A 2025 cybersecurity forecast

Guest CommentaryOpinionStartups / Technology

by Christopher Wright ([email protected]) ago 0 views 

Americans love to be busy — or at least give the impression we are. As Time magazine recently noted, our society increasingly values being active, at work and at home, as a status symbol. We are on an endless quest to do things smarter, faster and better. We constantly seek efficiencies to achieve our ever-growing lists of tasks with less effort in a fraction of the time. Why reinvent the wheel when we can streamline processes and still hit our target metrics?

Today’s cybercriminals have adopted the same “go, go, go” mentality. Malicious actors haven’t implemented brand-new techniques when looking for footholds in our systems. Instead, they have capitalized on the successes of tried-and-true methods, such as social engineering attacks. The outcome? Their efforts are more prolific and, unfortunately for us, more effective.

In 2025, we should expect cybercriminals to stay busy. However, we don’t need to continuously shift our focus—or our dollars—to stave off the latest far-fetched attacks security marketers throw our way. While the frequency of cybercriminals attempts will likely increase, their tactics will remain largely the same. They will simply improve and hone their methods for peak impact. Take ransomware, for example.

Previously, actors would perform what amounted to a “smash-and-grab,” encrypting and withholding data in exchange for large sums of money. When Americans started backing up their systems, attackers pivoted. Now, they steal personal or corporate information to sell on the dark web if victims don’t pay. Cybercriminals may also pressure small and medium-sized businesses by threatening key partners and stakeholders—a move they know would inflict financial and reputational damage.

AI will continue to be a hot topic in 2025, including its growing role in cyberattacks. For years, many so-called “experts” have espoused the potential danger of advanced AI-fueled tactics like deepfakes, often to sell flashy services and tools. However, it’s crucial to remember that cybercriminals are traditionally purveyors, not creators, who deploy AI capabilities to help make social engineering attacks more believable and cost-effective.

Chris Wright

Consider, for example, how attackers have used AI to bypass multi-factor authentication (MFA). Long considered a silver bullet, actors leverage legitimate platforms, such as DocuSign and Adobe Creative Cloud, to give their phishing efforts credibility. Then, with AI’s continued assistance, they utilize drawn-out processes to circumvent MFA’s protection measures and encourage victims to provide their credentials. Poof, they’ve found their way into our systems.

The positive news for 2025—and the future—is that as attacks supercharge and criminals sharpen their tactics, we will likely see a continued stream of cybersecurity-related regulations. Contrary to public opinion, most requirements will be proposed by the private sector, which increasingly recognizes the need for strong security practices. As these policies roll out, the collective hope is that entities shift their focus from the previous box-checking for compliance to real, proactive risk management.

The new year brings new opportunities for cybercriminals to try to outmaneuver us. So, how can we reduce the likelihood of falling prey to a potential attack or breach? As individuals, we must remain committed to cyber hygiene by consistently following best practices, such as employing strong and unique passwords, using MFA and patching and updating our systems regularly. If they haven’t already, companies should develop a comprehensive strategy, ideally with the help of a seasoned cybersecurity expert, to implement layered controls to help them identify, protect, detect, respond to and recover from threats.

If there’s one thing we can learn in 2025, it’s that busyness isn’t all it’s cracked up to be. With proper planning and robust practices, we can work smarter, not harder, to achieve cyber resiliency.

Editor’s note: Chris Wright is co-founder and partner at Sullivan Wright Technologies, an Arkansas-based firm that provides cybersecurity, IT and security compliance services. The opinions expressed are those of the author.