded us of the frequent reliance on interception strategies—a sample poised to proceed into 2025, as I’ll spotlight on this 12 months’s predictions.
2025 predictions: AI (once more), insider threats, and extra
Listed below are eight cybersecurity tendencies and predictions I count on will form the panorama—and safety priorities—within the 12 months forward.
Prediction 1: AI-powered social engineering will attain new highs
In 2025, GenAI will elevate social engineering assaults to new ranges, particularly with voice and video phishing gaining important traction. With the rise of GenAI-based tooling, preliminary entry dealer teams will more and more use AI-generated voices and video together with conventional channels. As cybercriminals undertake localized languages, accents, and dialects to extend their credibility and success charges, it’s going to turn out to be more durable for victims to establish fraudulent communication.
We don’t must go exterior of Zscaler’s partitions to seek out examples of such an assault. In 2023, a hacking group used AI to impersonate Zscaler CEO Jay Chaudhry in an try to idiot a Zscaler worker. Be taught extra about it within the ThreatLabz 2024 Phishing Report.
This development, amongst different AI-powered social engineering assaults, will amplify identification compromise, ransomware, and knowledge exfiltration in 2025.
Prediction 2: Securing GenAI will stay a enterprise crucial
As world organizations more and more undertake generative AI purposes, each first-party and third-party, securing these methods will stay a high precedence. In contrast to conventional purposes, GenAI launched distinctive risk fashions, together with dangers of unintended knowledge leakage and adversarial assaults geared toward poisoning AI outputs.
This was a key dialogue level at this 12 months’s World Financial Discussion board (WEF) Annual Cybersecurity Summit, the place the consensus amongst my fellow world CXOs and CISOs was that GenAI purposes have to be handled as a part of total enterprise safety technique—not as standalone tasks.
In 2025, organizations might want to double down on implementing effective security controls to guard AI fashions and delicate knowledge swimming pools in addition to make sure the integrity of AI-generated content material.
Prediction 3: Companies will face extra insider risk vectors
Insider threats will turn out to be a better problem for companies in 2025 as risk actors more and more bypass enterprise cybersecurity measures by planting malicious insiders as staff or contractors, or by compromising corporations concerned in mergers and acquisitions (M&A). As soon as inside, they’ll use authentic credentials and entry to do actual harm, particularly if the group makes use of legacy structure involving firewalls and VPNs.
As ThreatLabz documented late final 12 months, North Korean risk actors have been experimenting with Contagious Interview and WageMole campaigns to acquire distant employment alternatives in Western international locations. Via more and more refined means, these teams improved their probabilities of efficiently stealing delicate knowledge and evading financial sanctions.
Defending delicate knowledge and significant methods from insider threats would require a unified, zero belief framework, bolstered by AI-powered risk detection and inline TLS/SSL inspection.
Prediction 4: Regulation with out harmonization might end in a weaker cybersecurity protection
As international locations worldwide introduce new laws for cybersecurity, AI, and knowledge privateness, an absence of harmonization will improve operational overhead. Organizations’ cybersecurity posture may endure as they divert assets towards compliance controls slightly than significant threat discount exercise.
This was one other key space of focus on the WEF Annual Cybersecurity Summit, the place world safety leaders emphasised the significance of collaboration to shut regulatory gaps and set up cohesive requirements, notably for rising applied sciences like GenAI.
With out coordinated governance, nationwide and worldwide organizations threat forcing emphasis on compliance over threat discount in knowledge safety—in addition to stifling innovation.
Prediction 5: Adversary-in-the-middle (AiTM) phishing assaults that evade multifactor authentication (MFA) will turn out to be extra prevalent
Over the previous 12 months, a regarding development has emerged the place adversaries efficiently circumvent enterprise MFA by means of AiTM proxy-based phishing assaults. In 2025, count on phishing kits to more and more embody refined AiTM strategies, localized phishing content material, and goal fingerprinting—all, in fact, enabled by AI.
As documented within the annual ThreatLabz Phishing Report, AiTM proxy kits at this time can intently mimic authentic net pages, making them troublesome for even safety groups to simply establish. Risk actors distributing these proxy kits favor imitating generally trusted manufacturers comparable to Microsoft and Gmail as a result of widespread frequent use of those acquainted codecs.
