Looking ahead to 2025, the cybersecurity landscape continues to evolve at a breakneck pace as threat actors continue to perfect their craft. They are using artificial intelligence (AI) to create code and more convincing lures (especially in languages that have traditionally been a barrier for entry), automate attacks, and target people with greater precision. At the same time, they are increasingly turning their attention back to us, as individual consumers, using social media and messaging apps as a testing ground before moving to larger organizations.
But it’s not just the attack vectors that are evolving. Organizations are also faced with navigating the complexities of digital identity management, multicloud environments and new data strategies. As data becomes more decentralized, and with new regulations pushing for tighter control over digital identities and sensitive information, ensuring the right tools are in place to secure data across a sprawl of applications and environments is quickly becoming a priority for security teams.
So, what might lie ahead in 2025?
Experts at cybersecurity company Proofpoint peer into their crystal balls to offer their top cybersecurity predictions for the year ahead, shedding light on the trends and technologies that will define the next wave of security challenges and solutions.
Threat Actors Will Exploit AI by Manipulating Private Data
We are witnessing a fascinating convergence in the AI realm, as models become increasingly capable and semi-autonomous AI agents integrate into automated workflows. This evolution opens intriguing possibilities for threat actors to serve their own interests, specifically in terms of how they might manipulate private data used by LLMs (Large Language Models). As AI agents depend increasingly on private data in emails, SaaS document repositories, and similar sources for context, securing these threat vectors will become even more critical.
In 2025, we will start to see initial attempts by threat actors to manipulate private data sources. For example, we may see threat actors purposely trick AI by contaminating private data used by LLMs—such as deliberately manipulating emails or documents with false or misleading information—to confuse AI or make it do something harmful. This development will require heightened vigilance and advanced security measures to ensure that AI isn’t fooled by bad information.
- Daniel Rapp, Chief AI and Data Officer
2025: The Age of “Decision-Making Machines” through AI
Generative AI will move beyond content generation to become the decision-making engine behind countless business processes, from HR to marketing to DevOps. In 2025, AI will become an indispensable developers’ “apprentice”, doing everything from automating bug fixes, to testing and code optimization. The trend towards using AI-assisted development tools will accelerate in the next year, bridge skill gaps, reduce error rates, and help developers keep pace with the faster release cycles of DevOps. AI will also supercharge DevOps by predicting bottlenecks and preemptively suggesting optimizations. This will transform DevOps pipelines into “predictive production lines” and create workflows that fix issues before they impact production.
- Ravi Ithal, Group General Manager, DSPM R&D and Product Management
Under Scrutiny, AI Will Become an Essential Part of How We Do Business
A few years ago, cloud computing, mobile and zero-trust were just the buzzwords of the day, but now they are very much a part of the fabric of how organizations do business. AI technologies, and especially Generative AI, are being scrutinized more from a buyer’s perspective, with many considering them a third-party risk. CISOs are now in the hot seat and must try to get their hands around both the ‘risk vs. reward’ and the materiality of risk when it comes to AI tools. CISOs are asking exactly how employees are using AI to understand where they may be putting sensitive information at risk. As a result, there will be increased scrutiny around how LLMs are powering AI tools. Just like food packaging labels (which first surfaced back in the 60’s and 70’s) tell us what ingredients are used in the creation of a food product, today’s CISOs will increasingly ask, “what’s in this AI tool, and how do we know it’s manufactured and secured correctly?”
- Patrick Joyce, Global Resident Chief Information Security Officer (CISO)
The New Battlefield: Geopolitics Will Shape Cyber Espionage and the Rise of Regional Cyber Powers
2024 has demonstrated that state-aligned cyber espionage operations are deeply intertwined with geopolitical dynamics. In 2025, APT operations will continue mirroring global and regional conflicts. The cyber espionage campaigns preceding these conflicts will not be limited to large nations historically seen as mature cyber actors but will proliferate to a variety of actors focused on regional conflicts seeking the asymmetric advantage cyber provides.
Additionally, state-aligned adversaries will use cyber operations to support other national goals, like spreading propaganda or generating income. Targeted threat actors will likely leverage the continued balkanization of the internet to attempt to deliver their malicious payloads.
