A chat with the experts: Cybersecurity trends and predictions for 2025

We had a chat with our own security experts here at Aftra, along with a couple of our trusted partners, to gain a better understanding into how cybercrime and security is evolving along with their predictions for 2025. From these conversations, we identified some clear trends: phishing will remain the dominating attack vector, ransomware will continue to escalate, and both will be driven by the use of AI. 

In the world of cybercrime, data is as valuable as currency, making its protection as critical as safeguarding your money in a bank. As a result, regulatory frameworks are rising to the occasion to reflect the current landscape, driving organizations and leadership to prioritize cybersecurity. To stay ahead in 2025, organizations must adopt a proactive approach by anticipating cybersecurity trends and outpacing hackers in order to ensure their sensitive data remains secure.

Without further ado, here are a few cybersecurity predictions and expert tips to help you prepare for the year ahead:

Increased regulatory pressures will drive changes to cybersecurity leadership roles

“With new legislation executives are more legally exposed when it comes to cybersecurity. This will push companies to seek better legal protection for them in the form of liability insurance.” -Björn Orri Guðmundsson, CEO at Aftra

We're seeing increasing regulatory pressures brought by frameworks like NIS2, DORA, and GDPR. These impose significant liability on executives, especially those in cybersecurity roles. Björn predicts that the increased legal risk of personal liability will push executives to demand higher salaries and increased protection.

This increased protection will come in 2 forms. First, through insurance and an increase in salaries, and second, by shifting away from permanent roles in favor of consulting positions (for example: CISO for hire).

Here’s how he predicts the regulatory pressures to change cybersecurity roles and the tools they use:

Higher salaries for cyber executives: Increased personal liability will drive salary inflation for cybersecurity executives willing to assume high-risk roles.

Growth in D&O (Directors and Officers Liability) Insurance: Specialized insurance products for executives in cybersecurity and compliance will expand rapidly.

Boost in cybersecurity consulting and interim roles: Executives will increasingly shift to consulting to reduce personal risk while commanding higher compensation for short-term engagements.

Demand for KPI-Driven cybersecurity tools: Interim executives and consultants will adopt tools like Aftra to communicate cybersecurity performance and manage regulatory exposure efficiently, helping them demonstrate value and security compliance to board members and stakeholders.

Phishing is here to stay

“Hackers are very creative, they’re always finding new ways to break in, that’s why you need a multi-faceted approach. It’s like playing a game of cat and mouse.” –Bára Hlynsdóttir, Director of SOC at Syndis

According to Bára, most of the attacks they see in their Security Operations team at Syndis are those trying to get to the user predominately through phishing attacks and user credential thefts. She emphasizes that as a new trend arises, for example two-factor authentication (2FA), hackers always find new ways to bypass it. 

What can organizations do to combat attacks?

Implement security operations that can detect and respond to irregularities in real-time

In her team they work closely with the pen-testers, for example. When the testers find new ways to break into a system, then they can build that into their tools so that all customers benefit from it—increasing security for every one.

She adds that it’s difficult for the majority of companies to have environments that are 100% secure. “It’s like having endless windows and doors in your house that you need to shut and lock”. But it doesn’t really matter if you haven’t thought of everything, as long as you have a way to detect and monitor irregularities in real-time so you can identify if they’re a threat and respond to them if they are.

“Luckily, cybercriminals are lazy”. When you stop them, they usually don’t keep trying. They move onto someone else. 

The best security strategy is one that comes from many directions.

Using a combination of security operations (either in house or external), penetration testing, and a dynamic vulnerability scanning tool is a good trifecta. 

Learn to recognize and report potential scams 

People are becoming increasingly more vigilant and aware of these attempts, which is great. But it’s important to remember that if you do click something or think that you might have made a mistake, to report it. It can then be stopped before it becomes a bigger problem.

From a company perspective, it’s also important to make sure that your employees feel comfortable reporting suspicious activity—even if they click something—by adopting a no blame culture. 

Phishing and ransomware are evolving through AI

“Be aware of AI for nefarious purposes. If people know about this, they might be more aware. If you get an e-mail from someone pretending to be your boss, for example, make sure it’s coming from the right domain and always contact that person using another communication method to make sure that they actually sent that e-mail.”–Samúel Arnar Hafsteinsson, Software Developer and Ethical Hacker at Aftra 

Phishing is not only here to stay, it’s also getting increasingly more realistic and hard to spot, meaning that the amount of people fooled by these attacks could increase with it. Deepfake attacks are becoming more common and, with the assistance of AI, it's easier than ever for phishers to imitate people like your boss or a family member. 

We also expect Ransomware to increase through phishing or bribing people to get access to systems. “It’s too simple for the amount of money you can get.” 

Security awareness is key 

Individuals are becoming increasingly more conscious of cybersecurity and the possibility of scams. They still might not be entirely aware, however, of just how realistic these scams are becoming or the extent to which AI can be used to imitate someone—even their voice, or face via video.

Being aware of the possibility means that we can be more vigilant.

Always double-check when you get a request for sensitive information

One way to do this is to double-check through an alternative channel, ideally in person or via a phone call, that the person or company in question genuinely requested information from you.

Possible new attack vectors through AI

“People give AI models access to their whole environments.” – Kristinn Vikar Jónsson, Software Developer and Ethical Hacker at Aftra 

Not only are hackers leveraging AI to create attacks, AI could also introduce an entirely new attack vector. A lot of organizations are adopting AI-driven solutions for a myriad of purposes. The problem is that they “give these models access to their whole environments” without considering security.

The work to integrate these tools has already started, but takes awhile. Once integrations are complete and there’s wide-spread usage of these models, we could see a rise in security vulnerabilities associated with them giving rise to a brand new type of attack vector. 

