As we proceed into 2025, the cyber threat landscape has become increasingly complex, marked by AI-powered attacks, the continued evolution of ransomware tactics, vulnerabilities in supply chains, and the rise of deepfake technology for fraud.
Critical infrastructure faces heightened risks, while geopolitical hacking campaigns are more prominent than ever.
In this piece, we explore how this year, we will see an increase in the complexity of cyberattacks, and what organisations need to do to remain safe in the ever-changing threat landscape.
The increasing complexity of cyberattacks
Sam Kirkman, Director of Services, EMEA, NETSPI says: “The rise of highly strategic cyber-attacks is reshaping the threat landscape, with these sophisticated breaches becoming both more frequent and more visible. These are no longer opportunistic or random; they are calculated, precise, and often carried out by well-resourced state actors. A notable example from earlier this year was the stealth attack on XZ Utils, a critical component of global computing infrastructure, which went almost entirely undetected. It was only discovered by a single Microsoft engineer who noticed an unusual slowdown on their device, ultimately tracing the issue to a suspected operation by Russia’s foreign intelligence agency. This incident highlights the alarming potential for unseen vulnerabilities. Looking ahead, we can expect cyber-attacks to become even more methodical and goal-oriented, with attackers using advanced tools to target critical infrastructure, financial institutions, and key supply chains.”
Sohail Iqbal, VP and CISO, Veracode adds: “In 2025, open-source-based vulnerabilities will be increasingly targeted and exploited. This is particularly concerning, as it highlights a key vulnerability in modern software ecosystems. Open-source components are widely used due to their accessibility and cost-effectiveness, but this also makes them prime targets for attackers. The increasing reliance on open-source code across industries means that attackers can cast a broader net, targeting widely adopted but potentially insecure components. Meanwhile, companies struggle to keep up with the necessary pace of patching and remediation. In turn, this creates a growing security gap where vulnerabilities persist longer than they should, adding to security debt and putting organisations at risk.”
Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet agrees: “In recent years, cybercriminals have been spending more time “left of boom” on the reconnaissance and weaponisation phases of the cyber kill chain. As a result, threat actors can carry out targeted attacks quickly and more precisely. In the past, we’ve observed many CaaS providers serving as jacks of all trades – offering buyers everything needed to execute an attack, from phishing kits to payloads. However, we expect that CaaS groups will increasingly embrace specialisation, with many groups focusing on providing offerings that home in on just one segment of the attack chain.”
New year, new regulations: Policies aim to enhance organisational cybersecurity
Adam Preis, Director of Product Solution Marketing, Ping Identity explains: “NIS2 compliance has been on the CISO agenda for a while, but in 2025, its influence will be impossible to ignore. The Directive’s scope will affect more than just financial services in the EU, demanding compliance from sectors like research, public administration, waste management, postal services, and IT services, via investment that genuinely strengthens and future-proofs cybersecurity resilience at both organisational and critical infrastructure levels. Failure to comply won’t just be a regulatory setback, it could result in hefty fines, reputational damage and leave organisations vulnerable in an increasingly threat-laden landscape. As implementation deadline approaches in January 2025, I predict CISOs will need to reevaluate their security policies across risk analysis, incident management, business continuity planning, and crisis recovery management.”
Stuart Fuller, CCO, Com Laude adds: “In 2025, securing your brand’s online presence is more critical than ever. With the digital landscape continuing to evolve and threats like phishing and AI-driven fraud seeing a rise of as much as 25% during peak times like Black Friday, businesses must prioritise the integrity of their online identity. A verified, trustworthy online presence not only builds consumer confidence but also protects your reputation, keeping your brand and your customers one step ahead of the cyber criminals. The domain landscape is evolving, with new TLD options like .brand, industry-specific extensions like .tech and .fashion, and geographic domains like .london and .nyc. By securing key domains, including defensive registrations across relevant extensions, you prevent bad actors from exploiting your brand through cybersquatting.”
Bri Frost, Director of Curriculum, Cybersecurity and IT Ops Pluralsight highlights: “As the threat landscape becomes more sophisticated, and bad actors further hone their craft, organisations must have skilled threat intelligence teams to defend themselves. Traditionally, the security story has played out with defences being improved and attackers thwarting them, and then this pattern repeats itself. Organisations need to completely shift this scenario by focusing more on red teams testing their own environments against the most sophisticated threats to identify and assess vulnerabilities. Pen testing is one of the most effective ways to thwart threats and prevent attacks proactively. Simply deploying an out-of-the-box vendor product to keep an enterprise secure is not enough.”
Tried and true: How Multi-Factor authentication can bolster defences:
Dan Schiappa, CPO, Arctic Wolf states: “In 2025, leaders must continue to master the basics of security hygiene to combat evolving cybersecurity threats. The reality is that attack types like ransomware and social engineering will continue to dominate the threat landscape because, unfortunately, bad actors have seen success with them in the past. To mitigate their success in 2025, organisations should adhere to tried-and-true measures like multi-factor authentication and identity access management tools while encouraging open communication about potential threats, regularly updating security protocols, and conducting simulated attacks.”
Len Noe, Technical Evangelist and White Hat Hacker, CyberArk supports this, saying: “As deep fakes become more widespread, we will see startups crop up in 2025 that offer identity validation-as-a-service. These services will take multi-factor authentication further by adding additional layers. They will use a combination of government-issued documents like passports, biometric data like signatures, fingerprints and face scans, and behavioural pattern analysis that looks at how a user interacts with a device or website, to verify that individuals are who they say they are for all kinds of transactions and interactions online.”
Laurent Quérel, Distinguished Engineer, F5 Field CISO, F5 explains: “As AI agents reshape the internet, we will see the development of agent-specific browsing infrastructure, designed to facilitate secure and efficient interactions with websites. This shift could disrupt industries like e-commerce by automating complex web tasks, leading to more personalised and interactive online experiences. However, as these agents become more integrated into daily life, new security protocols and regulations will be essential to manage concerns related to AI authentication, data privacy, and potential misuse. By 2028, it is expected that a significant portion of enterprise software will incorporate AI agents, transforming work processes and enabling real-time decision-making through faster token generation in iterative workflows. This evolution will also lead to the creation of new tools and platforms for agent-driven web development, marking a significant milestone in the digital landscape.”
In 2024, the threat landscape has been shaped by a rise in AI-driven attacks, the evolution of ransomware, growing supply-chain vulnerability, and the proliferation of deepfakes. Furthermore, critical infrastructure has become the main target of cybercriminals, as well as political tension fuelling an alarming rise in state-sponsored hacking.
Looking towards 2025, these types of attacks are going to become more sophisticated and persistent, making them harder to defend against. This highlights the need to implement the right defence strategies, that allow for robust and adaptive protection amidst the ever-evolving threat landscape.
