The cyber landscape is more turbulent than ever. Microsoft recently reported a 2.75x increase in ransomware attempts this year, while research predicts that global cyber attacks will increase by 105% in 2024 compared to 2020.

There is a great need for more qualified cyber professionals as generative AI lowers the barrier of entry for attacks. Unfortunately, cyber skills gaps have been reported in both the UK and Australia, with women making up only a quarter of the industry.

But how will we roll into next year? TechRepublic asked cyber experts to predict the top trends impacting the security field in 2025.

SEE: Number of active ransomware groups highest on record

1. Renewed focus on third-party risk management, including the AI ​​software supply chain

This year, headlines were dominated by the CrowdStrike incident, which disabled around 8.5 million Windows devices worldwide and caused major disruption to emergency services, airports, law enforcement and other critical organizations.

SEE: What is CrowdStrike? Everything you need to know

However, this is far from the first instance of a supply chain attack being put on the public’s radar; the MOVEit attacks of last year may also be fresh in the mind. Because of the prevalence of these incidents, Forrester analysts predict that governments will prohibits certain third-party software in 2025.

Additionally, more companies are using Generative AI to code new software, which can open it up to vulnerabilities. AI-generated code has been known to cause outages, and security leaders are even considering banning the use of the technology in software development.

For managers, this all illustrates how essential third-party risk management is to operations, leading to a new focus in 2025.

Max Shier, the chief information security officer at cyber consulting firm Optiv, told TechRepublic in an email: “Third-party risk management, supply chain risk management, and increased oversight and regulatory requirements will drive the need for companies to focus on and mature their governance ., risk and compliance programs.”

Jacob Kalvo, the CEO of proxy provider Live Proxies, added: “In 2025, it is expected that organizations will likely shift to proactive ways of assessing and monitoring supply chains. It can use zero-trust architectures that will authenticate at stages of access, where the companies deal with external partners.

“This shift toward increased supply chain scrutiny indicates a broader trend to bring cybersecurity into general enterprise-wide risk management.”

AI software is one of the weakest links in the software supply chain

As businesses race to capitalize on generative AI solutions, the speed of their adoption has led to certain areas of oversight when it comes to security. A study by HackerOne found that 48% of security professionals believe that AI poses the greatest security risk to their organization.

Cache Merrill, founder of software development company Zibtek, told TechRepublic via email: “As AI tools increasingly integrate into software development, we expect attackers to target the software supply chain’s weakest AI-driven components. The focus will no longer be solely on investigating third-party code, but investigating AI models that may have inadvertently introduced security gaps through data poisoning or bias exploitation.

“By 2025, supply chain security will require a whole new layer of vigilance, where even the datasets and AI models fed into our applications are analyzed for adversarial tampering. A secure supply chain is not just about code, but about secure and compile verifiable AI training resources.”

Paul Caiazzo, VP of security services at Quorum Cyber, told TechRepublic that attackers can specifically target weaker AI tools to exfiltrate sensitive data. “CISOs will struggle to secure them due to a lack of AI skills and tools,” he added.

2. Macs will be more targeted by cybercriminals

Experts say that in the next year, Macs will become even more of a target for cybercriminals. Kseniia Yamburh, malware research engineer at Moonlock, the security division of MacPaw, told TechRepublic via email: “Once considered more secure, macOS now faces increasing threats, particularly from stealth malware designed to target sensitive collect data.

“Our research at Moonlock shows a notable rise in macOS-targeted stealth malware, with 2024 seeing 3.4 times more unique samples than 2023.”

SEE: Threat actors are increasingly targeting macOS, report finds

The number of macOS vulnerabilities exploited increased by more than 30% in 2023, with attackers info stealers, fake PDFs, fake mac apps, legitimate Microsoft applicationsand other new techniques to breach the operating system this year. In November were several malicious macOS applications linked to North Korea.

