Cybersecurity for 2025 and Beyond
Explore key cybersecurity predictions for 2025 and beyond to stay informed and prepared for emerging threats and trends. Two years ago, I wrote a Blog on cybersecurity trends for 2023, and then last year I did another one for 2024. Well, let’s dust off the crystal ball and take a look and see what I’m seeing for 2025 and beyond.
But before we do that, let’s take a quick look at what I predicted last year and see if it came true. That way, you can decide whether you want to believe this post profit. So how did I do on last year’s predictions?
Adoption of Passkeys Over Passwords
The first one was about the adoption of passkeys over passwords moving from passwords to doing this more sophisticated, security-conscious passkey technology from Pho. Passkeys, we found, there was a password management company Cybersecurity that particularly pointed out that they saw 4.2 million passkeys saved in their software over the last year. That’s a big improvement, a big uptick.
They found that one in three users are now storing passkeys and hopefully using them as well, and that they saw twice as many companies (in other words, websites) accepting passkeys as an option. So, I would say that’s a big improvement in Cybersecurity. That one came true, and I expect to see that one continue even more as we go forward.
AI phishing
The next prediction had to do with AI phishing. We’ve seen this occur. There was an email security company that said they are now seeing these perfectly crafted and legitimate-sounding phishing emails that look better than anything we’ve seen before.
These things are highly personalized. We could use information that’s available on the web to make them even more personalized more targeted about Cybersecurity, and therefore more believable. And that whole business of looking for grammar errors and spelling errors in phishing emails is slowly going away because generative AI doesn’t make that mistake.
So, we’re seeing and have already seen that AI is improving phishing attacks. Now we need to do something about the defense as well.
Hallucinations generative AI
Sometimes it’s not well grounded in the truth. Sometimes it does amazing stuff, but just to give you an example, I did this one recently. A friend of mine, who is a runner, was quoting to me what her time was on a run that she did recently, and she’s not from the U.S. so she quoted me her time as 5:45 pace per kilometer.
I thought, well, I don’t think in kilometers, so I need to convert that into a per-mile pace. And so I went to a chatbot (a very popular chatbot) and asked it, “What does that convert to, 5:45 per kilometer, what is that pace in miles if someone was running it?” And you know what it said? It said it was a 3:43—congratulations to her, she would have broken the world record by more than 10 seconds if that had been the case.
It wasn’t true. I went to the chatbot and said, “That’s not right.” That’s all I said, and it said, “Oh yeah, well let me correct my numbers.” That would have come out to a 9:19 per mile. Well, that’s a big difference. That’s not a world record; that’s respectable, not a world record. So all I did was just prompt it and say, “Tell me again, try again,” and then all of a sudden, it got it right. So we’re still having hallucination problems. It’s getting better, but it’s not solved yet.
Secure AI
The last prediction I made had to do with the use of cybersecurity needed to Secure AI. In other words, companies are going to be deploying AI, and they’re going to be wondering, “How can I use cybersecurity technologies to make sure those deployments can’t be attacked, that they’re robust?” That has turned out to be the number one question I get when I’m out meeting with clients.
This is the reason, for the most part, they’re bringing me in to have conversations. I talk about Cybersecurity and a lot of other things, but this is the number one concern for all the clients I’ve seen virtually in the last year: “How am I going to secure my AI deployment?” Now, I think there’s also this other part of what I predicted, and we’re seeing this happen also and that is how can we use AI to do a better job of cybersecurity? Well, one of the things is we could use this to create essentially an online Q&A-type chatbot.
Shadow AI
I’m going to start with some of the things where it necessarily will not be helping us, and that’s, first of all, a prediction about Shadow AI. That is, this stuff is so good, and everyone’s going to want to do it, and everyone is going to do it, and not all of those AI deployments will be authorized, will be the ones that are approved by the organization.
So we could have, for instance, in some places, somebody goes into a cloud instance, pulls down a model, and just starts running away. And that shadow AI could present a problem for the organization. Other examples on mobile phones so people are using AI, it’s being built into mobile phone operating systems, and we’re going to see more and more of that.
If that’s not handled well, it could be a source of data leakage. It could be a source of misinformation. So that’s this kind of sort of unapproved Shadow AI that’s going to represent a particular problem for us, and I expect to see that grow as we go into the future.
Deepfakes AI: What’s happening in that case?
It turns out that almost two months after I recorded last year’s video, there was an attack where a deep fake was able to emulate and impersonate the CFO (Chief Financial Officer) of a company and convinced an employee to wire $25 million out of that company into the attacker’s account all using a deepfake in a video call.
So the employee thought for sure they were talking to the CFO and therefore following those instructions. It was a deepfake an AI-generated impersonation of the actual person and they lost $25 million in that particular case. We also saw another example in the U.S. during the presidential election run-up in the early part of 2024, just a few months after I made this prediction about deepfakes.
In the New Hampshire primary for the Democratic primary, there was a deepfake robocall of Joe Biden’s voice calling people and telling them they didn’t need to vote in the primary; they could just save their vote for the general election. So these things have occurred, and they started occurring almost instantly after I referred to them as a prediction.
What else? Deepfakes
I mentioned that one before, and that one’s not going away. Deepfake technology is only going to get better, and there are going to be implications for business and Cybersecurity. I gave an example of that where an organization was swindled out of or convinced to send $25 million.
There was another case from Cybersecurity Predictions a few years ago where $35 million was sent as a result of a deepfake call just an audio call and someone followed those instructions. So it’s going to affect business; it’s going to affect governments as someone puts out a deepfake of a head of state or something like that.
Then, if we don’t have reliable sources for that, people are going to see those messages, and some portion of the people will believe it because some portion of the people will believe anything.
Retrieval-augmented generation (RAG) technology
So in other words, if we had a chatbot that didn’t hallucinate, that was grounded in the facts, and we could do that with something like retrieval-augmented generation (RAG) technology and things like that, it could do a better job of answering questions for a cybersecurity analyst. Just go in and ask it questions in natural language and get responses back. We’re starting to see that technology makes its way to the market.
Future of Cybersecurity and AI
Now, enough of living in the past, old man. Let’s get rid of Cybersecurity Predictions. And now we’re going to take a look at 2025 and beyond. I don’t know exactly which year all of these things will happen, so we’re just looking toward the future in general. And even though they say history repeats itself, actually, Mark Twain said it doesn’t repeat itself, but it often rhymes.
So we’re going to see some of the same trends that we saw before that will continue, maybe in a little bit different form. Not surprisingly, AI is going to be a big part of everything that happens in technology, and Cybersecurity Predictions are no different in that regard. We’re going to see it give us some pluses and some minuses, some pros and cons, some things where it’ll help us, and some things where it won’t help us.