SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
MFA
#
Phishing
#
GenAI

Cybersecurity in 2025: Insights and predictions from Yubico's experts

Today
By Yubico

With 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico's September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasised the importance of wide-scale adoption of cybersecurity tools like multi-factor authentication (MFA) and phishing-resistant passkeys.

While the survey results were eye-opening, it allowed businesses an opportunity to reflect on the effectiveness of existing cybersecurity practices and what changes should be made in 2025. Whether the changes are spurred by increasing threats or the evolution in global government regulations, it's clear that the year ahead will bring many cybersecurity changes across the enterprise. To get a better understanding of where the cybersecurity landscape sits heading into a new year, we sat down with some of Yubico's experts to discuss what top trends they're seeing unfold across the industry in 2025.

Check out insights from our experts below....

The future of digital identity wallets: Stina Ehrensvard, Founder

The Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust due to bad actors leveraging it to attack individuals, companies, and nations. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability and privacy – but there is a clear solution focused on the broad adoption of digital identity wallets and open standards for digital identities.

Digital identity wallets aim to offer a new approach to the use of federated identities where users are in control of when and where their personal data is shared – and with whom. User credentials and data includes important things like driver's licenses, insurance cards, work and student visas, travel documents, credit card data, educational credentials, and digital medical prescriptions. Modern FIDO-based authentication is a natural fit to secure digital wallets as users are becoming more familiar with its associated registration and sign in flows now that many websites have adopted passkeys as a means to access their services.

As we continue seeing more success stories about digital identity wallets and continued momentum of open standards for digital identities, in 2025, I expect many more countries around the world to adopt the technology and secure citizens and organisations with these digital wallets backed by FIDO-based security.

A look at a passkey future: Derek Hanson, VP of Standards and Alliances

Passkeys have taken the world by storm as the de facto authentication solution to replace passwords. As we continue navigating the ever-changing landscape of cybersecurity, embracing passkeys will be critical – but the role passkeys actually play in securing our online identities depends heavily on how they are used. Unless organisations do all the right things and have an effective strategy in place throughout the user lifecycle, passkeys won't reach their potential. Over the next year, I expect to see a rapid rise in adoption of passkeys across the enterprise – but it will still take time for organisations and consumers to fully take advantage of the benefits passkeys provide as they continue understanding the new technology.

In the short term, consumers may continue to be hesitant to adopt MFA – primarily because their experience with MFA has traditionally been cumbersome and difficult. While better than no MFA at all, the reliance on SMS-based OTP as a primary MFA factor is dangerous. SMS-based OTP is widely available and offered as a standard by organisations around the world and because of this customers are now accustomed to it. When we're talking about consumer behaviour, there is hesitancy to change or adopt anything else unless they see it in more places where they're familiar with and respect.

I believe the solution is clear: enable broad support for passkey authentication. Like any new technology, passkey adoption will be slow – unless organisations begin to remove unsafe methods of authentication for users, like SMS OTP. It's also important to prioritise following recommended guidelines around creating a good user experience that encourages users to enrol passkeys and educates them on the value to them as users.

The rise of AI-driven cyber threats: Chad Thunberg, CISO

More than 80% of all cyber attacks start with phishing, primarily due to its relatively low cost and high success rate. That number will continue to grow even higher with the advent of AI-driven phishing attacks. By automating the most time, skill, and labour-intensive parts of running phishing campaigns, generative AI is making it possible to dramatically increase the number of attacks and lowers the bar for less capable attackers to get involved with phishing.

The risk doesn't end there, though. We'll continue to see generative AI make each social engineering attempt more potent and likely to succeed because modern AI leverages massive amounts of data to support generating realistic text and voice-based attacks or generate a dossier on specific targets to be used in a sophisticated campaign. For example, AI can mimic someone's writing style or reference relevant and accurate details extracted from previous breaches. It can even create "deep fakes," where attackers use AI to synthesize someone's voice and speech patterns.

These types of attacks usually focus on convincing the victim to take action but can be mitigated by validating the request using an alternative communication path – ideally, one that is known to be good. For example, if you receive an email from a family member asking you to send them money to help them get out of a situation, call them using a phone number that you already possess for them to confirm the situation.

I believe we will also likely see wider adoption of standards, like those from the Coalition for Content Provenance and Authenticity (C2PA), that focus on assisting consumers validate the authenticity of content. The drastic increase in generated content will negatively impact confidence in content if countermeasures like these are adopted and well understood by consumers.

Legacy MFA solutions are already under attack, and generative AI will make them even less effective. This is why it's more critical than ever to be vigilant of these threats and stay one step ahead of attackers with phishing-resistant security keys by removing the human error that leads to the success of AI-driven phishing attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
LogicMonitor enhances partner programme for AI adoption
OneTrust opens Singapore office amidst APAC expansion
Kaspersky launches courses to strengthen cyber skills
WTW launches CyCore Asia for enhanced cyber coverage
Okta appoints Swan Chin Yeo to lead ASEAN strategy
Top stories
Entrust unveils PKI Hub for cryptographic asset management
CrowdStrike launches new service to combat insider threats
Why traditional loyalty programs are failing to meet modern customer expectations
A look ahead: Experts weigh in on 2025 cybersecurity trends
Semperis launches Lightning Intelligence for cyber security