A look ahead: Experts weigh in on 2025 cybersecurity trends

Radware's security experts already have their sights set on 2025. See what they are predicting about the cybersecurity industry and the threats that organisations can expect to face.
From the growing reliance on threat intelligence, API security and unified security platforms, the evolving role of artificial intelligence and emerging technologies are expected to shape how businesses protect themselves against increasingly sophisticated threats and AI-driven cyberattacks.

With Australia's incoming cyber security laws and its focus on improving operational resilience and reducing the impact of cyber incidents, it is important that organisations of all sorts and sizes stay informed on emerging trends and threats.

AI Will Continue to Increase the Speed at Which Both Countermeasures and Exploits Are Crafted
- Neal Quinn, Head of Cloud Services, Radware
"The proliferation of services that generate code for both countermeasures and exploits will move closer and closer to real-time ingestion. It is unlikely that such systems or services will be allowed to run without a human at the controls in the near future. We have already seen GenAI systems used to create exploits directly from a published CVE in a matter of hours. There is a clear need to improve on the methods used to protect against exploits as they are published. Building systems that allow rapid virtual patching will become a basic best practice."

ISPs Will Face More Sophisticated, AI-Enhanced Cyber Attacks
- Travis Volk, SVP of Global Service Providers, Radware
"In 2025, Internet Service Providers (ISPs) will face an unprecedented rise in AI-driven attacks that are both more sophisticated and harder to detect. AI is driving down the cost of attacks and escalating their speed and impact. For as little as $15, a hacker can buy an AI key on the dark web and launch a large language model assisted attack that can be executed within minutes. Hackers will continue to use advanced AI tools, including multi-vector and phishing tactics, to exploit vulnerabilities in ISP infrastructure with increasing accuracy. These AI-enhanced attacks will simulate legitimate traffic, making them difficult to distinguish from normal user behaviour, even in Zero Trust environments."

More ISPs Will Leave Legacy Systems Behind for Unified, AI-Driven Security Platforms
- Travis Volk, SVP of Global Service Providers, Radware
"Currently, many ISPs rely on disparate sets of legacy security systems from multiple third-party providers, which often result in fragmented protection with significant blind spots. In 2025, to keep up with increasingly complex threats, more ISPs will move towards integrated, AI-driven security platforms that offer comprehensive, real-time protection. These unified platforms will allow ISPs to correlate threat data across various points of their networks, improving response time and detection accuracy."

AI Will Open the Door to Cyber Lawfare and Drive Up the Cost of Doing Business
- Howard Taylor, CISO, Radware
"AI has become a central player in the cybersecurity field, both as a defence tool and as a growing risk. In 2025, look for AI to continue to complicate the legal landscape, sparking 'cyber lawfare' and the increasing business threat of fines, lawsuits, and potential imprisonment. AI applications may unknowingly pull copyrighted material into AI-generated text. Lawfare hunters have tools to identify these breaches and attempt to extract payment from the 'copyright violator.' CEOs and boards should consider this growing regulatory risk as an additional cost of doing business."

Threat Intelligence Will Become Increasingly Important in Deterring Hacktivists
- Pascal Geenens, Director of Threat Intelligence, Radware
"Threat intelligence is crucial in helping organizations gather insights on the threats they are facing and assess the risks so they can prioritise resources and budget to ensure adequate protections. This early warning system will be particularly important in 2025 when it comes to strengthening defences against hacktivist collectives, whose political and religious ideologies have become the driving force behind a surge in malicious cyber campaigns globally. We expect to see these hacktivist-backed threats continue to ramp up in response to ongoing worldwide geopolitical conflicts. Only by being vigilant and taking adequate measures can hacktivist assaults be deterred and will we be able to turn the tide against the rapidly growing threat of hacktivism."

The Sources of Threat Intelligence Will Shift
- Pascal Geenens, Director of Threat Intelligence, Radware
"Intel sources align with the platforms where threat actors spend most of their time—from underground forums and marketplaces to social networks. As platforms evolve and users gravitate to other platforms, threat actors will move with them. For example, as more users move away from X to Mastodon and to Bluesky, activist threat actors will move where they find the most followers.

The trust in underground markets has been negatively impacted by more frequent exit scams. As a result, in the last few years, we have seen a good amount of threat actors gravitate towards Telegram. Threat actors can leverage Telegram to provide services through Telegram bots, transact encrypted currencies, and gather attention and followers by posting on public channels.

Telegram's openness to users and its interesting privacy policy, in which platform owners were not disclosing information to or cooperating with law enforcement, have made it the platform of choice for bad actors of all kinds. The recent arrest of Pavel Durov, CEO of Telegram, by the French authorities will, however, have an impact on the popularity of the platform for illegal use and crimes. As a result of the arrest, the terms of service of Telegram have recently been updated to include the sharing of IP addresses and phone numbers with law enforcement when accounts are involved in criminal activities. Moreover, several countries in Europe started banning Palestinian hacktivist channels because they "violate local laws," making their channels and content inaccessible from within most countries in the EU.

These recent policy changes in and around Telegram will result in crime groups and malicious actors migrating to other platforms in 2025. Where they will go is still unclear, but as authorities and nations clamp down on the content and activities the platform used to allow, threat actors will flee. As migration happens, threat intel sources will have to be updated to follow the bad guys."

API Attacks Will Increase
- Uri Dorot, Senior Solutions Lead, Radware
"Consistent with what we've seen in years past, API attacks are expected to increase in 2025. This is not that surprising given the fact that enterprises are deploying more applications and increasingly relying on third-party services and data. As applications become more interconnected and complex, the number of APIs and their interactions grow, creating more opportunities for attackers to find and exploit vulnerabilities.

The reality is that the API landscape tends to have many more vulnerabilities compared to traditional attack surfaces. Part of this can be explained by the security silos and lack of communication that exist between the SecOps and DevOps teams who integrate, embed, manage, and document the APIs. A shortage of trained security professionals also magnifies the vulnerabilities. Understaffed and under-skilled SOC teams simply lack the knowledge to address the complexities associated with API security.

In addition, understaffed teams are no match for the GenAI tools and sophisticated bots that enable hackers to easily expose API vulnerabilities and develop scripts that can abuse the application's business logic. Because they use legitimate API endpoints and API calls, it is difficult for organisations without advanced tools to catch them. Business logic attacks are not only increasing in numbers, but they are becoming harder to accurately detect and mitigate as bespoke user flows and personalised UX make attack surfaces even more complex and intricate."

The Use of AI Will Improve the Security of APIs
- Uri Dorot, Senior Solutions Lead, Radware
"There are three AI-driven technologies that promise some of the biggest benefits. First, AI-driven protections against business logic attacks can provide continuous learning, mapping, and monitoring of API transactions to help identify and block malicious activities in real-time without disrupting legitimate operations. Second, AI-driven auto context analysis of security policies ensures that only the most reliable policies are applied, significantly enhancing protection accuracy without standing in the way of business. And finally, integrating Gen AI into SOC management not only helps handle the overwhelming amount of traffic and data, and increasingly sophisticated API attacks, but also dramatically improves mean time to resolution by providing rapid on-the-fly root-cause analysis, insights, and recommendations."

Looking ahead in 2025, it is clear that the cybersecurity landscape will be defined by rapid technological advancements and the increasing use of AI by both defenders and attackers. Organisations must adapt to these changes by investing in unified, AI-driven security platforms, enhancing their threat intelligence capabilities, and prioritising the protection of APIs and other interconnected systems. Staying vigilant and proactive will be key to safeguarding critical assets and ensuring business continuity in the new year.