Navigating cybersecurity challenges in 2025

As businesses enter 2025, the increasingly sophisticated landscape of cybersecurity threats presents significant challenges for organisations seeking to protect their digital assets. Experts from the Rochester area have provided insights into the rising dangers and suggested strategies for safeguarding against potential attacks.

Trevor Smith, executive vice president of Brite—a technology solutions partner located in Victor, Ontario County—emphasised the rapid evolution of cybersecurity. “Cybersecurity is evolving rapidly and, with it, so are the threats,” he stated. He highlighted a recent report identifying over 3,300 cybersecurity solutions across 17 categories, which poses a challenge for many companies trying to navigate this complex environment. Smith advised that partnering with a knowledgeable cybersecurity solutions provider can be invaluable, as these specialists utilise industry frameworks to assess and fortify a company’s security posture.

The emerging threats to watch in the new year include AI-enhanced phishing scams, advanced persistent threats, supply chain attacks, vulnerabilities associated with the Internet of Things (IoT), and both deepfake and ransomware attacks. Smith underscored the importance of conducting regular security assessments, particularly if a company has not performed one in the last twelve months, stating, “The first step is understanding where your organization stands today.”

Charlie Wood, co-founder of FoxPointe Solutions—a cybersecurity division of The Bonadio Group—forecasts that 2025 will see increased risks related to cloud security and misconfiguration. Wood noted that while most cloud environments are relatively secure, the ability of companies to modify their configurations can lead to vulnerabilities. He also expressed concern over the use of advanced natural language processing in AI to facilitate social engineering and ransomware attacks. “AI is here to make life easy, but it’s also here to make life easy for hackers,” he observed.

In response to the evolving threat landscape, Wood recommended several strategies for businesses to enhance their security, such as performing vendor due diligence, viewing cybersecurity as an investment—including cyber liability insurance— and prioritising employee training. “A lot of money is sunk into technologies and processes, and the one thing that a lot of organizations forget to do or don’t spend enough money on is training their people,” Wood said.

Cheryl Nelan, president and owner of CMIT Solutions of Rochester, cited AI as a significant access point for cybersecurity threats. “From a cybersecurity perspective, the same ways it helps us do our jobs, it helps bad guys do their jobs too,” she commented. Nelan highlighted the concern surrounding fraudulent Microsoft 365 pop-ups aimed at stealing multi-factor authentication codes, which can lead to unauthorised access to sensitive information.

Fred Brumm, co-owner of CETech, a Rochester-based IT services and consulting firm, identified malvertising—malware spread through online advertisements—as a growing concern. He noted a 41 percent increase in instances of malvertising from July to September 2024, indicating that it is becoming as prevalent as traditional email phishing attempts. “It’s all the same stuff to look for—grammar errors, spelling errors,” Brumm advised, urging vigilance when engaging with online content.

As organisations prepare for the challenges that 2025 may bring, the importance of ongoing discussions and updates between business leaders, IT personnel, and external cybersecurity partners is paramount. The dynamic nature of threats necessitates that companies remain proactive in their cybersecurity efforts to safeguard their assets effectively.

Source: Noah Wire Services