Cyber security threats in 2024 can be boiled down to the 2 most popular letters of our alphabet lately: “A”, “I”. Despite the presence of threats already known in previous years, it is the new AI-related attacks that have evolved enough to dominate the online space and the discussion of cyber threats. Organizations are still in the early stages of understanding this technology and the threats that follow it.
In 2025, the cybersecurity landscape will, like 2024, be shaped by several key trends that should be considered in your cybersecurity strategies. As technology (mainly AI) evolves at a rapid pace, the complexity and sophistication of threats is also increasing, requiring the ability to respond quickly and flexibly. The following article attempts to forecast cyber threats and related risks for the next several months.
1. increase in attacks supported by artificial intelligence (AI)
Cybercriminals and security experts alike are increasingly using AI. Attackers are using generative AI (genAI) to create sophisticated phishing campaigns, deepfakes and other forms of social engineering, making attacks harder to detect. An example is the use of deepfakes to bypass security features such as identity verification in KYC (Know Your Customer) processes. Another attack, particularly dangerous for phone calls, is the combination of phone number impersonation (spoofing) and voice cloning (voice cloning). On the other hand, SOC specialists are increasingly using AI-based tools to detect and respond to threats more quickly. By using such tools, data can be analyzed more effectively, anomalies can be detected and incident responses can be automated.
2. increased risks associated with remote and hybrid working
The remote and hybrid work model, which has persisted for several years, makes users’ identities, devices and data more vulnerable to attacks than in traditional work environments. Employees using different devices and networks increase the attack surface. Therefore, it is necessary to implement MDM (Mobile Device Management) systems in organizations to manage business and private devices in a BYOD (Bring Your Own Device) scenario. Information classification and protection mechanisms and DLP (Data Loss Prevention) systems can be used to protect data. It is also becoming crucial to monitor user activity and implement risk-based access policies (Zero Trust) and use modern authentication methods.
3. evolution of authentication methods
Traditional authentication methods, such as passwords, are insufficient in the face of new attacks. Key cloud service providers have been encouraging the implementation of multi-factor authentication (MFA) based on SMS or phone-installed applications for several years. However, in recent years, more innovative solutions, such as authentication using biometrics, have gained popularity. A new trend has also emerged – paswordless authentication, involving the use of FIDO2 keys, for example. The future of authentication is also solutions based on analyzing user behavior and examining risks in real time, making it possible to detect non-standard login characteristics and block a given access attempt, which automatically increases the level of security.
4. increase in ransomware attacks
Ransomware attacks are becoming increasingly common and sophisticated, increasing the need for effective mitigation services for such attacks. Ransomware is evolving into multi-extortion ransomware, where attackers threaten to both encrypt data and publish it. Organizations must be prepared for such attacks by systematically backing up data, properly educating users and developing systems to detect and investigate anomalies in network traffic.
5. lack of adequate systems and trained staff
In order to respond quickly and efficiently enough to attacks, such as the aforementioned ransomware, companies should implement additional protection measures, such as advanced threat protection software of the EDR (Endpoint Detection and Response) or XDR (Extended Detection and Response) class, SIEM (Security Information and Event Management) log collection and analysis systems, or SOAR (Security Orchestration, Automation and Response) systems to automate certain activities and eliminate threats. The use of advanced systems generates large costs associated with the purchase, training of administrators or maintenance of the solutions by third parties, which, however, is necessary at the present stage of digital transformation.
Summary
To effectively address cyber security challenges in 2025 and beyond, organizations must invest in modern security technologies and in educating IT professionals, educate employees on best practices, and develop flexible incident response strategies. A proactive approach and adaptation to the changing threat landscape will be key to protecting digital assets. Introducing innovative solutions will allow companies to build resilience to future threats and create a more secure digital environment.
By Piotr Bielinski, Microsoft 365 Architect
