CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Guides
#
cybersecurity
#
data analytics
#
data analytics
#
digital transformation
#
hybrid & remote work
Search
Story image
#
Cloud Security
#
Phishing
#
Email Security

The top cybersecurity predictions for businesses in 2025

Yesterday
By Matt Caffrey, Senior Solutions Architect, Barracuda ANZ

Cybercriminals continuously refine their methods, tools, and tactics to exploit new opportunities, target vulnerabilities, and evade detection. Meanwhile, cybersecurity tools must evolve just as quickly, harnessing innovation and advanced technology to defend against increasingly complex attacks.

Predicting the future is never easy, but by analysing the past year's trends and developments, we can gain valuable insights into what lies ahead. 

Our research, insight and experience in 2024 suggest that in 2025:

1. Threat actors will invest ever more time and effort into evading or disabling security measures. They will leverage novel, complex, and sophisticated techniques, such as the endpoint detection 'EDR killer' designed to disable endpoint security and advanced phishing methods that can bypass traditional security.

Defence evasion isn't new, it has been a part of attack chains for many years, but in the past, we would see threat actors disengage when encountering a security control preventing them from pressing forward. In 2024, we've observed attackers employing new complex methods to evade and/or disable typical security with determination, focus and resources. In 2025, we expect attackers to be even more persistent, leveraging advancements in artificial intelligence (AI) to facilitate their efforts.

2. AI-powered attacks will continue to evolve, making attacks increasingly personalised, faster, and harder to detect. Cybercriminals' integration of generative AI can make social engineering attacks more convincing, phishing campaigns more widespread, and help them to bypass traditional defences. They will use automation to execute large-scale attacks and target vulnerabilities in software and systems across organisations. AI-enhanced threats will take many forms, from phishing emails generated with flawless grammar and personal details or deepfakes to highly adaptive malware that can learn and evade detection systems.  

Tech leaders are also apprehensive how their data might be used in training large language models (LLMs). Organisations fear that employees might inadvertently expose sensitive information to AI applications like ChatGPT and Google Bard, leading to potential data breaches and privacy violations.  

3. More attacks will feature multiple approaches. There will be a rise in multichannel, multistage attacks. This will include attacks that infiltrate one platform, such as email, messaging, or collaboration platforms, and then expand laterally to others. More attacks will leverage vulnerabilities in interconnected devices and exploit identity-based vulnerabilities. The increase in email attacks using novel techniques such as QR codes hidden within PDFs will also likely continue as cybercriminals look for ways to evade detection.

4.Organisations will also worry ever more about the "unknown" — undetected security gaps, new attack methods, accidental supply chain threats, or an attack occurring without their knowledge — as threat actors increasingly leverage novel tools and techniques to help them breach systems, exfiltrate data, or compromise infrastructure without triggering any immediate alarms. 

We can expect a rise in targeted attacks on critical infrastructure and small-to-medium enterprises, which often lack the robust security resources of larger organisations. Cybercriminals will likely continue exploiting vulnerabilities in outdated systems and supply chains, making it crucial for companies to invest in stronger, more adaptive security frameworks.

Building resilience in 2025
To combat these evolving threats, organisations must prioritise an integrated, AI-powered approach to cybersecurity. This includes:

  • XDR and centralised visibility:

Fragmented visibility remains a concern for organisations, as it hampers their ability to detect and respond to evolving threats. By breaking down silos between email, network, and endpoint security layers, XDR enhances detection accuracy and simplifies response to complex, multi-vector attacks before they escalate. With XDR solutions, businesses can achieve real-time insights and response capabilities across all devices, applications, and networks.

  • Comprehensive asset inventories and data privacy compliance

As businesses increasingly rely on cloud-based services, protecting sensitive information has become a top priority, especially in the face of growing ransomware threats. With stricter data privacy regulations coming into play, businesses are needing to manage their security posture across diverse environments. Knowing exactly what data is being stored, where it resides, and how it is protected is essential to staying compliant and safeguarding against emerging threats.

Maintaining a complete, up-to-date inventory of all connected devices can reduce attack surfaces and ensure endpoint protection. Without visibility into every device, unprotected endpoints can become entry points for attackers, putting sensitive data at risk.

As the cybersecurity landscape grows more complex, businesses must stay proactive in their defences. By embracing innovative solutions and maintaining a vigilant posture, they can navigate the challenges of 2025 with confidence.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Pegasystems unveils AI-driven Pega Smart Investigate update
SAP Concur reveals 2025 predictions for T&E management
FSO reveals top 10 insights shaping Australia's 2024 skills
Financial sector's growing focus on cloud resiliency in 2023
SAP Concur forecasts 2025 trends in travel management tech
Top stories
Pure Storage on AI, sustainability & cybersecurity trends in ANZ
Wolters Kluwer unveils new TeamMate+ audit features
Pegasystems launches AI-enhanced solution for bank disputes
RapidCanvas secures USD $16 million to advance AI solutions
VMware customers concerned over rising costs & licensing