To counter these evolving threats, organizations should prioritize adopting a stronger type of MFA (comparable to FIDO2-compliant strategies) alongside a strong zero belief structure.
Prediction 6: “Encryption-less” ransomware assaults that extort victims with lowered disruption will improve
Ransomware risk actor teams will more and more extort companies to guard their knowledge whereas avoiding main disruption through the use of encryption-less ransomware assaults in 2025, flying beneath the radar of media and regulation enforcement. These teams concentrate on stealing massive volumes of information demanding ransom and see themselves as offering a beneficial service to sufferer corporations by figuring out their cyber vulnerabilities.
This technique permits them to take advantage of weaknesses whereas sustaining a low profile—a tactic that labored for Darkish Angels and their historic ransomware payout. This tactic has gained reputation as a result of it’s a a lot sooner and simpler transaction for the risk actors and the victims, with no ensuing restoration effort or time.
This tactic is more and more favored by cybercriminals aiming to evade regulation enforcement efforts to dismantle teams like these behind the notorious SmokeLoader.
As worldwide collaboration to fight organized cybercrime intensifies, count on ransomware risk actors to put a premium on stealthy methods to assist them keep away from detection.
Prediction 7: Making ready for quantum-driven threats will turn out to be important as quantum safety dangers materialize
Quantum computing will give rise to a brand new dimension of threats over the following decade, and 2025 might be a pivotal 12 months for organizations to start out planning for these future dangers. A urgent concern already taking form includes nation-state risk actors stealing and storing encrypted TLS classes with the intent to interrupt the encryption and decrypt it sooner or later. This threat is very excessive for organizations counting on cryptography that’s not quantum-safe—a normal nonetheless not extensively adopted.
International CXOs should act now to transition towards quantum-safe cryptography requirements.
Prediction 8: Software program provide chain safety will stay a high precedence for world CXOs
As adversaries more and more goal software program provide chains, together with contractors, software program provide chain safety will keep on the high of agendas in 2025. Past strengthening third-party threat administration applications, organizations should take extra measures to defend in opposition to provide chain assaults.
Implementing a zero belief structure with segmentation in your crown jewels, together with CI/CD environments and inline inspection for threats and knowledge leakage, might be essential to defend in opposition to software program provide chain assaults.
From prediction to motion: Strengthening your safety in 2025
These predictions for 2025 will demand a heightened concentrate on proactive protection methods. Organizations should prioritize a zero belief structure, harness the ability of AI-powered safety controls, and foster a tradition of safety consciousness. By aligning these efforts with strategic planning and innovation, companies might be in a greater place to counter rising threats within the 12 months to come back and past.
The Zscaler Zero Trust Exchange helps organizations cut back threat throughout all 4 levels of the assault chain:
- Decrease the assault floor: Zscaler successfully minimizes the assault floor by hiding customers, purposes, and gadgets behind a cloud proxy, the place they aren’t seen or discoverable from the web.
- Forestall preliminary compromise: The Zero Belief Change employs intensive TLS/SSL inspection, browser isolation, superior inline sandboxing, and policy-driven entry controls to stop customers from accessing malicious web sites and detect unknown threats earlier than they attain your community.
- Eradicate lateral motion: Person-to-app or app-to-app segmentation will guarantee customers join on to purposes (and apps to different apps), not the community, eliminating the danger of lateral motion.
- Cease knowledge loss: Inline knowledge loss prevention measures, mixed with full TLS/SSL inspection, successfully thwart knowledge theft makes an attempt. Zscaler ensures that knowledge is secured each in transit and at relaxation.
By leveraging its unmatched scale and wealthy knowledge basis—processing greater than half a trillion every day transactions—Zscaler is poised to remodel AI capabilities for the cybersecurity business, enabling organizations to mitigate dangers and optimize efficiency.
Request a custom demo to see how Zscaler may also help deal with your group’s safety wants.
Observe Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to remain on high of the newest cyberthreats and safety analysis. The ThreatLabz analysis group constantly displays risk intelligence from the world’s largest inline safety cloud and shares its findings with the broader safety group.