Use caution when integrating AI models with your IT infrastructure

Granting access to your environments, whether to an individual or a tool, should always be done with a certain level of caution and awareness of the potential risks posed to your organization, its data, and its employees.

AI shouldn’t be used for security… yet

“I’m afraid of people trying to use AI for security and getting bad or simply wrong tips.” –Samúel Arnar Hafsteinsson, Software Developer and Ethical Hacker at Aftra 

Although AI is making it a lot easier for hackers to imitate people, stage ransomware attacks, and generate malware, organizations should be responsible when using it for cybersecurity. Although there’s research in the area of utilizing AI for security, nothing is enterprise-ready just yet. There are models that know how it behaves, but those are made specifically by companies for their own use.

It’s important to be aware that security tips provided by AI tools could be bad or simply incorrect. And using AI to code, if you don’t completely understand it, is very likely to be insecure. In general, a lot of the code on the internet is very poor and using AI to code is even worse than copy/pasting from the internet. AI models just care if it works, not if it’s any good. There hasn’t been AI training to create safe code, at least not yet. 

Encryption schemes need to be updated 

“Current mainstream encryption schemes are believed to be safe – for now. But it’s only a matter of time before they break.” –Samúel Arnar Hafsteinsson, Software Developer and Ethical Hacker at Aftra

We don’t know a lot about the implications of the advances in quantum computing or its applications yet. It’s still all a bit science fiction-like, even to the technically savvy. What we do know is that when, not if, quantum attacks become a reality, they’ll be able to break many of the most widespread encryptions. 

But regardless of quantum computing still being a few years away, “normal” computing and hackers are already catching up with bad encryption practices. We recommend following encryption best practices to reduce the chance of them being broken.

Encryption best practices 

The current standards for secure encryption schemes are AES 512 and Elliptic-curves.

Although very secure today, Elliptic-curves are not quantum secure. If you want to ensure your encryption schemes will be secure in a post-quantum world, we recommend the resources from Cloudflare on this topic. 

It’s not all doom and gloom

As cybercrime rises, so does our ability to combat it. As a result, some threats are decreasing or even becoming obsolete, for example mainstream viruses and memory unsafety. 

“Mainstream viruses are becoming a thing of the past” –Kristinn Vikar Jónsson, Software Developer and Ethical Hacker at Aftra 

Built-in antivirus protection like Windows Defender are becoming very strong. You don’t need extra anti-virus software anymore. Mainstream viruses are becoming a thing of the past. In their place, we’ll see a rise in very specific ransomware viruses. 

“A lot of the security vulnerabilities out there today are memory vulnerabilities. As people switch to memory-safe languages, these vulnerabilities will also decline.”  –Kristinn Vikar Jónsson, Software Developer and Ethical Hacker at Aftra

The US government recommends that people use memory-safe languages to stay secure. We also know that many of the vulnerabilities around today are memory vulnerabilities, for example buffer overflows. As people switch to memory-safe languages, such as Java, these vulnerabilities will go down. 

Update memory-unsafe software systems

It’s important to mention, however, that most software on enterprise systems are currently running on very old and insecure C code. It’ll be important to update those in order to be secure.

Zero Trust should be your 2025 security resolution

“In today’s cybersecurity landscape, trust is no longer an option. The days when we could rely on traditional perimeter security are long gone. Threats are smarter, more persistent, and—let’s be honest—more creative. That’s why adopting a Zero Trust Architecture is no longer just a nice-to-have; it’s a must.” -Ben Bergman, COO at Abero Technologies OY

The best way to combat any type of cyber attack is by adopting a Zero Trust strategy. At its core, Zero Trust means exactly what it sounds like: trust nothing, verify everything. Every access request, whether it’s coming from an employee in the office, someone working remotely, or a device you’ve never seen before, must prove it’s safe. 

“It’s not about being paranoid; it’s about being prepared.”

Ben says that “the beauty of Zero Trust lies in its simplicity—at least conceptually.” You enforce identity verification at every step, check the health and security of devices before they connect, and ensure users only have access to what they need. No broad permissions, no blind trust.

“Zero trust forces us to think proactively rather than reactively. Instead of patching holes after a breach, you’re building a system where those holes never existed in the first place.”

If you’re looking for a place to start with zero trust, Ben recommends focussing on these three areas:

1. Identity Verification: Make multi-factor authentication (MFA) non-negotiable. It’s a small step that makes a big difference.
2. Device Security: Ensure every device connecting to your network is secure, updated, and monitored. Shadow IT? It’s got to go.
3. Least Privilege Access: Give users access to exactly what they need—nothing more, nothing less.

Adopting Zero Trust isn’t an overnight transformation, but every step you take toward it strengthens your defenses. "With the rapid evolution of cyber threats, it’s not about if you’ll face an attack; it’s when. And when that moment comes, you’ll want to be ready."

Cybersecurity is more than a technical challenge

Cybersecurity isn't just a technical challenge—it's about how we think and work together. If we stay aware, follow best practices, and keep up with new threats, it can be a competitive advantage.

Looking ahead, a few things are clear: cybersecurity will need to stay ahead of the threats posed by the advancements in AI, escalating phishing and ransomware threats, and keep up with increased regulatory pressures. These challenges may seem daunting, but they also present opportunities for organizations to reinforce their defenses by adopting innovative strategies and tools.

To stay ahead of cybersecurity, we recommend a dynamic approach that includes prioritizing employee security awareness training, implementing Zero Trust architecture, and utilizing real-time threat detection through advanced security tools and operations.

A secure future belongs to those who prepare for it. 

Learn more at aftra.io.