January 2025 - A Look Ahead to 2025

Last month, we took a look at some of the biggest cybersecurity stories of 2024. Massive data breaches, costly outages and telecommunication cyberattacks were among the events that made headlines last year.

But what about 2025?

We are in the early stages of the new year, but it’s never too early to look at what cybersecurity professionals may face in the months ahead.

Here are a couple of cybersecurity predictions for 2025.

Corporate Executives Will Face More Physical Threats

Poor personal cybersecurity practices may harm a person’s digital life and put them and their loved ones in real physical harm.

Malicious actors may collect identifying information about their target, and the outcomes can range from harassment campaigns to physical harm. It’s why cyber hygiene should be taken seriously, as these cyberattacks can happen to anyone.

Bad actors can perform doxxing attacks, and the personal identifiable information included in doxxing attacks often involves a target’s home address. If this person is a well-known, high-net-worth individual, this public information could be used to harass them where they live, and could include outcomes such as them falling victim to a home robbery, or worse.

Doxxing impacts more people than you’d likely think. A study from SafeHome.org found roughly 4% of Americans said they’ve been victims of a doxxing attack, which translated to around 11 million people.

Executives may also face “swatting” attacks as well.

Digital safety translates to physical safety if the proper care is taken. When it is ignored, the ramifications can be severe. Swatting is when a phony emergency call is made against an individual, accusing them of a serious crime. The goal is to trick law enforcement into raiding the target’s home, which can result in emotional distress, financial losses, and loss of reputation. Swatting can also have dangerous outcomes for the target as well.

Swatting can lead to instances of violence, especially if the target believes they are the subject of a home invasion. Since the SWAT team believes they are responding to a potentially dangerous situation, the combination could result in violence against the target or other innocent people nearby.

The likelihood of these types of incidents declining in 2025 is minimal. Thus, anyone with a digital presence must take the steps necessary to protect themselves before being targeted, including limiting what you share online, and taking steps to remove information from data broker websites if possible.

AI-Generated Deepfake Attacks Will Escalate, and Target High-Profile Individuals

The subsequent big corporate breach won’t start with a phishing email or a compromised password. It’ll begin with the CEO’s daughter posting what looks like a desperate video message asking for help. Or it’ll be a convincing audio clip of the CFO discussing insider trading on a private call. The era of deepfakes is upon us, and it’s targeting the most human elements of corporate security.

Artificial Intelligence has evolved to the point where a cyber criminal could generate a convincing, deep fake video of a CEO’s spouse in a compromising situation. This could trigger a panicked response that bypasses standard security protocols. A synthetic voice message from what sounds exactly like a board member’s child could prompt an urgent wire transfer. These aren’t far-fetched scenarios — they’re the logical evolution of social engineering attacks, supercharged by AI that can now mimic voices after just three seconds of audio samples.

While a traditional response would include more training, protocols, and layers of verification, these responses do not account for the human emotion inherent in this type of attack. The deep fake problem isn’t just a technology issue—it’s a human one. As a result, corporations must fundamentally rethink how we approach executive security.

But how can corporations protect against “deep fakes?” The best solution might not be the most clever technology, but the solution that addresses the behavioral vulnerabilities. We are seeing such an acceleration in the pace of AI innovation that we can’t predict what comes next. If a corporation’s defense strategy is based on its ability to detect AI, then the attacker’s technical sophistication will typically outpace that strategy. AI enables attackers to bypass corporate barriers and in their homes.

Digital Security Will Expand Beyond Privacy Concerns

When focusing on the cyber threats that gain attention in the cyber space and the media, the first thought often concerns data privacy. It’s not hard to understand why.

Data privacy concerns are legitimate issues that people want addressed. It can be frustrating to learn about overreaching data collection practices or to find out that information has been shared with organizations with opaque motivations.

It’s also only a piece of the puzzle, and the year ahead may signal the beginning of a demand for cyber awareness and coverage that goes beyond privacy concerns and focuses on data protection.

Data protection, in fact, helps enhance the principles of strong data privacy. Data privacy refers to who has access to personal data, and data protection provides measures to prevent that information from falling into the wrong hands.

Strong data protection measures can help protect individuals from data breaches, especially if the information is encrypted. Thus, if personal information is stolen in an incident, it would be unreadable without an encryption key.

For organizations, data minimization and implementing access controls help limit the amount of information collected and who can access it. This is an example of how privacy concerns can be addressed with strong data protection practices.

Multifactor authentication and biometric verification are also helpful data protection measures for online accounts and the data that resides within them.

An increased emphasis on data protection practices such as these may soon be in higher demand, as the consequences of their neglect can be severe, both on a digital and physical level.

As the world begins to understand that digital and physical security are essentially intertwined, more calls will be needed to learn how personally identifiable information is protected.