As we head into 2025, cyber security experts from Barrier Networks, Acumen Cyber, Closed Door Security, i-confidential and Beyond Blue give their predictions as to what the greatest challenges and changes will be.
These will include, ‘Bounce back loans’ and crypto exchange collaboration potentially becoming viable solutions to counter ransomware, ETL pipeline adoption / full visibility adoption, more blackmail-focused social engineering, an increase in the automated targeting of SMEs, deepfakes supercharging disinformation campaigns, the global shift to the cloud will create challenges, and, finally, the busiest year on record for a growing number of regulated firms.
Ryan McConechy, CTO of Barrier Networks
‘Bounce back loans’ and crypto exchange collaboration could become viable solutions to counter ransomware
“It’s safe to say we are not winning the fight against ransomware. Every year attack activity increases, every year organisations suffer significant losses and, even in the face of increased sanctions and government crackdowns, ransomware groups continue to thrive, showing little sign of retreat.
“This leads to the conclusion that something drastic and novel needs to happen to get us ahead of these threat actors.
“Ransomware payment bans often float across the industry as a bullet-proof solution, but this would be a huge challenge for any government to successfully implement.
“Payment bans are murky, they can hurt organisations and they could potentially lead to them making payments to threat actors under the radar, which would result in a whole new area of online policing that would require significant money and time.
Instead, a more feasible approach might involve increased government support for ransomware victims. Although it’s unclear exactly what form this support would take, we could see the introduction of “bounce-back” loans, similar to those provided during the pandemic. These loans would mean governments would provide financial assistance to ransomware victims to help them rebuild their systems.
This would deter organisations from paying untrustworthy ransomware groups, while the government could enlist a set of assured providers to help organisations recover, rebuild their systems and improve their cyber defences moving forward.
Once an organisation’s systems are back up and running and normal operations have resumed, they could then begin paying back the government on an instalment basis, making it a much easier cost to absorb.
Such a scheme would keep funds circulating within the UK’s economy and strike a financial blow against ransomware operators, while potentially making the country a less appealing target.
But, if this doesn’t work, we could also see law enforcement turning to crypto exchanges to stamp out illegal transactions from ransomware.
Cryptocurrencies have long been associated with ransomware activities so regulators may work harder to cut payments off at the source. However, with no single person owning a cryptocurrency or being responsible for its overall activities this could mean closer collaboration with crypto exchanges is the solution.
Exchanges play a crucial role in processing cryptocurrency transactions, but they are also regulated by industry bodies, such as the Financial Conduct Authority (FCA). This means they have a unique position where they can monitor payments for suspicious activity.
By partnering with regulated exchanges, authorities could gain better insight into cryptocurrency transactions, helping to ensure they are legitimate and not being used to illegally hide funds earned from ransomware.
Kevin Robertson, COO and Co-Founder of Acumen Cyber
ETL pipeline adoption / full visibility adoption
“By 2025, the utilisation of advanced Extract, Transform, Load (ETL) pipelines will become a cornerstone in cyber security operations.
“Organisations will increasingly recognise the importance of doing more with the data they log and ingest, rather than leaving it raw from the source.
“Every major security function, team, or company will prioritise not just the collection, but also the enrichment and analysis of data from all sources, including endpoints, networks, cloud services, and SaaS applications.
“In an environment where cyber threats are growing in sophistication, simply aggregating raw data is no longer sufficient. Advanced ETL processes enable organisations to transform and enrich data as it is ingested, providing deeper insights and actionable intelligence. By integrating various data sources and applying contextual information, such as Cyber Threat Intelligence (CTI), security teams can uncover hidden patterns, correlations and indicators of compromise that would otherwise remain unnoticed.
“This shift towards advanced data processing allows organisations to:
- Improve Threat Detection: Enriched data enhances the ability to detect complex threats by providing a more detailed and contextualised view of activities across the network.
- Accelerate Incident Response: With more meaningful data at their disposal, security teams can identify and respond to incidents more swiftly and effectively.
- Enhance Decision-Making: Advanced analytics derived from enriched data support more informed strategic decisions and risk assessments.
- Optimise Resource Allocation: By understanding the nuances in the data, organisations can prioritise efforts and resources where they are most needed.
“Furthermore, achieving comprehensive visibility across the entire organisational estate becomes paramount. Organisations are realising that integrating data from all sources, including endpoints, networks, cloud services, and SaaS applications is hyper-critical.
“This holistic approach ensures that security teams are not blindsided by threats that exploit gaps between siloed systems.
“Adopting a best-of-breed approach, organisations will move away from relying on a single tool or source of truth. Instead, they will leverage a combination of specialised solutions that excel in different areas.
“Advanced ETL pipelines make this integration possible by standardising and enriching data from disparate sources, facilitating seamless analysis and correlation.
“The rise of advanced ETL usage signifies a fundamental change in how organisations perceive and utilise their data. Rather than treating data ingestion as a passive process, organisations will actively transform and enrich data to maximise its value. This proactive approach empowers security teams to stay ahead of adversaries by making sense of vast amounts of information and turning it into actionable intelligence.
