The Five Trends That Will Define Cybersecurity in 2025
Although the number of companies that have taken specific measures to prevent cyberattacks has increased in 2024, the human factor will continue to be one of the main threats to critical infrastructures, public entities, and private companies.
The current geopolitical situation increases the risk of attacks on critical infrastructures. The emergence of AI as a factor creating new opportunities and threats will also be trends that will shape the course of 2025 in terms of cyber security. In addition, the new year will be characterized from the outset by human error as a risk factor and by the consolidation of email as a gateway for attacks.
According to the predictions of Nettaro, a Spanish specialist in cybersecurity and observability, 2025 will be a year of digital paradigm shift. If 2024 was a time of awareness of the need to implement measures to reduce or mitigate the risk of cyberattacks, in 2025, the emergence of new threats and the consolidation of some that were already present in previous years, will force to redouble efforts in proactive prevention and to decisively increase the budgets dedicated to cybersecurity. Nettaro therefore identifies the five trends that will mark the new year in terms of cybersecurity.
1. New prevention measures against possible attacks by state actors on critical infrastructures.
With geopolitical challenges such as the continuation of war in the Middle East and Eastern Europe, the possibility of attacks on critical infrastructure is becoming an important issue that governments and businesses should not ignore. Whether it's to destabilize a government, undermine its international credibility or demonstrate power, 2025 is likely to see an increase in ransomware attacks. with double extortion, in which relevant data is stolen and then encrypted and a large sum of money is demanded to prevent its disclosure. In addition, the possibility of denial-of-service attacks on infrastructures such as power plants, hospitals or banks multiplies the need to strengthen preventive measures.
2 AI as a new player in cybersecurity: threats and opportunities
Threats related to the use of AI will increase by 2025, thanks to its capacity for automation and personalization. In the case of malware, threats will multiply due to processes that make use of machine learning to adapt and evolve, modifying their structure according to the environment to evade security defenses. Likewise, personalized phishing attacks will become very important, making use of the capacity for data analysis and positioning, creating fraudulent emails that are personalized to the maximum extent possible, targeted specifically at vulnerable contacts in a given company or entity.
Despite these risks, AI will also be an important ally in the prevention of cyber-attacks, especially in terms of early threat detection, as it allows the analysis of large volumes of data to identify patterns and anomalies that anticipate an imminent attack. Automation will also be applied to incident response, as it will make it possible to isolate infected systems or apply corrective patches without the need for human intervention, thus reducing the risk of the threat spreading to the rest of the affected company's systems. Similarly, thanks to AI, it will be possible to detect vulnerabilities in systems and applications more efficiently in advance, and to reduce the risk of attacks by applying machine learning based on information about known risks.
3. The impact of NIS2 and DORA leads to adaptation of measures to comply with regulations
2024 stood out for the increase in the number of cybersecurity-related incidents, which grew by 24 percent over the previous year according to the Report on the State of Cybersecurity in the European Union presented by (ENISA (European Union Agency for Cybersecurity). Therefore, the new European regulations on cybersecurity will condition, to a large extent, investments in new technology by companies and public institutions.
Although the NIS2 (Network and Information Security) directive should have come into force by the end of 2024, it will be in 2025 that states will be obliged to implement it by drawing up a list of essential and important entities that will be directly affected by its application. Aimed especially at protecting data in what are considered critical sectors (banking, financial services, healthcare, transportation or water management, among others), this directive requires measures across a broad spectrum, from the application of security patches to the implementation of measures to secure the transmission of information over the network.
The DORA (Digital Operational Resilience Act) regulation will also be the focus for cybersecurity in 2025. Created with the aim of improving operational resilience and cybersecurity in the financial sector, this regulation seeks to establish requirements for incident management to protect, detect, contain, contain, recover and remediate IT-related incidents. All this, recognizing that cybersecurity incidents and lack of operational resilience can be a cause of serious conflicts, putting at risk the soundness of the entire European financial system.
4. The human factor as the weakest link in the cyber security chain
No security system is robust and secure enough to prevent a cyber threat if a human opens the door to your critical applications to the attacker. According to the World Economic Forum, 95 percent of cybersecurity incidents are due to human error. Weak or unprotected passwords, using software that has not been approved or comes from untested vendors, not updating devices or lack of risk awareness for phishing attacks are just some of the major mistakes.
Therefore, in 2025 there will be an exponential increase in initiatives aimed at educating and sensitizing users about the risks of cyberattacks. The aim is to create a greater security culture in companies, about the risks and threats and where they occur, and above all about what measures should be taken to prevent them and mitigate their possible consequences as much as possible. In this sense, automated security awareness solutions will proliferate. These should make it possible to design, program, monitor and evaluate the security performance of a given company's employees without the need for human intervention. Thanks to automatic risk detection, it is possible to tailor training to specific needs. This multiplies their effectiveness and reduces the time and investment required by companies.
5. Email as the main vehicle for cyberattacks
According to the HP Wolf Security Threat Insights report, 53 percent of threats last year came from email, while 25 percent came from direct downloads via web browsers. As a result, cases of identity theft through cracking —either through brute force or dictionary attacks—, stealing —obtaining account data directly from the user through malware or phishing campaigns—, stuffing —using information leaked in data breaches to reuse data—or buying —direct purchase of databases containing leaked data used in previous attacks—continue to be common.
In any case, advice and support from specialists such as Nettaro not only enables the response in the event of a cyberattack, but also lays the foundation for preventing, recognizing, and reducing risks, as well as making users aware of the risks they are taking and their consequences.