Experts highlight the evolving cybersecurity landscape and offer strategies for businesses to protect against emerging threats in 2025.
As businesses enter 2025, the increasingly sophisticated landscape of cybersecurity threats presents significant challenges for organisations seeking to protect their digital assets. Experts from the Rochester area have provided insights into the rising dangers and suggested strategies for safeguarding against potential attacks.
Trevor Smith, executive vice president of Brite—a technology solutions partner located in Victor, Ontario County—emphasised the rapid evolution of cybersecurity. “Cybersecurity is evolving rapidly and, with it, so are the threats,” he stated. He highlighted a recent report identifying over 3,300 cybersecurity solutions across 17 categories, which poses a challenge for many companies trying to navigate this complex environment. Smith advised that partnering with a knowledgeable cybersecurity solutions provider can be invaluable, as these specialists utilise industry frameworks to assess and fortify a company’s security posture.
The emerging threats to watch in the new year include AI-enhanced phishing scams, advanced persistent threats, supply chain attacks, vulnerabilities associated with the Internet of Things (IoT), and both deepfake and ransomware attacks. Smith underscored the importance of conducting regular security assessments, particularly if a company has not performed one in the last twelve months, stating, “The first step is understanding where your organization stands today.”
Charlie Wood, co-founder of FoxPointe Solutions—a cybersecurity division of The Bonadio Group—forecasts that 2025 will see increased risks related to cloud security and misconfiguration. Wood noted that while most cloud environments are relatively secure, the ability of companies to modify their configurations can lead to vulnerabilities. He also expressed concern over the use of advanced natural language processing in AI to facilitate social engineering and ransomware attacks. “AI is here to make life easy, but it’s also here to make life easy for hackers,” he observed.
In response to the evolving threat landscape, Wood recommended several strategies for businesses to enhance their security, such as performing vendor due diligence, viewing cybersecurity as an investment—including cyber liability insurance— and prioritising employee training. “A lot of money is sunk into technologies and processes, and the one thing that a lot of organizations forget to do or don’t spend enough money on is training their people,” Wood said.
Cheryl Nelan, president and owner of CMIT Solutions of Rochester, cited AI as a significant access point for cybersecurity threats. “From a cybersecurity perspective, the same ways it helps us do our jobs, it helps bad guys do their jobs too,” she commented. Nelan highlighted the concern surrounding fraudulent Microsoft 365 pop-ups aimed at stealing multi-factor authentication codes, which can lead to unauthorised access to sensitive information.
Fred Brumm, co-owner of CETech, a Rochester-based IT services and consulting firm, identified malvertising—malware spread through online advertisements—as a growing concern. He noted a 41 percent increase in instances of malvertising from July to September 2024, indicating that it is becoming as prevalent as traditional email phishing attempts. “It’s all the same stuff to look for—grammar errors, spelling errors,” Brumm advised, urging vigilance when engaging with online content.
As organisations prepare for the challenges that 2025 may bring, the importance of ongoing discussions and updates between business leaders, IT personnel, and external cybersecurity partners is paramount. The dynamic nature of threats necessitates that companies remain proactive in their cybersecurity efforts to safeguard their assets effectively.
Source: Noah Wire Services
- https://nordlayer.com/blog/cybersecurity-trends/ – Corroborates the rising threats of AI-enhanced phishing scams, advanced ransomware attacks, and the importance of regular security assessments and stronger roles for SOCs and CISOs.
- https://nordlayer.com/blog/cybersecurity-trends/ – Supports the increasing risks related to cloud security, misconfiguration, and the use of AI in social engineering and ransomware attacks.
- https://nordlayer.com/blog/cybersecurity-trends/ – Highlights the vulnerabilities associated with the Internet of Things (IoT) and the need for proactive security measures.
- https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/ – Discusses the rise of multivector attacks, the importance of secure browsers, and the increasing use of AI in phishing emails, aligning with the threats mentioned.
- https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/ – Supports the need for single-vendor Secure Access Service Edge (SASE) solutions and the integration of AI technologies in enterprise security.
- https://nordlayer.com/blog/cybersecurity-trends/ – Emphasizes the importance of conducting regular security assessments and understanding the current security posture of an organization.
- https://nordlayer.com/blog/cybersecurity-trends/ – Highlights the role of AI in facilitating social engineering and ransomware attacks, and the need for employee training.
- https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/ – Corroborates the concern over advanced natural language processing in AI for social engineering and ransomware attacks.
- https://nordlayer.com/blog/cybersecurity-trends/ – Supports the importance of vendor due diligence and viewing cybersecurity as an investment, including cyber liability insurance.
- https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/ – Discusses the growing sophistication of cyberattacks, including multistage approaches and the need for integrated security services.
- https://nordlayer.com/blog/cybersecurity-trends/ – Highlights the need for ongoing discussions and updates between business leaders, IT personnel, and external cybersecurity partners to stay proactive against evolving threats.
