By Neil Jones, CISSP, Director of Cybersecurity Evangelism at Egnyte
Intersection of AI & Cybersecurity:
Recent reports indicate that nearly 100% of IT leaders consider AI models as crucial for their business success, but only 48% of IT professionals are confident about their ability to execute a strategy for leveraging AI in cybersecurity. In 2025, we can anticipate the knowledge gap to widen, as AI models’ technical capabilities will likely outstrip IT teams’ ability to govern their responsible use.
The gap can be closed by providing technical teams with advanced AI training, adopting company-wide responsible AI usage policies, and encouraging users to access generative AI solutions that are formally blessed by the organization.
Explosion of AI-Powered Malware:
Industry reports show that three-quarters of IT professionals are concerned that AI will be utiized for cyberattacks and other malicious activities. Throughout 2025, we can anticipate an ongoing battle between AI being leveraged by white-hat organizations to quickly remediate their security vulnerabilities and AI being utilized by black-hat attackers to develop more effective attack techniques. AI-powered attack vectors include the following:
- Highly-targeted phishing e-mails that mimic the tone and language of actual senders.
- Social media videos that offer “free trials” of popular- but relatively expensive- software. When users download a “free trial” of the software, they unknowingly download malicious code. .
- Fictitious audio and video messages that direct co-workers to take immediate action, like sending a wire transfer to make an immediate payment or recommending that a junior employee overlook traditional security protocols to accommodate a senior employee’s just-in-time request.
- Malware that continuously “mutates” to adapt to preventative security technology.
Although this battle isn’t easily won, your company can get an advantage against cyberattackers by utilizing the latest issue-detection software, providing user education on a quarterly basis, and implementing effective processes to prioritize IT security threats. To prevent downloads of malicious code, users should always be reminded to follow traditional IT procurement procedures for software access.
One of the best ways to address this issue is by adopting the old-school technique of “dual-control.” For example, if a video message is received by a leader that encourages immediate action, the user performing the action should verify the request’s authenticity using a different communication medium, such as by texting him/her directly.
Ransomware:
Ransomware was a $1 billion+ illicit global business in 2023, and all indications are that ransomware payments will come in at or near the same total in 2024.
We can anticipate the following new developments in 2025:
- Sophisticated ransomware-generated extortion attacks will continue to target larger businesses and government entities, whose data generally contains Personally Identifiable Information (PII) and therefore has higher value. The same organizations’ reputations are more significantly impacted by successful cyberattacks, so they are more likely to make proactive ransom payments to prevent exfiltration of their data.
- Traditional ransomware attacks will continue to target small- and medium-sized businesses that lack ransomware detection and recovery technology.
- Cyber-insurers will continue to scrutinize their insureds’ ransomware protection and data recovery activities closely.
- Total global ransom payments are expected to increase, as ransomware gangs continue to disband and re-form under new affiliations.
The best way to manage the threat of ransomware is by adopting ransomware detection and snapshot recovery technology, and educating your users about the potential dangers of phishing attacks.
Proliferation of Wiper Technology:
If there’s any cybersecurity topic you need to familiarize yourself with in 2025, it’s the increased usage of wiper technology by cyber-criminals. With ransomware, the goal is to encrypt data, and then to collect a ransom to restore the target company’s data. The goal of wipers is to destroy the target company’s data, making incident recovery virtually impossible. As a result, wiper technology has major value in an adversary’s hands, and could potentially be leveraged by malicious insiders and even business competitors who want to gain an illicit market advantage.
Although this technology space is moving quickly, effective Business Continuity & Data Recovery (BCDR) procedures can go a long way in preventing a debilitating wiper attack. In addition, you should consider snapshot recovery solutions that take snapshots of your data environment on a regular basis. Finally, immediate detection of suspicious log-ins into your IT environment can discourage such attacks.