8 Cyber Predictions for 2025: A CSO’s Perspective

Here are eight cybersecurity trends and predictions I expect will shape the landscape-and security priorities-in the year ahead.

Prediction 1: AI-powered social engineering will reach new highs

In 2025, GenAI will elevate social engineering attacks to new levels, especially with voice and video phishing gaining significant traction. With the rise of GenAI-based tooling, initial access broker groups will increasingly use AI-generated voices and video in combination with traditional channels. As cybercriminals adopt localized languages, accents, and dialects to increase their credibility and success rates, it will become harder for victims to identify fraudulent communication.

We don't need to go outside of Zscaler's walls to find examples of such an attack. In 2023, a hacking group used AI to impersonate Zscaler CEO Jay Chaudhry in an attempt to fool a Zscaler employee. Learn more about it in the ThreatLabz 2024 Phishing Report .

This trend, among other AI-powered social engineering attacks, will amplify identity compromise, ransomware, and data exfiltration in 2025.

Prediction 2: Securing GenAI will remain a business imperative

As global organizations increasingly adopt generative AI applications, both first-party and third-party, securing these systems will remain a top priority. Unlike traditional applications, GenAI introduced unique threat models, including risks of accidental data leakage and adversarial attacks aimed at poisoning AI outputs.

This was a key discussion point at this year's World Economic Forum (WEF) Annual Cybersecurity Summit, where the consensus among my fellow global CXOs and CISOs was that GenAI applications must be treated as part of overall enterprise security strategy-not as standalone projects.

In 2025, organizations will need to double down on implementing effective security controls to protect AI models and sensitive data pools as well as ensure the integrity of AI-generated content.

Prediction 3: Businesses will face more insider threat vectors

Insider threats will become a greater challenge for businesses in 2025 as threat actors increasingly bypass enterprise cybersecurity measures by planting malicious insiders as employees or contractors, or by compromising companies involved in mergers and acquisitions (M&A). Once inside, they will use legitimate credentials and access to do real damage, especially if the organization uses legacy architecture involving firewalls and VPNs.

As ThreatLabz documented late last year, North Korean threat actors were experimenting with Contagious Interview and WageMole campaigns to procure remote employment opportunities in western countries. Through increasingly sophisticated means, these groups improved their chances of successfully stealing sensitive data and evading economic sanctions.

Protecting sensitive data and critical systems from insider threats will require a unified, zero trust framework, bolstered by AI-powered threat detection and inline TLS/SSL inspection.

Prediction 4: Regulation without harmonization may result in a weaker cybersecurity defense

As countries worldwide introduce new regulations for cybersecurity, AI, and data privacy, a lack of harmonization will increase operational overhead. Organizations' cybersecurity posture could suffer as they divert resources toward compliance controls rather than meaningful risk reduction activity.

This was another key area of focus at the WEF Annual Cybersecurity Summit, where global security leaders emphasized the importance of collaboration to close regulatory gaps and establish cohesive standards, particularly for emerging technologies like GenAI.

Without coordinated governance, national and international organizations risk forcing emphasis on compliance over risk reduction in data security-as well as stifling innovation.

Prediction 5: Adversary-in-the-middle (AiTM) phishing attacks that evade multifactor authentication (MFA) will become more prevalent

Over the past year, a concerning trend has emerged where adversaries successfully circumvent enterprise MFA through AiTM proxy-based phishing attacks. In 2025, expect phishing kits to increasingly include sophisticated AiTM techniques, localized phishing content, and target fingerprinting-all, of course, enabled by AI.

As documented in the annual ThreatLabz Phishing Report , AiTM proxy kits today can closely mimic legitimate web pages, making them difficult for even security teams to easily identify. Threat actors distributing these proxy kits favor imitating commonly trusted brands such as Microsoft and Gmail due to the widespread frequent use of these familiar formats.

To counter these evolving threats, organizations must prioritize adopting a stronger form of MFA (such as FIDO2-compliant methods) alongside a robust zero trust architecture.

Prediction 6: "Encryption-less" ransomware attacks that extort victims with reduced disruption will increase

Ransomware threat actor groups will increasingly extort businesses to protect their data while avoiding major disruption by using encryption-less ransomware attacks in 2025, flying under the radar of media and law enforcement. These groups focus on stealing large volumes of data demanding ransom and see themselves as providing a valuable service to victim companies by identifying their cyber vulnerabilities.

This strategy allows them to exploit weaknesses while maintaining a low profile-a tactic that worked for Dark Angels and their historic ransomware payout. This tactic has gained popularity because it is a much faster and easier transaction for the threat actors and the victims, with no resulting recovery effort or time.

This tactic is increasingly favored by cybercriminals aiming to evade law enforcement efforts to dismantle groups like those behind the infamous SmokeLoader.

As international collaboration to combat organized cybercrime intensifies, expect ransomware threat actors to place a premium on stealthy strategies to help them avoid detection.

Prediction 7: Preparing for quantum-driven threats will become essential as quantum security risks materialize

Quantum computing will give rise to a new dimension of threats over the next decade, and 2025 will be a pivotal year for organizations to start planning for these future risks. A pressing concern already taking shape involves nation-state threat actors stealing and storing encrypted TLS sessions with the intent to break the encryption and decrypt it in the future. This risk is especially high for organizations relying on cryptography that is not quantum-safe-a standard still not widely adopted.

Global CXOs must act now to transition toward quantum-safe cryptography standards.

Prediction 8: Software supply chain security will remain a top priority for global CXOs

As adversaries increasingly target software supply chains, including contractors, software supply chain security will stay at the top of agendas in 2025. Beyond strengthening third-party risk management programs, organizations must take additional measures to defend against supply chain attacks.

Implementing a zero trust architecture with segmentation for your crown jewels, including CI/CD environments and inline inspection for threats and data leakage, will be critical to defend against software supply chain attacks.

Public link

Please use the above public link if you want to share this noodl on another website.