Legendary baseball player Yogi Berra once said, “It’s tough to make predictions, especially about the future.” It seems obvious, but predicting the future is risky. At the same time, imagining or anticipating the challenges to come is essential for preparedness and success. In the ever-changing field of cybersecurity, predictions or understanding potential threats help organizations protect themselves. With that in mind, Netwrix, a cybersecurity vendor, has released key IT security trends expected to impact organizations in 2025.
Artificial Intelligence
Ilia Sotnikov, Security Strategist at Netwrix, highlights three major trends for the coming year. First, Artificial Intelligence (AI) will enhance business operations. Organizations will adopt AI-powered solutions across various functions to boost productivity and speed up decision-making. That seems a pretty safe bet. However, AI introduces additional attack surfaces and unfamiliar threats. Security teams must adapt existing processes like data access governance, privileged access management, and activity monitoring to mitigate these risks.
Social Engineering
Second, social engineering attacks will become more sophisticated. Malicious actors will launch highly effective spear phishing, business email compromise campaigns, and deepfake voice and video calls. These attacks use information from massive corporate data leaks and social media, analyzed with advanced technologies. To reduce risk, organizations should require identity verification for all participants in financial transactions using tokens, authenticators, or secret codewords.
Compliance
Third cybersecurity prediction, compliance will grow more complex. New cybersecurity regulations like the US National Cybersecurity Strategy, NIS2, and the Cyber Solidarity Act will make third-party cyber risk management more critical. Organizations with international footprints or supply chains must see compliance as more than a checklist. They need a solid security architecture that aligns business and security processes.
Cybersecurity Threats In Hindsight
Looking back, Dirk Schrader, VP of Security Research at Netwrix, notes that previous predictions were accurate. In 2023, cyber insurance requirements tightened as expected. According to Netwrix research, the percentage of organizations that had to enhance their security posture to meet insurers’ demands increased from 22% in 2023 to 30% in 2024. Insurers now demand quarterly or semi-annual assessments to ensure continuous improvement in security practices. Some even extend coverage to risks like data poisoning and inadvertent copyright infringement in AI model training, which were unimaginable a few years ago.
Supply chain attacks have also risen, as anticipated in 2022. These attacks have a longer impact. For example, 18 months after the MOVEit vulnerability exploitation in 2023, stolen data from new victims appeared on the dark web. To defend against such threats, organizations should strictly limit access granted to external personnel, closely monitor for suspicious behavior, and implement comprehensive change management with file integrity monitoring to detect altered software.
“As cyber threats become more sophisticated in 2025, regular cybersecurity awareness training for business users remains important,” says Dirk Schrader. “However, organizations should not rely solely on training to thwart all attacks. Adopting a Zero Trust model based on least privilege can dramatically reduce the attack surface while facilitating regulatory compliance.”
The future, in all respects, presents both challenges and opportunities. Cybersecurity threats and predictions are no different. But we are not lost to wander aimlessly into it. By considering the possible demands of the future and learning from the past, organizations can better prepare for the evolving threat landscape.
Source: Netwrix Research Lab: What to Expect in Cybersecurity in 2025 and How Our Previous Predictions Fared.
Other News: SEC settles with ICBC unit over ransomware attack, imposes no fine.
