Since we are coming to the close of 2024, we asked GraVoc’s Director of IT Assurance & Security Research, Michael Kannan, about his cybersecurity threat predictions for 2025.

2024 saw the boom of game-changing technologies like Gen AI platforms. These innovations have significantly expanded the scope of what we can achieve with technology. But, they have also introduced new vulnerabilities and opened the door to more nuanced cyberattacks. As more businesses embrace cloud computing and AI, the threat landscape will continue to evolve in 2025. Staying on top of these emerging security threats will allow your business to proactively strengthen defenses.

Drawing from his years of experience in cybersecurity and research, Mike shares his top cybersecurity predictions for 2025.

audit icon

top cybersecurity threat predictions for 2025.

AI will empower cybercriminals and security experts alike

AI is a double-edged sword for cybersecurity. As Gen AI became more mainstream in 2024, many cybersecurity professionals leveraged this technology to support threat detection, penetration testing, and security awareness training. However, Gen AI tools have also found a place in hackers’ arsenal.

Gen AI’s ability to produce human-like content has lowered the barrier to entry, allowing hackers to carry out more sophisticated phishing and deepfake attacks. Hackers can use these tools to create very convincing images, videos, and text to manipulate individuals into sharing sensitive data or to conduct financial fraud. For instance, in 2024, an employee at a multinational company was tricked into paying $25 million to cybercriminals after he joined a video conference call with deepfake creations of the CFO and other staff members.

In 2025, cybercriminals will continue to use AI to carry out more personalized and nuanced attacks that can bypass traditional security measures or lead to human error. As cyber threats become more sophisticated with AI, businesses will also have to leverage more automated and advanced security protocols to stay ahead of cybercriminals.

Increase in cloud ransomware attacks

The pandemic pushed more businesses to adopt cloud computing, and since then, its usage has only grown, with leading players like Amazon and Microsoft making these solutions more accessible.

As more businesses store sensitive or mission-critical data in the cloud, hackers will look to exploit vulnerabilities to carry out cloud ransomware attacks in 2025. In such ransomware attacks, hackers often leverage vulnerabilities or misconfigurations in cloud-based storage applications to encrypt or delete data from the target’s environment and then demand a payment to restore access to these files. 2024 saw many attacks on the cloud, including one affecting leading telecom company, AT&T. Hackers leveraged unsecured Snowflake cloud storage accounts to steal the call records of tens of millions of AT&T customers, resulting in a payment of $300,000.

To help mitigate these risks, businesses can take certain steps, including implementing multi-factor authentication for access management, enhancing threat detection and response strategies, and regularly auditing cloud applications to catch vulnerabilities.

Rise in crypto scams

President-elect Donald Trump has promised to make the United States the “crypto capital of the planet,” fueling enthusiasm that the incoming administration will be more friendly to the industry and support greater deregulation.

As the environment for cryptocurrencies becomes more favorable and public interest continues to spike, it is likely to draw the more attention from hackers looking to defraud businesses. Hackers already have reasons to love cryptocurrency, including ease of transfer, lack of centralized authority to oversee transactions, and some level of anonymity. Through email phishing, deepfakes, and other tactics, hackers may manipulate individuals into making crypto payments. They may also run investment scams, trying to lure people with fraudulent schemes.

Businesses looking to avoid crypto scams in 2025 should stay informed and follow best practices to make secure investments. Security awareness training is also key to ensure employees are vigilant and trained to spot red flags of a crypto scam.

Attacks on critical infrastructure

In 2025, there could be an increase of attacks on critical infrastructure, such as attacks on electrical grid as computing power is getting faster and assisting people with the use of AI.

In fact, in its threat assessment report for 2025, the U.S. Department of Homeland Security also acknowledged that domestic and foreign adversaries will continue to threaten the integrity of the country’s critical infrastructure. These attacks are often designed to disrupt services or conduct espionage.

Attacks on critical infrastructure sectors like energy, telecommunications, transportation, and healthcare, can have far-ranging effects on our industries and society. So, its essential that organizations harden their defenses by implementing network segmentation and maintaining secure backups of mission-critical data, among other measures.

Cloud

strengthen your defenses against emerging cybersecurity threats in 2025

Our team of certified and highly trained cybersecurity professionals can design, test, and validate your business’ security programs. We also provide expert risk assessment, IT audit, and penetration testing services to find and remediate vulnerabilities in your IT and cloud infrastructure. Leverage our team’s long-standing expertise to enhance your business’ cyber defenses and overall security posture.

Click below to explore our information security services or contact us today to get started!

Related articles