Cybersecurity expert predicts AI & fraud threats for 2025

Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity, shares insights into the evolving landscape of cybersecurity and its challenges for enterprises and small- and medium-sized businesses (SMBs) as well as future developments in artificial intelligence (AI) and fraudster strategies for 2025.

Aldridge highlights a significant shift in enterprise cybersecurity approaches, stating, "Enterprises will need to adopt formalized approaches to the secure deployment and management of AI solutions in 2025. Guardrails will need to be in place to ensure that every latest and greatest AI adoption program is not automatically greenlighted until the proper assessments can be made and controls put in place. ROI on AI solutions along with risk will start to be top of mind when such programs are being considered." He predicts that more enterprises will start to embrace the latest NIST Cyber Security Framework version 2.0, which will help organizations assess their current posture and inform strategic resource investments targeting areas of highest risk exposure.

Regarding SMBs, Aldridge comments, "Last year, our prediction came to pass that phishing attacks would become more sophisticated, targeted, and difficult to spot, due in large part to the proliferation of generative AI. We predict that this trend will continue, as attackers continue to become better armed with AI-integrated solutions such as next-generation phishing kits." He stresses the critical importance of getting the basics right and anticipates a tipping point towards practical alternatives to password authentication, including Passkeys and FIDO2 tokens, which can help sidestep current phishing and credential stuffing techniques.

In discussing the role of generative AI in security next year, Aldridge notes, "In the cybersecurity arms race, defenders are continually trying to keep pace with attackers and their latest techniques. 2025 will see this cat and mouse game continue, with AI-enhanced attacks increasingly going up against AI-powered defenses." He advises defenders to understand the capabilities and limitations of their AI solutions to enhance their speed and agility in detecting and responding to attacks.

On the evolution of fraudsters' tactics, Aldridge predicts, "Fraudsters will continue to evolve their approach regarding Business Email Compromise (BEC) and related social engineering attacks. We have already seen multiple communication vectors being used creatively to make their campaigns even more convincing, but I predict that in 2025 fraudsters will take this to the next level, leveraging AI models to deliver highly crafted and targeted deepfake voicemails to targets while also hitting them with more elaborate video calls and online meetings which will also be further empowered by AI and deepfakes." He warns that sophisticated manipulation via email, SMS, and IM will persist, providing substantial gains for criminal networks.

Aldridge also notes the significance of supply chain attacks, mentioning, "We didn't see a catastrophic software supply chain attack during 2024, I suspect that work is underway by criminal groups and nation-state teams who have special focus in this area, we may see the fruits of their labour during 2025." He advises organisations to increase scrutiny over their suppliers and highlights the challenges of proprietary software in supply chain security. He suggests that while SBOMs offer some help, they do not cover the entire issue, and supports continued network segmentation and anomaly detection as essential strategies for addressing such attacks.