Cybersecurity 2025
Joaquín Castellón Director of Cybersecurity & Defense
Posted on 23 of January of 2025 .

Cybersecurity Trends for 2025

January is a month to try to foresee what the new year will bring and to make decisions according to our forecasts. It is about looking at how the previous year has evolved and trying to project into the new year. 


Always bearing in mind that new issues will arise that we have not foreseen and that we will have to manage as they arise, and without ruling out the appearance of a "black swan", a highly improbable but high-impact event, which will overturn all our forecasts. 


Among the issues that will set the agenda for cybersecurity in 2025, I would highlight:

Strategic Framework: Increased number of attacks

-Open conflicts: The ongoing conflicts in Ukraine and Gaza will continue to have an impact in cyberspace. Today, every armed conflict is associated with an inevitable confrontation in cyberspace, involving not only the direct combatants, but also like-minded countries on both sides. 

-Cybercrime continues to grow: Cybercrime continues to improve its revenues year on year, having far surpassed the profits of criminal organisations involved in drug trafficking. This trend is marked by the perception that offending in cyberspace carries little risk compared to the great economic benefit that can be obtained. Most cyber-attacks never escalate into legal proceedings. 

-Economic and trade tension: The growing trade-economic rivalry between China and the West will also stir up the cyber-security hornet's nest. The difficult traceability of actions in cyberspace will encourage actions by both sides using cyberspace.

 

To be considered in 2025

-Impact of Generative AI: Following the 2024 trend, there is no doubt that the use of AI-based tools by cyberattackers will continue to grow. The use of AI in the different phases of a cyber-attack is leading to an increase in the number and sophistication of attacks.

Particularly damaging is its use to create highly realistic fake digital content, a technique known as deepfake. These videos or audios are created using tools or programmes that use AI-based technologies that allow the exchange of faces in images or the modification of the voice.

-State-sponsored attacks: Increase in attacks that are politically or militarily motivated and generally committed by so-called Advanced Permanent Threat (APT) groups. These groups are characterised by the high sophistication of their attacks and by the fact that they are prolonged in time. 

-IT/OT Convergence. IoT devices: IoT devices The convergence of IT (Information Technologies) and OT (Operational Technologies) addresses the integration of IT systems and industrial control systems. This integration is key to the development of so-called smart factories, but at the same time increases the exposure surface of OT networks, which are generally more difficult to protect.

Moreover, as the Internet of Things (IoT) continues to grow at a rapid pace, it is no secret that many of the devices that are becoming part of the IoT have easily exploitable vulnerabilities.  

-Ransomware as a service: Of particular concern is the evolution that various cybercriminal organisations are adopting towards a business model known as Ransomware as a Service (RaaS). This model allows cybercriminals without advanced knowledge to launch ransomware attacks through access to ransomware platforms on a pay-per-use basis. This new modus operandi is meaning that non-technical cybercriminals are launching large-scale attacks.   

-Supply chain Hyperconnectivity: High connectivity is effectively transforming the way supply chains are managed. This high connectivity brings with it an added risk that is generally exploited in attacks on large corporations. 

 

The use of AI, among other technologies, is evolving new platforms that protect our assets

 

-Post-Quantum Cryptography: The protection of our data relies on cryptography as an ally. Red lights have gone up at the ever-approaching advent of quantum computing that will blow traditional encryption out of the water. This year is expected to be a key year for the development of the new post-quantum number. 

Zero Trust model: continues to be considered the best strategy. Multi-factor authentication, network segmentation or identity management will remain key to enterprise security. 

-New Cybersecurity Platforms: The use of AI, among other technologies, is evolving the new platforms that protect our assets, achieving a high integration of solutions, greater automation of responses and consequently a reduction in personnel. 

-Regulatory Compliance: The alignment of administrations and the private sector to the growing cybersecurity regulations, especially in EU countries, is one of the priorities. Organisations are seeking to improve their resilience with the implementation of new regulations while avoiding increasing legal risk.  

-Cybersecurity Talent ShortageIt: is estimated that the demand for qualified cybersecurity profiles is at least double the supply. This is a conditioning factor in establishing a cyber security strategy.

Blog

< Go back