As 2024 comes to an end, we expect to see a new year of innovation and greater adoption of new technologies and an increase in cybersecurity vulnerabilities for businesses. As such the sophistication of cyber security threats will likely rise in 2025 and the proliferation of technologies such as AI will make organizations more prone to falling victim to threat actors.

This is set to be impacted by the cyber skill shortage of 2024 which has been a challenging year with budget cutbacks and layoffs. Other trends that we expect to see are highlighted below.

Adoption of zero-trust architecture

In an era where cyber threats are not a matter of "if" but "when" and where organizations are operating under the "assume breach" mindset will continue to drive the adoption of zero trust. Zero trust eliminates the implicit trust that was granted to users and devices in the legacy "castle-and-moat" model and instead is based on the principle of "never trust, always verify". Under this model devices and users are continuously authenticated and authorized.

Quantum computing and post-quantum cryptography

Forbes predicts that quantum computing will begin gaining traction in the mainstream business in 2025. This brings the risk of reaching what is referred to as Q-Day. This is the day that advanced quantum computing reaches the point of being able to crack encryption methods that are used to protect data and safeguard traffic on the Internet. To mitigate this risk, organizations need to adopt post-quantum cryptography strategies using post-quantum encryption standards released in 2024 by NIST.

Increase in vulnerable Windows endpoints

Windows 10 will reach the end of support from Microsoft on October 14, 2025. The ability to upgrade to Windows 11 on systems that are 2018 or older may not be an option due to Windows 11's hardware requirements. This will result in a significant increase in unsupported systems vulnerable to cyber threats.

More frequent and sophisticated ransomware attacks

Ransomware attacks will increase in frequency through the continued rise of ransomware-as-a-service (RaaS). This coupled with the use of AI provides cybercriminals with limited technical abilities to easily and affordably conduct powerful and sophisticated ransomware campaigns with increased precision and speed.

Increased focus on critical infrastructure

Critical infrastructure will become a greater focus for nation-state actors seeking to carry out cyberattacks against enemies across the globe. These environments often lack adequate funding for cybersecurity programs, have less mature cybersecurity practices and contain ageing operational technology (OT) that lacks robust security measures. This makes these environments prime targets with the potential to cause significant damage.

As we look ahead to 2025, organizations must be proactive in addressing the evolving threats and technology adoption. The rise of sophisticated attacks, particularly ransomware, paired with the increasing vulnerabilities in critical systems and endpoints, highlights the urgent need for robust security measures. It is also to consider the ongoing cybersecurity skills gap which will be crucial for building resilient teams capable of navigating these challenges. By adopting a forward-thinking and comprehensive security approach, businesses can better protect themselves against the imminent risks that lie ahead.