Cybersecurity predictions for 2025: Automation & AI risks

Barracuda Networks has shared its cybersecurity predictions for 2025, signalling significant changes as cyber threats are expected to become more automated and evasive.

According to Barracuda, an increase in attacks on critical infrastructure and cloud services is anticipated, requiring stronger resilience measures. Cybercriminals are likely to exploit vulnerabilities in outdated systems and supply chains, emphasizing the necessity for more adaptive security frameworks. This mirrors the growing need for organisations to bolster their defences against increasingly sophisticated and targeted cyber threats.

Mark Lukie, Director of Solution Architects for APAC, shared his observations on the evolving cyber threat landscape.

"Cybercriminals' rapid integration of generative AI made social engineering attacks more convincing and phishing campaigns more widespread. We also saw an increase in email attacks using newer techniques such as QR codes," Lukie stated.

Highlighting another concerning trend, Matt Caffrey, Senior Solutions Architect for ANZ, noted, "The continued success of ransomware attacks, despite increased awareness and defenses, was a major surprise in 2024. The topic has been elevated to the mainstream media. Attackers have evolved their tactics, focusing on double extortion by threatening to leak sensitive data, as we saw with larger companies within ANZ. Even with improved defenses, the persistence of this threat shows that organizations are still struggling to balance prevention, detection, and recovery."

As 2025 approaches, concerns are mounting among customers and partners regarding fragmented visibility across various threat vectors.

Lukie explained, "Many are concerned about fragmented visibility across various threat vectors, making detecting and responding to complex attacks challenging. As threats span email, network, and endpoint layers, customers see XDR (extended detection and response) as essential for unifying security insights and enhancing detection accuracy. With XDR, they aim to achieve centralised, real-time visibility and rapid response across diverse attack surfaces, helping to address evolving threats more effectively."

Caffrey also highlighted the significant concern about the protection of sensitive data as reliance on cloud-based services increases.

"The biggest concern remains the protection of sensitive data, especially as businesses increasingly rely on cloud-based services. These concerns are centered around ransomware events. Customers are worried about how to effectively manage their security posture across different environments while ensuring compliance with stricter data privacy," Caffrey commented.

Looking ahead to 2025, Lukie projected continued advancements in cyber threats, "Cyberthreats will become more automated and evasive, leveraging AI to bypass traditional defenses. Attacks on critical infrastructure and cloud services will likely increase, demanding more robust resilience measures."

Furthermore, Caffrey expects that targeted attacks will pose significant risks. He stated, "In 2025, we can expect a rise in targeted attacks on critical infrastructure and small-to-medium enterprises, which often lack the robust security resources of larger organizations. Cybercriminals will likely continue exploiting vulnerabilities in outdated systems and supply chains, making it crucial for companies to invest in stronger, more adaptive security frameworks."