Cybersecurity in 2025: AI threats & zero trust focus

Yesterday

In the rapidly evolving field of cybersecurity, industry leaders have shared their insights and predictions for 2025, foreseeing a challenging landscape due to increasing sophistication in cyber attacks and geopolitical tensions. As businesses prepare for the coming year, experts stress the need for enhanced vigilance and innovative defence strategies.

Glen Williams, the CEO of Cyberfort, has highlighted a surge in the use of generative AI technology among cyber criminals. Over the past six months, there has been an 80% increase in AI being employed to craft targeted phishing emails, clone identities, and create deepfakes. This trend is expected to advance as machine learning further refines target selection processes, which could be exploited in online marketplaces. Williams notes the rise of clone identities in 2024, suggesting that by 2025, verifying identity authenticity will become increasingly difficult.

Williams also addresses the concept of 'zero trust', a security framework receiving much attention recently. While organisations are developing strategies to implement zero trust, many have only touched the surface, focusing primarily on basic elements without extending them to cloud services. He warns that hidden permissions could become a significant risk as attackers exploit these vulnerabilities.

Meanwhile, Arctic Wolf executives, Nick Shneider and Dan Schiappa, have offered an outlook on how geopolitical tensions may affect Australia and New Zealand (A/NZ). They predict that, as tensions with China escalate, nation-state cyber attacks could target US allies, including A/NZ. Strengthening protections around critical infrastructure such as telecommunications will be crucial.

Schiappa raises concerns about the rise of 'shadow AI', where unsanctioned AI use poses significant risks to corporate security. He emphasises that companies need to manage and control data fed into AI systems, as it could potentially compromise sensitive information. With AI policy implementation becoming a security priority, managing these tools' deployment and risks will be essential.

Shneider foresees a shift within the cybersecurity industry towards 'platformisation'—integrated, comprehensive solutions rather than fragmented products. As security challenges increasingly revolve around data management, platforms that unify multiple security functions will become crucial, simplifying IT management and enhancing security postures.

Camellia Chan, CEO of Flexxon Global, reflects on the implications of a notable cybersecurity incident, the CrowdStrike outage in 2024, which exposed the pitfalls of relying heavily on software-based solutions. Chan advocates for a hybrid defence approach that combines software with hardware-level security. Such an approach, she argues, not only bolsters resilience but also ensures continuous protection even if software systems are compromised.

Hardware-based security, operating independently, could act as a fail-safe against disruptions, making it an essential aspect of a layered defence strategy. Chan anticipates that integrating intelligent hardware into cybersecurity frameworks will emerge as a key trend, enabling organisations to navigate an increasingly intricate threat landscape with autonomy and robustness.

As 2025 approaches, the convergence of advanced technologies and geopolitical factors calls for a proactive and diversified approach to cybersecurity. Industry leaders echo a common sentiment: organisations need to innovate and adapt to handle more sophisticated cyber threats, prioritising resilience and comprehensive security solutions.

Share on: