SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cybersecurity in 2025: Tackling AI-driven phishing threats

Yesterday

As organisations prepare for 2025, data security emerges as a crucial focus in light of rising cyber threats and potential vulnerabilities.

Todd Moore, Vice President of Data Security Products at Thales, shared insights into the security challenges that leaders should anticipate in the forthcoming year. Among his predictions, the impact of generative AI on phishing is expected to grow significantly.

"With enterprises being targeted by an influx of advanced phishing attacks, the likelihood that someone within their organisation falls victim to an attack is at an all-time high, and we expect to see a steady rise in these across 2025," said Moore. "Once credentials are compromised, an enterprise's entire network security crumbles, and with generative AI rapidly advancing social engineering methods, typical defense measures for credential compromise won't be able to keep pace."

Moore highlighted the persistent threat to critical infrastructure, attributing the risk to the separation between IT and operational technology (OT), alongside geopolitical factors.

"Given that critical infrastructure will always be a prime target for cybercriminals due to its potential for widespread impact, the disconnect between IT and OT, combined with geopolitical issues, creates the perfect storm for insider threats to thrive. In the year ahead, addressing this gap will be crucial to safeguarding critical infrastructure," he explained.

Concerning data fortification, he remarked on vulnerabilities within the supply chain and the necessity of enhanced data protection measures.

"With the proliferation of data via collaboration platforms, companies will need to focus on file activity monitoring and data watermarking to protect sensitive information. Supply chain security will also be a significant concern, as vulnerabilities in the supply chain can lead to widespread security breaches," Moore stated. "The generation of personal data by users through various apps and services will increase the risk of data exposure, necessitating stronger data protection measures."

The role of post-quantum cryptography in organisational security was also discussed, highlighting the importance of agility in cryptography practices.

"While TLS and SSH protocols are being updated to meet NIST's standards, enterprises will need to embrace crypto agility in 2025," said Moore. "The biggest barrier will be ensuring they have the time and resources to identify their exposure, take inventory of their assets, and employ crypto discovery. This will manifest in a steady rise of crypto centers of excellence among major enterprises. Enterprises must place agility at the center of their quantum readiness, ensuring crypto-agile solutions are leveraged to keep pace with emerging quantum-resistant cryptography."

In discussing the role of AI tools in cybersecurity, Moore noted their potential to enhance security roles rather than replace them.

"Cybersecurity vendors are increasingly integrating AI-assisted Copilots to enhance their services for customers. These tools are great for helping to fill talent shortage gaps, which the ISC currently estimates at 4.8 million worldwide, but aren't a replacement for internal teams," said Moore. "In the year ahead, it will be less about the adoption of these tools and more about how security teams leverage AI tools' capabilities. Those looking to remain agile will likely utilise these tools to bring their threat investigation abilities to the next level."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X