Preparing for the Security Challenges Ahead — What to Expect in the Next 12 Months

The first quarter of 2025 was off to a great start — for malicious actors. We barely had time to tuck our Christmas decorations away and cheer on the new year when news of major attacks began rolling in.

In the first three months of 2025, cybercriminals stole data from a healthcare organization, affecting 1 million patients. They walked away with $1.5 billion worth of digital currency from a cryptocurrency exchange. They began exploiting fresh firewall vulnerabilities. And that was just a warmup.

Unfortunately, these cyberattacks are part of everyday business for threat actors. But for security teams, business as usual no longer works. As we discuss in our recently released “The Digital Hands 2025 State of Security Report,” organizations need to shift from a cookie-cutter approach to proactive, unified security that adapts to modern challenges and enables them to “get there first,” before the attackers.

The report looks at this past year’s threat landscape and discusses what SOC teams should prepare for. Here are the highlights from our 10 predictions for the months ahead.

1. As AI tools get cheaper and more accessible to attackers, threat actors will grow even more efficient, accurate, and effective — with little investment required.

The “as-a-service” economy in the criminal underground has removed many barriers to entry for new waves of cybercriminals — and AI tools will further enable anyone to exploit weaknesses more effectively with little or no infrastructure required.

Generative AI tools can improve efficiencies at scale — summarizing reconnaissance data in seconds, writing or improving code, and providing unlimited iterations for fine-tuning phishing emails. As cheap, easily accessible AI tools democratize cybercrime, the ranks of malicious actors will grow — and thrive.

2. AI-driven tactics will give rise to next-generation attacks and force organizations to reconsider defense strategies.

A November 2024 Gartner survey found that malicious attacks enhanced by AI emerged as the top overall risk for enterprises for the third consecutive quarter. In the next 12 months, these attacks will become commonplace — and top of mind for every SOC and CISO.

In addition to using AI for crafting flawless phishing emails, malicious actors will scale impersonation attacks using AI-generated deepfakes. We have already seen some of these capabilities in the wild, including an evolution of business email compromise into a next-generation attack using deepfakes.

To combat the knowledge and speed of AI-based attacks, defenses need to employ AI that has more extensive knowledge than attackers and can match their speed. For example, an advanced, AI-driven email security solution trained on millions of emails could identify even the subtlest indicators of compromise and intercept malicious emails before they reach a user’s inbox.

3. Nation-states will continue to weaponize trust, compromising IT vendors to get access to their customers — accelerating the move to zero-trust security.

Nation-state affiliated actors are doubling down on supply chain attacks on technology and cybersecurity companies because attacks on IT products and services can give them access to a large number of the vendor’s customers. Digital Hands is observing a lot of activity targeting security companies like firewall vendors, and zero-day attacks are often a preferred tactic. Threat actors are especially interested in those that provide centralized management tools or SaaS platforms.

One of the most effective ways to negate attacks like zero-days and defend against weaponization of trust is through a zero-trust model. This approach is now a critical piece of a multi-layered defense strategy, and organizations will focus their efforts on implementing it.

4. The digital supply chain will be as fragile as ever, pushing organizations toward better resilience.

Nation-sponsored actors are not the only ones weaponizing trust — and it’s not just security vendors that organizations have to worry about. An estimated 90% of companies are undergoing digital transformation, and the expanded digital interconnectivity contributes to the sprawling attack surface across the entire supply chain.

The compromise of the Linux XZ Utils tool last year is a recent example of the enormous impact that one compromised link in the supply chain can cause. The challenge is that supply chain attacks are very difficult to detect and mitigate. These threats pass traditional perimeter defenses, and the SOC has no visibility into the vulnerabilities of their organization’s partners and suppliers.

With such an obscure view of supply chain vulnerabilities, risk becomes more unpredictable. Add to that the emerging problem of AI — both AI adoption and AI-driven threats — and it’s easy to foresee that boosting resilience will be on every security leader’s mind.

5. Ransomware, extortion-based, and sophisticated malware attacks will continue to cause major disruption, and attackers will target new vectors.

In 2024, ransomware operators may have had their best year yet, with ransom payouts and the number of attacks breaking records. The convergence of AI tools, rise in double and triple extortion tactics, increased ROI, growing number of ransomware groups, and booming ransomware-as-a-service economy will continue to escalate the frequency of large-scale ransomware attacks.

