As we step into 2025, the cyberthreat panorama is as soon as once more extra dynamic and difficult than the yr earlier than. In 2024, we witnessed a exceptional acceleration in cyberattacks of all sorts, many fueled by developments in generative AI. For safety leaders, the stakes are greater than ever. On this submit, I’ll discover cyberthreat projections and cybersecurity priorities for 2025. These predictions should not simply forecasts—they’re calls to motion to organize for the challenges forward and guarantee companies keep forward of the risk curve.
Earlier than diving in, let’s replicate on just a few 2024 predictions that rang true, shaping classes we stock ahead into the brand new yr.
Reflecting on 2024: GenAI, RaaS, MiTM
Generative AI facilitated a surge in cyberattacks all through 2024. Menace actors used AI instruments to orchestrate extremely convincing and scalable social engineering campaigns, making it simpler to deceive customers and infiltrate techniques. Organizations have responded—and should proceed to—by adopting AI-powered cybersecurity instruments and implementing zero belief structure as a vital countermeasure.
Ransomware-as-a-service performed its half in one other rush of ransomware in 2024, contributing to a 57.8% improve in extorted firms listed on information leak websites. RansomHub, recognized by the Zscaler ThreatLabz analysis staff as one of many latest ransomware teams on the scene, emerged as a high RaaS associates program and gained notoriety for its function in a $22 million ransomware heist focusing on a distinguished healthcare group.
Man-in-the-middle (MiTM) assaults made headlines in 2024, as anticipated. In a single high-profile incident, hackers focused Australian airport Wi-Fi networks with a basic ”evil twin” rip-off—a faux community designed to imitate a reputable one. An evolution in MiTM, adversary-in-the-middle (AiTM) assaults, was additionally noticed by ThreatLabz, as detailed within the ThreatLabz 2024 Phishing Report. Collectively, these traits reminded us of the frequent reliance on interception methods—a sample poised to proceed into 2025, as I’ll spotlight on this yr’s predictions.
2025 predictions: AI (once more), insider threats, and extra
Listed below are eight cybersecurity traits and predictions I anticipate will form the panorama—and safety priorities—within the yr forward.
Prediction 1: AI-powered social engineering will attain new highs
In 2025, GenAI will elevate social engineering assaults to new ranges, particularly with voice and video phishing gaining vital traction. With the rise of GenAI-based tooling, preliminary entry dealer teams will more and more use AI-generated voices and video together with conventional channels. As cybercriminals undertake localized languages, accents, and dialects to extend their credibility and success charges, it should turn out to be tougher for victims to determine fraudulent communication.
We don’t have to go exterior of Zscaler’s partitions to seek out examples of such an assault. In 2023, a hacking group used AI to impersonate Zscaler CEO Jay Chaudhry in an try to idiot a Zscaler worker. Study extra about it within the ThreatLabz 2024 Phishing Report.
This pattern, amongst different AI-powered social engineering assaults, will amplify id compromise, ransomware, and information exfiltration in 2025.
Prediction 2: Securing GenAI will stay a enterprise crucial
As world organizations more and more undertake generative AI purposes, each first-party and third-party, securing these techniques will stay a high precedence. In contrast to conventional purposes, GenAI launched distinctive risk fashions, together with dangers of unintentional information leakage and adversarial assaults geared toward poisoning AI outputs.
This was a key dialogue level at this yr’s World Financial Discussion board (WEF) Annual Cybersecurity Summit, the place the consensus amongst my fellow world CXOs and CISOs was that GenAI purposes have to be handled as a part of general enterprise safety technique—not as standalone initiatives.
In 2025, organizations might want to double down on implementing efficient security controls to guard AI fashions and delicate information swimming pools in addition to make sure the integrity of AI-generated content material.
Prediction 3: Companies will face extra insider risk vectors
Insider threats will turn out to be a better problem for companies in 2025 as risk actors more and more bypass enterprise cybersecurity measures by planting malicious insiders as staff or contractors, or by compromising firms concerned in mergers and acquisitions (M&A). As soon as inside, they are going to use reputable credentials and entry to do actual injury, particularly if the group makes use of legacy structure involving firewalls and VPNs.
As ThreatLabz documented late final yr, North Korean risk actors had been experimenting with Contagious Interview and WageMole campaigns to acquire distant employment alternatives in Western nations. By way of more and more refined means, these teams improved their possibilities of efficiently stealing delicate information and evading financial sanctions.
Defending delicate information and significant techniques from insider threats would require a unified, zero belief framework, bolstered by AI-powered risk detection and inline TLS/SSL inspection.
Prediction 4: Regulation with out harmonization might lead to a weaker cybersecurity protection
As nations worldwide introduce new rules for cybersecurity, AI, and information privateness, a scarcity of harmonization will improve operational overhead. Organizations’ cybersecurity posture might endure as they divert assets towards compliance controls quite than significant danger discount exercise.
This was one other key space of focus on the WEF Annual Cybersecurity Summit, the place world safety leaders emphasised the significance of collaboration to shut regulatory gaps and set up cohesive requirements, notably for rising applied sciences like GenAI.
