SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cybersecurity predictions for 2025: Quantum threats rise

Thu, 14th Nov 2024

Security experts have shared their predictions and insights for the cybersecurity landscape in 2025, highlighting the persistence of existing threats and the emergence of new challenges as technology continues to evolve.

Karl Holmqvist, Founder and CEO of Lastwall, anticipates an increase in "Steal-Now, Decrypt-Later" threats, driven by advancements in quantum computing. "In 2025, the intensifying threat of 'Steal-Now, Decrypt-Later' attacks will force organizations to accelerate the adoption of post-quantum cryptography (PQC). With quantum computing advancements making traditional encryption methods increasingly vulnerable, adversaries are actively stockpiling encrypted data today to decrypt it with future quantum capabilities," he stated. Holmqvist also predicts intensified cyberattacks on critical infrastructure such as energy grids and water supply systems, driven by geopolitical tensions.

Dr. Darren Williams, Founder and CEO of BlackFog, warns of the rise of lesser-known ransomware gangs and the increasing utilisation of AI by cybercriminals. "As threat actors' use of AI continues to proliferate, their attack rate will allow them to work more efficiently and successfully than ever before," he remarked. Williams also notes the growing sophistication of deepfake scams targeting corporate and personal brands.

Jake Williams, Faculty Member at IANS Research and VP of R&D at Hunter Strategy, expects advanced threat actors to focus on network devices such as routers and firewalls. "Advanced threat actors, primarily nation-state threat actors, are likely to focus more on targeting network devices, specifically routers and firewalls," he explained, citing the challenges these devices present for endpoint detection and response.

George Gerchow, Faculty Member at IANS Research and Interim CISO and Head of Trust at MongoDB, foresees nation-state actors exploiting AI-generated identities to infiltrate organisations. "An emerging insider threat gaining traction over the past six months, these sophisticated operatives bypass traditional background checks using stolen U.S. credentials and fake LinkedIn profiles to secure multiple roles within targeted companies," he highlighted.

Bruno Kurtic, Co-Founder, President, and CEO of Bedrock Security, predicts escalating security concerns related to AI data handling will necessitate improved data visibility and governance. He underscored the need for companies to have "full insight into data assets to use them responsibly," with a focus on data sensitivity classification.

Eric Knapp, CTO of OT at OPSWAT, anticipates a need for new security approaches as organisations increasingly adopt cloud solutions for ICS/OT systems. "Securing the shift to cloud for ICS/OT systems will demand new approaches to tackle cyber risks and the expanding skills gap," Knapp articulated, mentioning the surge in cloud adoption for these applications.

Pedram Amini, Chief Scientist at OPSWAT, highlights the sophistication of ML-assisted scams and the potential for AI to produce autonomous operations. He cautions that organisations should "expect increased attacks on employees' personal devices and should prioritize training and novel detection controls to prepare for AI-enhanced social engineering attacks."

Ariel Parnes, Co-Founder and COO of Mitiga, points out the convergence of AI-powered attacks and the rapid adoption of SaaS applications, creating new security challenges. He remarked, "Generative AI, with its ability to craft sophisticated, context-aware content, will empower threat actors to automatically scan SaaS environments, find vulnerabilities, and launch precise, rapid attacks."

Scott Kannry, Co-Founder and CEO of Axio, discusses the evolving nature of cyber risk quantification (CRQ) and its growing relevance beyond security teams. "To be effective, CRQ solutions must be user-friendly, business-focused tools that inform decisions by internal leaders across all departments," he noted.

Dale Hoak, Director of Information Security at RegScale, predicts the widespread adoption of AI-driven compliance tools to manage complex cybersecurity regulations. He emphasised the significance of "a global convergence of privacy laws" to streamline international commerce impacted by varying regulations.

James Fisher, Director of Security Operations at SecureCyber, foresees accelerated automation in security solutions to counteract the threats posed by AI tools. "With AI tools enabling expedited attack timelines, automated security solutions are essential," he stated, stressing the importance of updating security tools with new functionalities.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X