“In conclusion, by 2025, the rise of advanced ETL usage will revolutionise cyber security practices.
“Organisations will do more with the data they log and ingest, enriching it to gain comprehensive visibility and deeper insights.
“This evolution reflects a broader trend towards proactive and intelligence-driven security operations, where the true power lies in the ability to transform raw data into meaningful, actionable information.”
William Wright, CEO at Closed Door Security
More blackmail-focused social engineering
“Advancements in AI and deepfake technology have made it easier than ever to fabricate highly convincing images and videos of individuals. This could lead to a surge in blackmail-focused attacks, particularly targeting high-profile figures.
“Unlike in the past, where attackers had to lure victims into compromising situations, they can now create entirely fabricated evidence of illicit activities. These deepfake materials could tarnish reputations and generate public uproar.
“While targeted individuals will clearly deny the images and argue they are spoofed through AI, many citizens will still be fooled, which could seriously harm reputations.
“This could encourage payments to criminals from high profile individuals, who simply want to keep their name out of the media and disassociate themselves from speculation which could harm their image.”
Increase in the automated targeting of SMEs
“As criminals increasingly turn to AI to supercharge their attacks, we can see them using the technology to execute automated attacks against smaller businesses.
“These attacks will take little legwork on the attack side but given that most small businesses won’t be prepared for them either, this means the perpetrators could still see significant returns.
“These attacks could come in the form of automated tools to scan for unpatched vulnerabilities, or they could take the form of AI-generated phishing emails.
“The speed and efficiency of the attacks will allow criminals to target a larger pool of organisations simultaneously. As a result, SMEs must prioritise strengthening their defences to avoid becoming easy targets.
“These are Closed Door Security’s predictions for the year ahead.
“There will undoubtedly be many surprises along the way, after all, adversaries like to keep us on our toes…
“We’ll see you on the battlefield.”
Brian Boyd, Cybersecurity Expert and Principal Consultant at i-confidential
Deepfakes will supercharge disinformation campaigns
“Deepfakes are supercharging disinformation campaigns, with the potential to go beyond electoral interference and target organisations directly.
“As the technology becomes more accessible, 2025 may mark a turning point where companies face direct reputational attacks, aiming to discredit or manipulate customer trust.
“We’re already seeing deepfakes used in fraud schemes, which highlights just how quickly this technology can be used in various contexts. Addressing this threat now means preparing with detection tools and response strategies to mitigate the potential for deepfake-driven attacks.
“Next year, governments and tech companies will ramp up efforts to counter disinformation, but the question remains: can they outpace the creators of increasingly convincing digital forgeries? Only time will tell.”
The global shift to the cloud will create challenges
“The global shift towards cloud computing shows no signs of slowing down as we enter 2025.
“Organisations across industries continue to embrace the cloud, leveraging its unmatched scalability, cost-effectiveness and flexibility to power their digital transformations.
“However, with this expansion comes a new wave of security challenges.
“While serverless architectures offer streamlined operations and reduced infrastructure management, they also present an increasingly complex environment to protect.
“As more businesses rely on cloud technologies, misconfigurations, increased third-party dependencies, including the increased use of third-party software libraries, and insufficient identity and access management controls are poised to rear their ugly heads. The continued rise in multi-cloud strategies further complicates security postures, forcing organisations to adapt quickly.
“To address these threats, organisations should focus on securing the application code, configuring strict access controls and be able to monitor serverless functions effectively.”
David Ferbrache, Managing Director at Beyond Blue
2025 will be the busiest year on record for a growing number of regulated firms
“2025 will be a year of significant regulatory change.
“DORA enters into force on the 17th January 2025. Transposition of the EU NIS 2 directive continues across many countries with implementation to follow. Many critical infrastructure providers are reviewing their security and resilience posture in 2025 as national regulations become clearer.
“The EU Cyber Resilience regulation came into force on the 23rd October 2024, starting the implementation clock for product cyber security, while the first set of EU AI regulations will come into force in February 2025 prohibiting use of AI systems which pose unacceptable risks.
“The UK government’s Cyber Security and Resilience bill will be tabled in Parliament in the midst of a climate of growing concern over a state cyber attack, while we also wait to see the final form of the Digital Information and Smart Data bill, with the promised modernisation and strengthening of the Information Commissioner’s Office.
“The regulatory environment at Federal level in the US will be less certain as the Trump administration strikes its balance between free market innovation and heavy weight regulation, but we can expect to see key states such as New York and California continue to develop their cyber security regimes.
“Globally it seems to be open season on cyber regulation with nations worldwide strengthening their critical infrastructure protection, developing their concept of national sovereignty in cyberspace and worrying about protection of their information space and the hearts and minds of their citizens.
“Global companies will also face the daunting task of adopting cyber security policies that can cater to the diverse requirements in varying regions, such as the EU, US, Asia, and the Far East; while also trying to genuinely manage cyber risk rather than focussing purely on regulatory compliance.”
For more cyber news, click here
