In recent years, cybersecurity has become an increasingly relevant topic for organizations, especially given the significant increase in cyberattacks. This year, the challenge will be even more complex, with criminals using Artificial Intelligence on multiple fronts – as well as the growing complexity of digital systems and the sophistication of the techniques employed by cybercriminals.
Defensive strategies will need to evolve to address new challenges, such as the significant increase in the exfiltration of valid credentials and the exploitation of misconfigurations in cloud environments. Within this perspective, we have listed the main threats that should keep CISOs awake at night in 2025:
Valid credentials will be the primary focus.
The 2024 IBM Threat Intelligence Index indicated a 71% increase in attacks targeting the exfiltration of valid credentials. In the services sector, at least 46% of incidents involved valid accounts, while in the manufacturing sector this number was 31%.
For the first time in 2024, exploitation of valid accounts became the most common entry point into the system, accounting for 30% of all incidents. This shows that it is easier for cybercriminals to steal credentials than to exploit vulnerabilities or rely solely on phishing attacks.
Incorrect cloud configuration is the Achilles' heel of companies.
With so many companies using the cloud environment, it's natural that the complexity of managing that environment will only increase, as will the challenges – and the difficulty in finding specialized personnel. Some of the most frequent reasons for data breaches in the cloud are related to incorrect cloud environment configurations: missing access controls, unprotected storage buckets, or inefficient implementation of security policies.
The benefits of cloud computing need to be balanced by close monitoring and secure configurations to prevent the exposure of sensitive data. This requires an organization-wide cloud security strategy: continuous auditing, proper identity and access management, and automation of tools and processes to detect misconfigurations before they become security incidents.
Criminals will use multiple attack techniques.
The days when attacks targeted a single product or vulnerability are gone. This year, one of the most alarming trends in cybersecurity will be the increasing use of multi-vector attacks and multi-stage approaches.
Cybercriminals use a combination of tactics, techniques, and procedures (TTPs), targeting multiple areas simultaneously to breach defenses. There will also be an increase in the sophistication and evasion of web-based attacks, file-based attacks, DNS-based attacks, and ransomware attacks, making it more difficult for traditional, isolated security tools to effectively defend against modern threats.
AI-generated ransomware will increase threats exponentially.
In 2024, the ransomware landscape underwent a profound transformation, characterized by increasingly sophisticated and aggressive cyber extortion strategies. Criminals evolved beyond traditional crypto-based attacks, pioneering double and triple extortion techniques that exponentially increase the pressure on targeted organizations. These advanced approaches involve not only encrypting data but also strategically exfiltrating confidential information and threatening its public disclosure, forcing victims to consider ransom payments to avoid potential legal and reputational damage.
The emergence of Ransomware-as-a-Service (RaaS) platforms has democratized cybercrime, allowing less technically skilled criminals to launch complex attacks with minimal knowledge. Critically, these attacks are increasingly targeting high-value sectors such as healthcare, critical infrastructure, and financial services, demonstrating a strategic approach to maximizing potential ransom returns.
Technological innovation further amplifies these threats. Cybercriminals are now leveraging AI to automate campaign creation, identify system vulnerabilities more efficiently, and optimize ransomware delivery. The integration of high-throughput blockchain technologies and the exploitation of decentralized finance (DeFi) platforms provide additional mechanisms for rapid fund movement and transaction obfuscation, presenting significant challenges for tracking and intervention by authorities.
AI-generated phishing attacks will be a problem.
The use of generative AI in creating phishing attacks by cybercriminals is making phishing emails virtually indistinguishable from legitimate messages. Last year, according to information from Palo Alto Networks, there was a 30% increase in successful phishing attempts when emails are written or rewritten by generative AI systems. Humans will become even less reliable as a last line of defense, and companies will rely on advanced, AI-powered security protections to defend against these sophisticated attacks.
Quantum computing will create a security challenge.
Last October, Chinese researchers said they had used a quantum computer to break RSA encryption – an asymmetric encryption method widely used today. The scientists used a 50-bit key – which is small compared to the most modern encryption keys, usually 1024 to 2048 bits.
In theory, a quantum computer could take only a few seconds to solve a problem that conventional computers would take millions of years to solve, because quantum machines can process calculations in parallel, not just sequentially as is currently the case. Although quantum-based attacks are still a few years away, organizations should start preparing now. They need to transition to encryption methods that can withstand quantum decryption to protect their most valuable data.
