Image: — © AFP
This year was marked with numerous cyberattacks, such as the massive breach at Ticketmaster or the MediSecure data breach. Organizations can probably expect to face the same or similar challenges this year, while other cybersecurity threats will evolve to the next level.
In 2024, the average cost of a data breach reached $4.88 million, an increase of 10 percent since 2023. Financial loss aside, data breaches also damage companies’ reputations, and gaining back the trust of clients and partners can prove to be a challenge.
AI-powered cyberattacks, cloud and Internet of things vulnerabilities, quantum-based attacks, and the old tried-and-true methods of cybercriminals will be the four leading cybersecurity risks businesses should look out for in 2025.
This is according to Andrius Buinovskis, a cybersecurity expert at NordLayer, who provides details on the risks to businesses.
To prevent the worst outcome, Buinovskis alerts Digital Journal readers about four leading cybersecurity threats organizations should look out for in 2025.
AI will make cyberattacks more advanced
AI-generated ransomware attacks are growing and becoming more sophisticated. A report found that 59 percent of organizations informed that they had experienced an attack in 2024.
“With the help of AI, ransomware attacks will become faster and more accurate. Due to automation, the number of ransomware attacks will likely increase because they will be easier to deploy, meaning that more businesses will be put at risk,” says Buinovskis.
“Additionally, ransomware-as-a-service was the fastest growing threat in 2024, and it will continue to pose a challenge for businesses in the upcoming year as well, so a comprehensive prevention strategy is a must.”
Up to 93 percent of respondents state that they believe they will face daily AI attacks within the next six months. Buinovskis predicts that the growing AI agent market will add to the risks as well — while businesses use AI agents to defend their systems because of their threat detectability, quick response, and adaptability, hackers exploit AI agents for more sinister gains.
“AI agents are another tool hackers use to automate cyberattacks — these agents look for vulnerabilities and steal sensitive data around the clock. It’s a double-edged sword because, on one side, cybersecurity defense systems are evolving, but on the other side, cybercriminals are keeping up with the trends. That’s why enterprises must always be two steps ahead to ensure cybersecurity,” explains Buinovskis.
More focus on cloud and Internet of things (IoT) vulnerabilities
Organizations are continuing to move to the cloud — Gartner analysts predict that 85 percent of organizations will embrace a cloud-first principle by 2025. Despite the benefits like cost-effectiveness and ease of scaling, inefficiently secured cloud platforms are an attractive target for cybercriminals.
“Organizations should prioritize cloud security and get ahead of hackers because, in the upcoming year, threats like DDoS attacks, data breaches, inadequate data backups, and compliance violations will continue to be a challenge for businesses. These threats might become more common and sophisticated because cybercriminals will also use AI to automate their attacks on cloud systems, expanding their pool of victims,” Buinovskis indicates.
With more businesses moving to the cloud, the number of IoT devices is also expected to grow. Many of these devices, like smart home appliances, lack proper security, because their primary objective is simply to be useful, making them an easy target for cybercriminals.
New emerging threat for cybersecurity — quantum-based attacks
Earlier this year, researchers in China announced they had found a way to break the most common online encryption using quantum computers with just 372 qubits. The news was widely welcomed as a significant milestone in computer security, but it’s also a great cause for concern for organizations looking to secure their data.
“It’s important to note that quantum-based attacks are still a few years away. However, this new revelation is a clear sign that businesses must be on their toes and transition to encryption methods that can resist quantum decryption before it’s too late,” warns Buinovskis.
The tried-and-true
While quantum-based attacks are a completely new method, the old tried-and-true forms of hacking still yield the desired outcome — for the first time in 2024, exploiting valid accounts (using stolen credentials to log-in to existing, verified accounts) became the most common way for cybercriminals to access organizations’ networks, making up 30 percent of all incidents.These findings also coincide with data on the dark web.
“It seems that bad actors have taken the easiest route to achieve their goals — and it’s working. User error has been one of the biggest threats in cybersecurity, and it will continue to pose a challenge for organizations next year because employees continue to be easy targets. Attacks like phishing emails require little effort and human resources. Since they’re still successful, it’s unlikely that cybercriminals would abandon tactics that yield such high results because it’s one of the simplest ways to infiltrate the business’s network,” Buinovskis concludes.
Dr. Tim Sandle
Read More