With out coordinated governance, nationwide and worldwide organizations danger forcing emphasis on compliance over danger discount in information safety—in addition to stifling innovation.
Prediction 5: Adversary-in-the-middle (AiTM) phishing assaults that evade multifactor authentication (MFA) will turn out to be extra prevalent
Over the previous yr, a regarding pattern has emerged the place adversaries efficiently circumvent enterprise MFA by AiTM proxy-based phishing assaults. In 2025, anticipate phishing kits to more and more embody refined AiTM methods, localized phishing content material, and goal fingerprinting—all, after all, enabled by AI.
As documented within the annual ThreatLabz Phishing Report, AiTM proxy kits at the moment can intently mimic reputable net pages, making them tough for even safety groups to simply determine. Menace actors distributing these proxy kits favor imitating generally trusted manufacturers akin to Microsoft and Gmail as a result of widespread frequent use of those acquainted codecs.
To counter these evolving threats, organizations should prioritize adopting a stronger type of MFA (akin to FIDO2-compliant strategies) alongside a strong zero belief structure.
Prediction 6: “Encryption-less” ransomware assaults that extort victims with lowered disruption will improve
Ransomware risk actor teams will more and more extort companies to guard their information whereas avoiding main disruption by utilizing encryption-less ransomware assaults in 2025, flying below the radar of media and regulation enforcement. These teams concentrate on stealing massive volumes of knowledge demanding ransom and see themselves as offering a worthwhile service to sufferer firms by figuring out their cyber vulnerabilities.
This technique permits them to take advantage of weaknesses whereas sustaining a low profile—a tactic that labored for Darkish Angels and their historic ransomware payout. This tactic has gained reputation as a result of it’s a a lot sooner and simpler transaction for the risk actors and the victims, with no ensuing restoration effort or time.
This tactic is more and more favored by cybercriminals aiming to evade regulation enforcement efforts to dismantle teams like these behind the notorious SmokeLoader.
As worldwide collaboration to fight organized cybercrime intensifies, anticipate ransomware risk actors to put a premium on stealthy methods to assist them keep away from detection.
Prediction 7: Making ready for quantum-driven threats will turn out to be important as quantum safety dangers materialize
Quantum computing will give rise to a brand new dimension of threats over the following decade, and 2025 will probably be a pivotal yr for organizations to begin planning for these future dangers. A urgent concern already taking form includes nation-state risk actors stealing and storing encrypted TLS classes with the intent to interrupt the encryption and decrypt it sooner or later. This danger is particularly excessive for organizations counting on cryptography that’s not quantum-safe—a typical nonetheless not extensively adopted.
International CXOs should act now to transition towards quantum-safe cryptography requirements.
Prediction 8: Software program provide chain safety will stay a high precedence for world CXOs
As adversaries more and more goal software program provide chains, together with contractors, software program provide chain safety will keep on the high of agendas in 2025. Past strengthening third-party danger administration packages, organizations should take further measures to defend towards provide chain assaults.
Implementing a zero belief structure with segmentation to your crown jewels, together with CI/CD environments and inline inspection for threats and information leakage, will probably be vital to defend towards software program provide chain assaults.
From prediction to motion: Strengthening your safety in 2025
These predictions for 2025 will demand a heightened concentrate on proactive protection methods. Organizations should prioritize a zero belief structure, harness the ability of AI-powered safety controls, and foster a tradition of safety consciousness. By aligning these efforts with strategic planning and innovation, companies will probably be in a greater place to counter rising threats within the yr to return and past.
The Zscaler Zero Belief Alternate helps organizations scale back danger throughout all 4 phases of the assault chain:
- Reduce the assault floor: Zscaler successfully minimizes the assault floor by hiding customers, purposes, and units behind a cloud proxy, the place they don’t seem to be seen or discoverable from the web.
- Stop preliminary compromise: The Zero Belief Alternate employs in depth TLS/SSL inspection, browser isolation, superior inline sandboxing, and policy-driven entry controls to forestall customers from accessing malicious web sites and detect unknown threats earlier than they attain your community.
- Get rid of lateral motion: Person-to-app or app-to-app segmentation will guarantee customers join on to purposes (and apps to different apps), not the community, eliminating the danger of lateral motion.
- Cease information loss: Inline information loss prevention measures, mixed with full TLS/SSL inspection, successfully thwart information theft makes an attempt. Zscaler ensures that information is secured each in transit and at relaxation.
By leveraging its unmatched scale and wealthy information basis—processing greater than half a trillion each day transactions—Zscaler is poised to rework AI capabilities for the cybersecurity business, enabling organizations to mitigate dangers and optimize efficiency.
Request a customized demo to see how Zscaler might help tackle your group’s safety wants.
Comply with Zscaler ThreatLabz on X (Twitter) and our Safety Analysis Weblog to remain on high of the most recent cyberthreats and safety analysis. The ThreatLabz analysis staff repeatedly displays risk intelligence from the world’s largest inline safety cloud and shares its findings with the broader safety group.