The growing interest in Apple devices may be due to their increasing prevalence in organizations and increased competition among cybercriminals in the Windows landscape.

3. Identity to move to the jurisdiction of security teams

Security experts predict that responsibility for identity and access management within companies will shift from IT departments to security teams in 2025. Sagie Dulce, VP of research at segmentation firm Zero Networks, said identity-based attacks are the leading cause of breaches, and that’s not going to change. As these attacks escalate, security personnel are needed to eliminate potential entry points.

Dulce told TechRepublic, “This isn’t new, but is a growing trend as more identities belong to services and applications—they’re harder to manage and control. Most organizations are currently blind to their exposure from service accounts, privileged identities, spreading secrets, third-party access, and more.

“These identities are often the lowest hanging fruit in organizations and attackers know it. As many web applications continue to be exposed to the Internet, gaining initial access via compromised credentials to a web application remains the main attack vector used to gain initial access.”

4. Cyber ​​regulations will divide countries

Global cyber regulations are becoming stricter – especially with the increase in nation-state cyber attacks. As a result, legislation will focus on geopolitics and national security interests.

Vishal Gupta, CEO of security software provider Seclore, told TechRepublic in an email: “In the coming year, long raging wars and general geopolitical tensions will drive the bulk of regulations. Countries and groups of countries will create regulations to protect their own interests over perceived enemies and will prevent the wide spread of supply chains.

“This is already clear in the CHIPS Act and more recent (Export Control Act) interpretations. ‘Country about cooperation’ may very well be the theme of these regulations.”

Douglas McKee, executive director of threat research at security firm SonicWall, added that it will become increasingly difficult to trace the origin of attacks because “the line between government and criminal activity will continue to blur.”

SEE: Tenable: Cybersecurity pros need to worry about state-sponsored cyberattacks

Consequently, decision-makers should strengthen international cooperation rather than create more division. McKee told TechRepublic in an email, “Governments and private organizations must adapt to this evolving threat landscape, focusing more on proactive intelligence sharing and threat hunting to disrupt collaborative efforts before they impact critical sectors.”

Critical national infrastructure will fall behind in compliance

Critical national infrastructure, such as transportation, telecommunications companies and data centers, is a key target for attackers because it can lead to widespread disruption. A recent report from Malwarebytes found that the services industry is the worst affected by ransomware, accounting for nearly a quarter of global attacks.

SEE: 80% of Critical National Infrastructure Companies Experienced an Email Security Breach Last Year

According to Christian Borst, EMEA CTO at security firm Vectra AI, attacks on CNI will increase in 2025, in part because these firms are not keeping up with regulations. These include NIS2, which aims to establish a consistent, minimum cybersecurity baseline across all EU member states.

Borst told TechRepublic in an email, “Regulators aren’t asking the world, but CNI firms are already struggling to meet the timelines set out by regulators and get their houses in order as we already have EU- member states see what is lagging behind with NIS2 implementation.

“Threat actors will be keenly aware of compliance issues, so will concentrate efforts on targeting critical infrastructure before closing the security gaps.”

5. Target specific employees via social media and AI

At the beginning of the year, a financial worker in Hong Kong paid out $25 million to hackers which used AI and publicly available video content to impersonate the chief financial officer. The hackers imitated the CEO’s voice during phone calls to authorize the transfer.

Experts predict that this behavior will continue until 2025. According to Garner, AI-enhanced malicious attacks were the biggest emerging business risk during the year’s first three quarters.

The number of business email attacks detected by security firm Vipre in the second quarter was 20% higher than the same period in 2023, and two-fifths of that was generated by AI. The top targets were CEOs, followed by HR and IT staff.

Darius Belejevas, head of data privacy platform Incogni, told TechRepublic: “An ever-increasing number of data breaches are now the result of criminals actively targeting specific employees, in some cases armed with personal information they’ve managed to transfer to obtain that individual. Unfortunately, not enough people realize that they are being targeted because of where they work.”