Year after year, cyber threat actors continue to advance their capabilities, and 2024 was no exception. As we get ready for 2025, the annual costs associated with cybercrime have reached an all-time high of $9.2 trillion. This number is expected to grow to over $13.8 trillion by 2028, offering a stark reminder that enterprises can no longer afford to wait when it comes to investing in cyber resilience.
The good news is that technology vendors are making major strides to boost the security of their products in the coming year. Microsoft is leading the charge, having spearheaded a collaborative effort among endpoint security vendors to implement safer deployment practices, including additional pre-rollout testing for software updates, to lessen the chances of another CrowdStrike-scale outage occurring. Windows Hello allows for biometric authentication, while Windows 11 will include advanced security tools and protections that will make it harder for attackers to gain access to core operating system capabilities.
Still, cybersecurity remains a cat-and-mouse game, with attackers looking for new ways to counter the evolution of defensive technologies. That won’t change in 2025. Areas where organizations and leading cybersecurity vendors are investing now are places where we expect to see greater evolution in capabilities over the next year—an advance that cybercriminals will probably answer with investments of their own.
Here are the top five things we expect to see happening across the cybersecurity landscape in 2025.
MFA has long been the gold standard for securing user identities and online accounts, but its dependability is now under threat. Attackers are increasingly using a variety of methods to circumvent MFA verification requests. These include MFA prompt bombing, in which attackers send an unsuspecting end user a barrage of access requests on their mobile device, creating alert fatigue and leading the end user to inadvertently accept, and social engineering, where attackers might pose as an IT helpdesk employee and request access to the authentication token. Session stealing is also growing in popularity, with entire repositories of tools and code now available on GitHub for would-be criminals to gain access to cloud resources and digital accounts.
To prevent these kinds of attacks, leading technology vendors (including Microsoft) are now offering phishing-resistant MFA. In the past, this would typically involve a physical token or passkey (like the YubiKey authentication device), but newer, less-intrusive methods are becoming popular. These include biometric authentication (we predict that Windows Hello will see much more widespread adoption in 2025) and mobile-based authentication apps like Microsoft Authenticator’s new passkey capability, which can leverage a mobile device’s built-in facial or fingerprint recognition capabilities, or simply use a pin code to verify the end user’s identity. We predict a shift away from push-based notifications and number-matching, since these are not phishing-resistant authentication methods.
We believe that all of these MFA bypass-resistant authentication methods will grow more popular over the course of 2025 to counter the rising prevalence of these attacks.
As attacks evolve to become more and more complex, incorporating evasive measures of increasing sophistication, growing numbers of cybersecurity solution vendors and service providers are investing in AI to level up their capabilities. In years past, solutions like extended detection and response (XDR) typically relied on static detections (looking for known-malicious code or predefined behavior patterns). Today’s AI-driven solutions have more sophisticated predictive capabilities, so that they’re able to identify previously unseen threats.
Large language models (LLMs) are now widely employed in solutions like Microsoft Security Copilot, where they’re making it easier for security analysts to distinguish between real attacks and false positive alerts. These AI capabilities help even less-experienced analysts make much better decisions during threat triage workflows, so that they can more accurately connect the dots between the steps in an attack sequence and identify malicious activities with less background knowledge. This can result in time savings of 30% or more, while allowing analyst teams to be more effective as well as efficient.
While interest in solutions like Microsoft Security Copilot has been running high throughout 2024, many real-world implementations are still immature—either due to cost concerns or a lack of maturity. We expect this to change in 2025, as security operations programs begin to execute on their nascent plans to leverage AI for defense. Here at Netrix, we have already leveraged Microsoft Security Copilot in our security operations center (SOC) for quite some time, but we expect many other organizations to follow suit in the coming year.
The vast majority of breaches wouldn’t be damaging if sensitive, confidential or regulated data weren’t involved. Yet the costs associated with these devastating incidents continue to climb. With regulators, risk managers and cyber insurance providers now paying greater attention to data breach risks, growing numbers of organizations are thinking beyond user identity and endpoint security—areas where many have already made significant investments—to data protection—where fewer have mature programs in place.
Recently, there’s been a significant uptick in interest in data classification, encryption and data loss prevention (DLP) tools. In fact, the market for DLP solutions is forecast to see very rapid growth over the next year. As regulations like the California Consumer Privacy Act (CCPA), Europe’s General Data Protection Regulation (GDPR) and the Cybersecurity Maturity Model Certification (CMMC) 2.0 mandate that organizations implement privacy protections for the information that they hold and handle, it’s critical for companies that have been having discussions about data protection to move from talking to acting.
Implementing a unified data protection and governance solution like Microsoft Purview can enable rapid progress in maturing your data protection program. Combining data discovery, labeling, governance, encryption and DLP capabilities into a single platform, Microsoft Purview enables teams to gain greater visibility into their organization’s data—no matter where it lives or how it moves—to better safeguard and manage it. This comprehensive approach helps organizations overcome some of the biggest obstacles, like internal silos and fragmented toolsets, that have held data protection programs back in the past.
Often, the easiest way to get started with data protection is to “classify forward”—that is, focus on classifying and tagging new data as it’s being created before turning to older, static information assets. This is a much simpler and more manageable approach than beginning with an enterprise-wide data discovery initiative. It’s also one we’ve seen businesses have great success with recently.
From Palo Alto Networks to Microsoft, leading cybersecurity vendors have made massive investments in their XDR offerings in 2024. With Forrester analysts now proclaiming that this technology is mature enough to supplant security information and event management (SIEM) solutions as the primary technology in the SOC, it’s clear that the consolidated platform approach is here to stay.
For most organizations grappling with cybersecurity vendor sprawl and increasingly unmanageable complexity, replacing six or seven disparate solutions with a single platform is a very attractive proposition. And with XDR, it’s easier than ever to gain visibility across the entire attack path, with no need for analysts to stitch together alerts manually. This simplifies multiple facets of security—including email, identity, endpoint and data security—while reducing security analysts’ workload.
In our opinion, SIEM will no longer exist as a concept ten years from now. XDR will fill the role that those platforms now play, while also doing much more. The comprehensive visibility and automated response capabilities that market-leading vendors already offer already show us what’s possible here.
The number of connected devices has been climbing for years, with analysts predicting that more than 18.8 billion of these “things” will be deployed by the end of 2024. As IoT device fleets grow in size, operational importance and complexity, increasing numbers of stakeholders are asking key questions about their security.
With large numbers of emerging vendors entering this market, as well as major acquisitions and investments by the likes of Palo Alto Networks and Zscaler, IoT security seems poised to be a major growth area in 2025. In a similar vein, Microsoft’s 2020 acquisition of CyberX supported the development of the Microsoft Defender for IoT platform, which now offers advanced IoT asset discovery, management, and security posture improvement capabilities. This will likely remain an important focus area for security and risk management stakeholders throughout the coming year, as awareness of the challenges involved in protecting these devices remains high, as does awareness of the risks that lateral movement from an IoT-initiated attack would bring.
While we’re confident that there will be new and exciting advances in all of these areas, we’re also confident that 2025 will bring unexpected challenges. If you want a forward-thinking technology partner by your side to help you navigate them—no matter what the future may hold—get in touch with us today.
2024 Netrix, LLC | All Rights Reserved.