Based on our observations, email is the most successful initial access vector in ransomware attacks, but we also expect to see threat actors double down on circumventing security technology with tactics like zero-days, as well as target new vectors with malware. One of those channels are collaboration tools like Slack, Teams, and other messaging apps, which don’t have robust security tools.

Regardless of what the adversary’s tactic of the day or targeted vector is, defenders will have a much more difficult time if they don’t integrate advanced AI in their security stack.

6. Industries providing critical infrastructure and services will remain at the top of the hit list.

One of the biggest breaches across all sectors last year was the ransomware attack on Change Healthcare, which reportedly paid a $22 million ransom. The attack, which impacted more than 100 critical software solutions and disrupted thousands of healthcare providers, has so far cost parent company United Healthcare more than $3 billion.

Healthcare is one of the top-targeted sectors because of the criticality of the services that could be impacted. Other critical infrastructure organizations will also be major targets because of the disruptive nature of attacks on those functions. So will other types of organizations that serve as a conduit to numerous businesses, such as managed security providers.

7. The rapid adoption of generative AI will expose companies to more data privacy and data loss risk.

Organizations are adopting genAI at an unprecedented pace. Their rapidly growing reliance on these tools — especially when provided by third-party vendors — has outpaced their understanding of security risks.

AI systems integrated into daily business functions are also processing large amounts of sensitive data like confidential customer information or intellectual property. On top of that, they’re connecting to more systems, apps, and other data sources. Consequently, unauthorized access creates a big risk of data breaches and leaks that could be caused either by unwitting employees or attackers targeting the organization.

8. Complying with evolving requirements will ratchet up the pressure on CISOs, risk leaders, and boards, with resilience rising as a priority.

Last year, the regulatory landscape continued its evolution with new mandates like the Digital Operational Resilience Act (DORA) in the EU and new state privacy laws in the US. AI’s broad access to vast amounts of data, along with the technologies’ data collection and processing capabilities, is also receiving increased attention of government and industry regulatory bodies.

In addition to regulations, additional pressure to improve security posture will come from cyber insurance companies. To obtain and maintain a policy, as well as get the best value from insurance, organizations will need to keep a sharp focus on complying with policy requirements and evolving their controls as their environment changes. They will also need to ensure that their incident response plans align with their changing environment, including new risks introduced by their adoption of AI.

9. The increased role of AI in defense will redefine security roles while raising liability questions.

With both attackers and defenders leveraging AI for speed and efficiency, the AI arms race will intensify. On the defense side, the outcomes will include better response playbooks as AI helps cut back on the noise, enables analysts to derive faster insights, and frees up time for humans to focus on threat hunting.

In the next 12 months, most Tier 1 jobs will go away because AI will be trained to take over tasks like low-level, simple data analysis. In the process, as more basic and repetitive tasks are automated, the SOC will have to rethink job descriptions.

10. More organizations will seek unified security models to combat the proliferation, sophistication, and speed of attacks.

The bulk of IT security pros’ time goes to monitoring security platforms. The SOC simply has too many data portals, too many places to find answers, too many settings to worry about. Whether they’re outsourcing security or handling it in-house, more organizations will implement unified security in the next 12 months.

Although this trend is positive, it does bring downsides. Many platforms offer simple “drag-and-drop” functionality. In theory, organizations no longer need skillful, experienced professionals to manage the technology — or at the very least, they don’t need an entire team. The tradeoff is that the organizations lose 24/7 “eyes on glass” coverage. Additionally, they could feel locked into their vendors because they no longer have the staffing or the skilled experts to stand up and configure something else.

Get ahead of the threats

Against this backdrop of growing cyber threats, security landscape complexity, and regulations, many organizations are seeking strategic guidance and tactical assistance from third-party security experts. That’s one reason why the managed detection and response (MDR) market has been growing dynamically. MDR is a viable solution that offers a holistic approach for addressing complicated security challenges.

MDR delivers unified security to help solve the problem of increasingly understaffed and overworked in-house security teams grappling with an increasingly complex threat environment and attack escalation. An expert MDR partner who combines technology and automation with skilled people and effective processes can be a powerful ally as organizations face new threats in the next 12 months and beyond.

For complete insights into the shifting security landscape and the critical role of unified security, download “The Digital Hands 2025 State of Security Report.”