Cybersecurity: Securely fending off dangerous attack vectors

According to the digitalization association Bitkom, dangerous ransomware attacks, which encrypt systems and data and only release them again after a ransom has been paid, had already reached an all-time high in 2024. Ransomware had caused enormous damage in some cases for 31% of survey participants. Ransomware will remain one of the biggest threats in 2025 and will become even more sophisticated through the use of artificial intelligence. Cybercriminals are using AI and automation to increase the speed and precision of their attacks. Ransomware will therefore continue to be one of the main threats. Early detection will therefore become even more important.

Seductive phishing emails are the gateway for most ransomware attacks, with AI-generated emails and deepfake imitations looking increasingly convincing. The language of phishing emails is becoming smoother, and the message is tailored to the respective target person via AI. In addition, attack tools can be developed much better and to a much higher standard because AI creates or improves the source code itself.

Artificial intelligence is like a double-edged sword. On the one hand, hackers use it to optimize their attacks; on the other hand, AI helps companies to defend themselves more effectively. On the defender side, it is primarily a matter of quickly and reliably recognizing attacks and attack patterns in order to then automatically initiate defensive measures. To do this, the AI has to analyze vast amounts of data very quickly and then draw the right conclusions from the analysis results. AI is also frequently used by service providers who sell a managed service – defense-as-a-service – to end customers. Prominent examples of this are XDR systems (Extended Detection and Response) or SOCaaS (Security Operation Center as a Service).

In the current year 2025, AI-controlled SOC co-pilots are expected to fundamentally change the way security operations centers function. AI assistants will support teams in analyzing the vast amounts of data from firewalls, system logs, vulnerability reports and threat data. With AI co-pilots, security teams will be able to sift through these vast amounts of data more effectively and quickly, prioritize threats and take appropriate defensive action. Enterprise security professionals will automate key threat hunting tasks, reduce false positives and respond more effectively to incidents. AI’s ability to turn raw data into actionable insights is key to protecting against increasingly sophisticated attacks.

Although quantum computing is still in its infancy, it poses a significant risk to conventional encryption methods. If quantum technology continues to advance, it has the potential to crack encryption standards that are currently still considered absolutely secure. Quantum-resistant cryptography will become increasingly important as a protective measure from 2025.

With billions of users worldwide, social media platforms have become an attractive target for cybercriminals. In 2025, the combination of social media and generative AI (GenAI) will enable even more sophisticated and dangerous attacks using personal data and AI-generated content for targeted scams, impersonation and fraud.

The real danger lies not just in social media or generative AI alone, but in the way these two megatrends come together and amplify risks. Criminals will use AI to mimic people’s behavior, appearance and voice, making it increasingly difficult to distinguish between real and artificial fake interactions.

The use of social engineering tactics will greatly increase, with AI playing a crucial role in creating highly convincing impersonations. In fact, AI-driven bots and deepfakes – which generate fake videos, audios and chats – are already being used to impersonate high-ranking authorities, such as the head of a company or head of state.

It won’t be long before employees find themselves in a Zoom call believing they are speaking to a colleague or superior, only to realize later that it was an AI-generated fake.

As more and more companies migrate to the cloud and use IoT (Internet of Things) devices, the attack surface is also growing. By 2025, over 90 percent of organizations will be operating in multi-cloud environments, and the number of IoT devices is expected to exceed 32 billion worldwide. While cloud service providers offer robust security features, the complexity of securing multiple cloud platforms leads to vulnerabilities. Especially when configurations are mismanaged or inadequately monitored. The necessary “orchestration” of existing on-prem and multiple cloud environments requires new and often undeveloped skills within companies.

Attackers will know how to exploit the growing number of interconnected devices in 2025. Many IoT devices, from smart home systems to industrial sensors, lack sufficient security measures, making them attractive targets for cyber criminals. The rise of IoT will inevitably increase the need for scalable, secure cloud storage.

In addition, cloud misconfigurations and insecure APIs will continue to be exploited as they are among the biggest vulnerabilities in cloud environments. With the imminent integration of AI and machine learning (ML) into almost every technology, this will also apply to cloud computing.

Attackers will increasingly use advanced AI tools beyond code completion tools like GitHub Copilot to generate code. AI platforms will be able to program a complete code for malware with a single command prompt.

This trend encourages the rapid creation of sophisticated and highly targeted cyberthreats. The barrier to entry for malicious actors is dropping dramatically and the world is becoming a far less safe place. This is because the tools are easily accessible, difficult to detect and evolve faster than traditional security defenses can adapt.

Multi-agent AI systems will emerge, with multiple AI models working together to solve complex problems. Attackers will use these systems to carry out coordinated, distributed attacks that are more difficult to detect and defend against. At the same time, defenders will use similar systems to detect threats in real time and respond across networks and devices.

In 2025, the cyber security landscape will be characterized by the increase in AI-supported attacks, the emerging threat of quantum computers and the growing vulnerability of social media platforms. It is fundamentally important that companies address information security not only technically, but also organizationally.

Cyber security is not the exclusive preserve of IT; cyber security must be anchored in the minds of employees throughout the company. Every department – from the board office to the outgoing goods warehouse – should use business continuity management (BCM) to evaluate how resilient it is for which damage scenarios, for example how long it can operate its business processes without IT.

In order to avoid the negative effects of cyber attacks, management and the board should not only establish business continuity management, but also be aware of the actual impact of damage events on value creation.

In addition, compliance with protection and prevention measures should be monitored using a suitable control tool such as a dashboard. In this case, more transparency means more security. This is not necessarily about purely technical KPIs. The aim is to determine precisely the relevant key figures and characteristics that reflect the level of protection already determined or the current degree of maturity. This applies to both technical and organizational measures. The selected KPIs must be a comprehensible and effective management tool for the company management.

For example, is there an emergency plan, when was it last revised, when was the last exercise carried out, what was the result of the last awareness campaign, is there an offline list with employee contact data and how old is it? These and other questions are relevant in order to be prepared for day X. The timeliness and completeness as well as the status of implementation can be monitored promptly by the board or management via a dashboard.