Experts predict AI-driven cyber threats & defences by 2025

Cybersecurity experts from BlueVoyant and KnowBe4 have outlined their predictions for the year 2025, highlighting trends and approaches that organisations should consider to bolster their defences against evolving cyber threats.

Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant, identified several key developments in the cybersecurity landscape during 2024. She noted an increase in the creativity and sophistication of cyber threat actors using Artificial Intelligence (AI) in activities such as phishing attacks, social engineering, and automated malware creation. "Cyber threat actors continue to use Deepfakes in social media or low-level scams. I would not underestimate this tool," Janssen-Anessi stated.

Janssen-Anessi discussed a continued shortage of skilled cybersecurity professionals, which may drive organisations towards increased automation and AI to fill gaps in threat monitoring and response. This shift could potentially reshape the industry's workforce dynamics.

She highlighted the downward trend in ransomware as a positive development for 2024, attributing this to organisations adopting more proactive security measures. "This decrease could also be attributed to overall awareness, and improved incident response programs," she said.

Janssen-Anessi also predicted significant changes in the regulatory landscape, anticipating more aggressive enforcement and harmonisation of standards internationally. "In 2025, the landscape of compliance and regulatory oversight in cybersecurity could shift significantly," she noted.

Austin Berglas, Global Head of Professional Services at BlueVoyant, warned of the risks associated with over-reliance on AI as companies look to reduce personnel and costs. "Dependence on AI could lead to a reduction in human oversight, increasing the likelihood of errors and biases in automated systems," Berglas explained.

He also highlighted the increasing sophistication of phishing campaigns, enabled by advances in AI and deepfake technologies. "Deepfake technology... further increases this threat by allowing attackers to impersonate trusted individuals with eye-opening accuracy," he stated.

Discussing risks to critical infrastructure, Berglas pointed to the increased digitisation and connectivity of systems, which make them vulnerable to cyber threats. He referenced recent activities by groups like Volt Typhoon as examples of sophisticated threats.

Stu Sjouwerman, CEO of KnowBe4, echoed concerns about AI, discussing its dual role in enhancing both cyber attacks and defences. "Sophisticated AI-powered tools that detect and respond to threats more efficiently are being developed," Sjouwerman said. He also noted the potential for AI-powered social engineering to make attacks harder to recognise.

Sjouwerman highlighted the persistent threat of ransomware and the importance of focusing on human factors in cybersecurity. "Organisations will continue to recognise the importance of frequent security awareness training," he emphasized.

He predicted improvements in deepfake detection technologies and the wider adoption of a zero-trust mindset and cyber-mindfulness. "This mindset shift will be another crucial step in mitigating internal risks," he stated.

Sjouwerman concluded by stressing the importance of the human element in cybersecurity, noting, "One of the best forms of defence remains cultivating a robust security culture."