- Joshua Miller, Staff Threat Researcher
Consumers Will be Testing Ground for Scamming Operations
In the early stages of fraud in the cyber or digital arena, individual consumers were the target; now, after two decades of evolution of the cybercrime ecosystem, we see ransomware operators “big game hunting” enterprise businesses for tens of millions of dollars.
Over time, layered defenses and security awareness have hardened organizations against many of the everyday threats. As a result, we have seen an uptick in actors once again leaning on individual consumers for their paydays. Pig butchering and sophisticated job scams are two examples that focus on social engineering outside of a corporate environment.
We will see a resurgence in the number of less sophisticated threat actors leveraging alternative communication channels, such as social media and encrypted messaging apps, to focus on fleecing individuals outside of enterprise visibility.
- Selena Larson, Staff Threat Researcher
The “How” of the Threat Actor Landscape is Evolving Faster Than the “What”
The end game for cybercriminals hasn’t evolved much over the past several years; their attacks remain financially motivated, with Business Email Compromise (BEC) designed to drive fraudulent wire transfers or gift card purchases. Ransomware and data extortion attacks still follow an initial compromise by malware or a legitimate remote management tool.
So, while the ultimate goal of making money hasn’t changed, how attacks are conducted to get that money is evolving at a rapid pace. The steps and methods cybercriminals employ to entice a victim to download malware or issue a payment to a bogus “supplier” now involve more advanced and complex tactics and techniques in their attack chain.
Over the past year, financially motivated threat actors have socially engineered e-mail threads with responses from multiple compromised or spoofed accounts, used “ClickFix” techniques to run live Powershell, and abused legitimate services—like Cloudflare —to add complexity and variety to their attack chains.
We predict that the path from the initial click (or response to the first stage payload) will continue to become increasingly targeted and convoluted this year to throw defenders, and especially automated solutions, off their scent.
- Daniel Blackford, Head of Threat Research
Smishing Goes Visual: MMS-Based Cyberattacks Will Flourish in 2025
MMS (Multimedia Messaging Service)-based abuse, consisting of messages that use images and/or graphics to trick mobile device users into providing confidential information or fall for scams, is a burgeoning attack vector that will expand rapidly in 2025. Built on the same foundation as SMS, MMS enables the sending of images, videos, and audio, making it a powerful tool for attackers to craft more engaging and convincing scams. Cybercriminals will embed malicious links within messages containing images or video content to impersonate legitimate businesses or services, luring users into divulging sensitive data. Mobile users are often unaware that they are using MMS, as it blends seamlessly with traditional SMS, creating a perfect storm for exploitation.
- Stuart Jones, Director, Cloudmark Division
The Role of CISO Will Morph
In 2025, we’ll see both the expansion and contraction of the CISO role. Some CISOs will have to take on more responsibility of scope or role, while others may very well see fragmentation. Already a fixture in most boardrooms, many CISOs are now tasked with leading discussions and determining cyber materiality in the executive suite and boardroom, which is an expansion of CISOs’ traditional responsibility. On the contraction side, we’re also increasingly hearing cases of the (already large) CISO role being split or subdivided, with the justification that “it’s too much for one person.” While I don’t believe that this is or will be a broad trend, some are beginning to divide the role between cyber architecture, threat defense and incident response on one side, and cyber governance, risk and compliance (GRC) on the other. If that trend continues, it becomes a bit like a two-headed dragon, and it’s harder to know who is accountable at the end of the day.
- Patrick Joyce, Global Resident Chief Information Security Officer (CISO)
More Consolidated Platforms, Fewer Shiny Point Solutions
The move from fragmented, point solutions towards trusted, best-of-breed platforms will continue to gain momentum in 2025. Budget and talent constraints, coupled with the complexities of managing multiple non-integrated systems, are making consolidation a priority for CISOs. As AI-driven attacks and cloud risks grow, leveraging robust threat and information protection across integrated platforms is becoming paramount; CISOs and CIOs will focus on optimizing their existing vendor assets to not only reduce operational headaches but also enhance security outcomes, providing them with the resilience needed to navigate an increasingly volatile cyber landscape.
- Nate Chessin, SVP, Worldwide Sales Engineering