Netwrix: What to expect in cybersecurity in 2025 and how previous predictions fared

Dec. 3, 2024
Key trends for 2025 involve AI adoption, social engineering attacks, and compliance challenges.

Netwrix, a vendor that delivers effective and accessible cybersecurity to any organization, today released key IT security trends predicted to affect organizations of all sizes in 2025.

Ilia Sotnikov, Security Strategist at Netwrix, shares three trends expected in the coming year:

  1. AI will enhance business operations, but security basics will remain crucial. In 2025, organizations will embrace AI-powered solutions across different business functions to increase productivity and speed decision-making. This new technology stack creates new attack surfaces and exposes organizations to previously unknown threats. To mitigate these new risks, security teams must adapt existing processes and controls, such as data access governance, privileged access management, and activity monitoring.
  2. Social engineering attacks will become more sophisticated. Malicious actors will bombard organizations with highly effective spear phishing, business email compromise campaigns, deepfake voice and video calls, and other attacks, fueled by information taken from massive corporate data leaks and social media and analyzed and correlated using new technologies. To reduce risk, organizations should require identity verification of all individuals participating in financial transactions using strategies like tokens, authenticators, or secret codewords.
  3. Compliance will become more complex. New cybersecurity regulations like the US National Cybersecurity StrategyNIS2, and the Cyber Solidarity Act will make third-party cyber risk management increasingly important, especially for organizations with an international footprint or supply chain. Instead of viewing compliance as a tick-the-boxes exercise, organizations should understand that it demands a solid security architecture that aligns business and security processes.

Checking in the rear-view mirror, Dirk Schrader, VP of Security Research at Netwrix, found that some key predictions from previous years were quite prescient:

  1. Cyber insurance requirements tightened, as expected in 2023. The percentage of organizations that had to enhance their security posture to meet their insurer's requirements increased from 22% in 2023 to 30% in 2024, according to Netwrix research. Moreover, insurers are now demanding quarterly or semi-annual assessments to ensure steady improvement of security practices. In addition, some of them are extending coverage to risks like data poisoning and inadvertent copyright infringement in AI model training, which were unimaginable just a few years ago.
  2. Supply chain attacks are on the rise, as anticipated in 2022Moreover, they have a longer tail; for example, 18 months after the MOVEit vulnerability exploitation in 2023, stolen data from multiple new victims appeared on the dark web. Core defense best practices include strictly limiting the access granted to external personnel, closely monitoring for suspicious behavior, and implementing comprehensive change management with file integrity monitoring (FIM) to spot altered software.

"As cyber threats become more sophisticated in 2025, regular cybersecurity awareness training for business users will become even more important," says Dirk Schrader. "However, organizations should not depend upon that training to thwart all attacks. Instead, they should adopt a Zero Trust model based on least privilege, which will dramatically reduce their attack surface while facilitating regulatory compliance."