Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive.
By Aimei
Wei, Founder and CTO of Stellar Cyber
Cybercrime
grows every year and is now larger than the illegal drug trade. The future will
be even worse, because attacks are more frequent and costly than ever. But if
AI tools help hackers, they can also level the playing field for cybersecurity.
Attacks
are Up, Up, Up
Cybersecurity
Ventures predicts payouts from victims to reach $10.5 trillion by
2025. According to a 2024 article in Forbes:
- There
were 2,365 cyberattacks in 2023, with 343,338,964 victims.
- 2023
saw a 72% increase in data breaches since 2021, which held the previous
all-time record.
- Around
the world, a data breach cost $4.88 million on average in 2024.
- Email
is the most common vector for malware, with around 35% of malware
delivered via email in 2023.
- 94% of
organizations have reported email security incidents.
- Business
email compromises accounted for over $2.9 billion in losses in 2023.
The
Attack Surface is Bigger Than Ever
- There
are now 30-40 billion devices on the internet worldwide -we're all
connected to each other, and perimeter defenses like firewalls alone are no
longer effective.
- 90%
of business email compromises come from individuals clicking on malicious
links. These attacks on individuals or small companies can leak out to larger
companies or government agencies.
- Remote
work trends have exploded the attack surface, and although they may work for
companies with good protection, individuals have become complacent at remote
sites.
It's
a grim picture. In 2025, hackers will increase their use of AI and deepfakes to
create new, more sophisticated attacks more quickly.
AI-Assisted
Attacks are Becoming Common
Malicious
actors are increasingly using AI to penetrate perimeter defenses. Hackers
use Large Language Models that work with Generative AI applications
(like ChatGPT) to accelerate attack creation and automate email message
targeting.
Recently,
one AI-driven exploit was used to attack a US-based water system, remotely
raising the chlorine level in the water and impacting 17 states.
Deepfakes
are Assaulting Credibility
Another
growing trend is the use of deepfakes in videos, emails and phone calls to scam
money from individuals and businesses. An article in The Treasurer magazine
states that CEO fraud targets at least 400 companies every day, and other top
executives are also targets of these attacks. In one
incident, hackers used deepfakes of a company's CFO and other employees in
a videoconference to get an employee to transfer $25 million to an
account in Hong Kong.
Cyberwarfare
- The New Frontier
If
you thought state-based disinformation campaigns were bad, we now have
countries using cyberattacks against one another. Recent evidence shows that
Russia, China, Iran and North Korea have worked together to launch highly
sophisticated cyberattacks in the United States. Given the potential for
disruption and economic damage, cyberattacks could well become the primary
means by which countries attack one another.
For
today, though, phishing emails and messages have provided
unauthorized access to networks and sensitive data for the vast
majority of hackers in the millions of campaigns conducted over the last 12
months. Many people spot phishing attacks because they contain spelling or
grammar errors, or they have the wrong context, but AI tools are making it
easier for hackers to create letter-perfect emails.
To
evaluate its own phishing awareness, the National Institute of
Standard and Technology (NIST) created a test email from a spoofed Gmail
address that claimed to be from one of NIST's directors. The subject line was
"PLEASE READ THIS," and the body greeted the recipient by first name and
stated, "I highly encourage you to read this." The next line was a URL, with
the text "Safety Requirements." It concluded with simple sign-off from the
(supposed) director. This email - and others that focused on hyper-aligned
safety-requirements - had average click-through rates of 49.3%. Even in
shockingly short, single-line attacks - it's the message's cues and context
that dictate its efficacy.
Fighting
Back
Perimeter
security (firewalls and encryption) and passwords have been the two most
important safeguards, but they aren't enough anymore. Users must be extremely
suspicious of unsolicited emails, pop-up ads, and website URLs; and
organizations need advanced, AI-driven cybersecurity platforms that continually
inspect all aspects of the IT infrastructure to spot and remedy multi-vector
attacks.
In
the future, quantum computing will change the game again. It too will become a
tool for hackers, and will be used with AI to make cyberattacks even faster,
more capable and more accurate. Eventually, quantum computers will be able to
rapidly break any encryption code. Of course, cybersecurity
vendors will also incorporate the technology, so we'll continue to escalate the
arms race between the good guys and the bad guys.
##
ABOUT THE AUTHOR
Aimei
Wei, Founder and CTO of Stellar Cyber
Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua working experience for both early-stage startups including Nuera, SS8 Networks, and Kineto Wireless as well as well-established companies like Nortel, Ciena, and Cisco. Prior to founding Stellar Cyber, she was actively developing Software-Defined Network solutions at Cisco. Aimei enjoys building a product from its initial design to its final launch. Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua University of China.