Key trends for 2025 involve AI adoption, social engineering attacks and compliance challenges.
FRISCO, Texas, Dec. 6, 2024 /PRNewswire/ -- Netwrix, a vendor that delivers effective and accessible cybersecurity to any organization, today released key IT security trends predicted to affect organizations of all sizes in 2025.
Ilia Sotnikov, Security Strategist at Netwrix, shares three trends expected in the coming year:
- AI will enhance business operations, but security basics will remain crucial. In 2025, organizations will embrace AI-powered solutions across different business functions to increase productivity and speed decision-making. This new technology stack creates new attack surfaces and exposes organizations to previously unknown threats. To mitigate these new risks, security teams must adapt existing processes and controls, such as data access governance, privileged access management, and activity monitoring.
- Social engineering attacks will become more sophisticated. Malicious actors will bombard organizations with highly effective spear phishing, business email compromise campaigns, deepfake voice and video calls, and other attacks, fueled by information taken from massive corporate data leaks and social media and analyzed and correlated using new technologies. To reduce risk, organizations should require identity verification of all individuals participating in financial transactions using strategies like tokens, authenticators or secret codewords.
- Compliance will become more complex. New cybersecurity regulations like the US National Cybersecurity Strategy, NIS2, and the Cyber Solidarity Act will make third-party cyber risk management increasingly important, especially for organizations with an international footprint or supply chain. Instead of viewing compliance as a tick-the-boxes exercise, organizations should understand that it demands a solid security architecture that aligns business and security processes.
Checking in the rear-view mirror, Dirk Schrader, VP of Security Research at Netwrix, found that some key predictions from previous years were quite prescient:
- Cyber insurance requirements tightened, as expected in 2023. The percentage of organizations that had to enhance their security posture to meet their insurer's requirements increased from 22% in 2023 to 30% in 2024, according to Netwrix research. Moreover, insurers are now demanding quarterly or semi-annual assessments to ensure steady improvement of security practices. In addition, some of them are extending coverage to risks like data poisoning and inadvertent copyright infringement in AI model training, which were unimaginable just a few years ago.
- Supply chain attacks are on the rise, as anticipated in 2022. Moreover, they have a longer tail; for example, 18 months after the MOVEit vulnerability exploitation in 2023, stolen data from multiple new victims appeared on the dark web. Core defense best practices include strictly limiting the access granted to external personnel, closely monitoring for suspicious behavior, and implementing comprehensive change management with file integrity monitoring (FIM) to spot altered software.
"As cyber threats become more sophisticated in 2025, regular cybersecurity awareness training for business users will become even more important," says Dirk Schrader. "However, organizations should not depend upon that training to thwart all attacks. Instead, they should adopt a Zero Trust model based on least privilege, which will dramatically reduce their attack surface while facilitating regulatory compliance."
About Netwrix
Netwrix champions cybersecurity to ensure a brighter digital future for any organization. Netwrix's innovative solutions safeguard data, identities and infrastructure, reducing both the risk and impact of a breach for more than 13,500 organizations across 100+ countries. Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to and recover from attacks.
For more information, visit www.netwrix.com.
Erin Jones
Avista PR for Netwrix
P: 704.664.2170
pr@netwrix.com
Logo - https://mma.prnewswire.com/media/631922/Netwrix_Corporation_Logo.jpg
Share this article