Protection matters

Future Trends in Cybersecurity: Preparing for 2025 and Beyond

4 Minutes reading

The cybersecurity landscape is evolving faster than ever, driven by advances in technology and increasingly sophisticated cybercriminal tactics. As we look ahead to 2025, ESET´s CTO, Juraj Malcho, highlights some critical trends that will shape the industry and outlines how organizations can improve their cyber defense.

Key Cybersecurity Trends to Watch in 2025 

AI-Driven Threats

AI tools allow cybercriminals to generate convincing phishing campaigns, impersonations, and disinformation at scale. We anticipate a surge in more credible looking AI-generated scams driven by open-source AI models. More vulnerable social media users will become targets of disinformation campaigns and manipulation to become their online amplifiers.  

Ransomware and EDR Killers

RansomHub surged as the leader of the Ransomware as a Service (RaaS) market in 2024, and it will most likely remain dominant for the next year. In this highly competitive environment cybercriminals will continue to improve their EDR Killers, making them more sophisticated and more difficult to detect.

Mobile Scams and Malware

In 2025, we expect an increase of attacks against iOS through Progressive Web Apps (PWAs) and WebAPKs, which bypass traditional app store security. The Flutter software development kit (SDK) adoption among threat actors is expected to grow, leveraging its multiplatform capabilities for malware distribution. 

Cloud Security Challenges

The continuous shift to cloud-based infrastructures introduces risks like misconfigurations, insecure APIs, and insider threats. To mitigate these, businesses should focus on encryption, DDoS protection, secure API management, and rigorous monitoring of cloud configurations while ensuring compliance with regulations like GDPR and HIPAA.

Compliance and NIS2

Compliance with the new NIS2 Directive will remain a key topic for 2025. Stricter security measures governed by NIS2 could drive cybercriminals to focus on organizations not subject to the Directive but also increase the risk of extortion for ones unable to meet the new mandatory standards.

While micro and small companies are mostly exempted, larger enterprises in selected critical sectors may demand support from their suppliers, including smaller companies, to meet reporting obligations in case of an cyber incident. Suppliers and vendors of all sizes thus have to be prepared or risk being excluded from future consideration.

The road to 2025 is paved with challenges, but with the right strategy and a commitment to innovation, organizations can stay ahead of the curve.

Protecting SMBs from data breaches

One of the challenges is protecting data, as the volume of data is growing, and so are the risks. Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals, and your data—whether it's customer information, financial records, or proprietary business insights—can be a prime target.

Why does it matter? Cyberattacks against SMBs are on the rise, and many businesses believe they’re too small to be a target. Unfortunately, that’s not the case. Cybercriminals are using sophisticated tools to exploit vulnerabilities in everything from your website to your email systems. And if your data is compromised, the costs can be devastating - not just financially, but to your reputation and trust with customers.

What can you do? Start the year right by prioritizing your cybersecurity.

Here are a few simple steps to protect your business and your data:

  • Encrypt sensitive information to ensure it stays safe, even if breached.
  • Train your team to recognize phishing attempts and other common scams.
  • Regularly update your software and systems to patch vulnerabilities.
  • Back up your data so you're ready for any potential disaster.
  • Implement multi-factor authentication (MFA) for extra protection on critical accounts.

Juraj Malcho, CTO at ESET, emphasizes the importance of adopting a prevention-first mindset to tackle emerging threats. He urges businesses to act now by implementing proactive measures such as reliable AI-driven security tools, stronger encryption, enhanced identity management systems, and continuously raising cybersecurity awareness among employees.