As cybersecurity threats grow in scale and sophistication, the way that businesses have to respond to them to protect their operations is also morphing rapidly.
In 2025, high-profile ransomware attacks, the proliferation of disinformation, and AI-powered cyber threats are expected to reshape the priorities of enterprise IT teams.
Understanding these cybersecurity trends is the first step towards a tougher posture against new threats. In the new year, experts say there needs to be a renewed focus on cyber-resiliency, disinformation security, and robust zero-trust security frameworks.
Zero-trust becomes a fundamental necessity
A zero-trust framework for cybersecurity has long been touted as the way forward, and in 2025, it will exit its buzzword era and become a cornerstone of cybersecurity strategies, said John Engates, field chief technology officer of Cloudflare, which offers improved performance and security for websites.
Operating on the principle of “never trust, always verify,” a zero-trust setup treats every digital interaction as a potential threat, requiring continuous validation.
“This methodology has become even more essential as traditional network boundaries disintegrate in our cloud-native, distributed work environments,” said Engates.
“We are entering an era where AI systems will battle AI systems, with human security teams orchestrating strategies to maintain the upper hand,” he noted.
“This shift underscores the need for continuous innovation in AI-driven security solutions, as static defenses become increasingly inadequate,” he added.
AI will be a problem and a solution
“Attacks using Generative AI, in particular deepfakes are proving to be a major challenge for Asean organisations,” said Steven Scheurmann, regional vice-president for Asean for Palo Alto Networks, a cybersecurity firm.
“This, combined with the increased speed, scale and sophistication of threats will force ASEAN organisations to modernise their cybersecurity postures with a centralised, AI-driven, scalable, cloud-based approach, in 2025,” he predicted.
While AI presents transformative opportunities in cybersecurity, it also empowers threat actors with new tools for malicious purposes. They are likely to use AI to conduct more targeted reconnaissance, better identify vulnerabilities in systems, said Thio Tse Gan, Deloitte’s Southeast Asia cyber defence and resilience leader.
AI will allow threat actors to bypass defences with greater precision, as they create adaptive malware more effectively, enhance their phishing attempts and produce convincing deepfakes. However, AI-powered threats are not limited to external attacks.
“When organisations increasingly adopt AI models to aid in decision-making, criminals can also launch data poisoning attacks which degrade and manipulate these models into making warped decisions,” said Thio.
On the other hand, AI can be used in tools to improve security processes, monitoring, and risk management. These include using gen AI for data masking, incident response and automated policy generation to optimise cybersecurity responses, added Thio.
Rise of quantum computing
The rise of quantum computing can enable stronger encryption methods, but can also present serious risks by potentially rendering today’s encryption standards, including public key infrastructure, obsolete.
“[Quantum computing] is expected to be able to break today’s encryption in minutes,” said Yee May Leong, managing director of Equinix Singapore.
“Nation-state actors are already harvesting encrypted sensitive data with the intention to decrypt it later when the technology is available, in so-called “harvest now, decrypt later” attacks,” she added.
Governments and cybersecurity authorities are beginning to respond. The U.S. National Institute of Standards and Technology (NIST) has issued post-quantum cryptography standards, and Singapore’s Cyber Security Agency will release guidelines starting in 2025 to help organisations prepare for quantum-enabled threats to current and stolen data, said Deloitte’s Thio.
Deloitte predicts that the number of companies working on implementing post-quantum cryptography solutions is expected to quadruple in 2025 compared with 2023, along with spending expected to quadruple.
Data protection becomes critical to cybersecurity strategies
The question for organisations is not “if” but “when” they will be attacked. This inevitability is pushing cybersecurity strategies in 2025 towards protecting data, ensuring swift recovery when breaches occur, said Matthew Oostveen, chief technology officer for Asia-Pacific and Japan at storage vendor Pure Storage.
“Proactive investment in advanced cybersecurity measures and recovery strategies will be crucial for survival in the face of these evolving threats,” he noted.
“Having a data protection strategy gives organisations a means of resuming business operations quickly in the event of an attack,” he added.
Phishing kits will get trickier
Phishing continues to be an effective method for identity-based attacks, but the tactics are becoming more advanced, said Brett Winterford, regional chief security officer, Asia-Pacific & Japan, Okta, which provides identity management services.
In 2025, phishing kits — virtual toolboxes of resources designed to make attacks much easier to launch and repeat, will evolve to make phishing even harder to detect, such as bypassing geographic location flags using residential proxies to mimic real user’s location.
To combat such tactics, Winterford suggests that organisations adopt phishing-resistant authentication and block requests from anonymising services.
Networks connect and now protect
As more devices and services get more interconnected, the risk and sophistication of attacks become greater, pushing the need for advanced and automated, machine-scale cybersecurity, said Tay Bee Kheng, president for Asean at network equipment maker Cisco.
An example of the sophistication of threats is how social engineering attacks have become more accessible because of the vast data that people share online with different platforms.
Supply chain attacks also pose a problem, given the complicated web of technology suppliers that many businesses use in their operations. Quantum computing will introduce potential vulnerabilities that can render traditional encryption methods obsolete.
These factors highlight the need for cybersecurity systems that operate at machine scale, and are able to defend against advanced, high-speed threats, said Tay.
“The network will emerge as a crucial pillar in managing workloads and serving as both the first and last line of security defence,” she noted.
“This will become increasingly important as attackers conduct lateral movement attacks where they use one entry point to infiltrate the rest of the network to penetrate deeper into organisational systems,” she added.
Financial cyber threats shift to smartphones
Traditional financial malware targeting PCs is declining, but financial cyberthreats on mobile devices are surging, said Adrian Hia, managing director for APAC at cybersecurity vendor Kaspersky.
Resilience against these threats will require predictive analytics, continuous monitoring and a zero-trust mindset to safeguard critical data and operations, he added.
AI agents introduce cyber resilience and new risks
The emerging agentic AI market will transform cybersecurity, automating threat detection while enhancing the speed of response and resilience, said Arvind Nithrakashyap, co-founder and chief technology officer, Rubrik, a data security vendor.
For cloud-first organisations, agentic AI offers the opportunity to scale computing power and storage capacity to train and deploy complex AI models, to increase productivity, better customer experiences, and secure cloud applications.
However, agentic AI will also introduce new security vulnerabilities and potential data leaks.
“Savvy business and IT leaders will not let these challenges hold them back from adopting agentic AI but establish guardrails, set up stringent data access policies, and clearly communicate organisational best practices,” said Nithrakashyap.
Legacy systems become a cybercrime goldmine
The increasing integration between IT, IoT, and operational technology (OT) devices is expanding the threat landscape. Strategic custom malware – such as those for perimeter devices – has become a threat to critical infrastructure, said Daniel dos Santos, head of research at Forescout Research’s Vedere Labs.
Many legacy OT systems remain unmanaged and exposed, especially in sectors like water management, he noted.
Once these vulnerabilities are breached, they can serve as a gateway to broader critical infrastructure, amplifying the potential impact of an attack, he added.
The ongoing Russia-Ukraine conflict, he pointed out, underscores the urgency for proactive vulnerability management to safeguard these systems against exploitation.
Hijacking supply chains with “invisible” firmware threats
Nation-state actors are increasingly turning to firmware-level supply chain attacks, embedding malicious code during the manufacturing process to create “invisible” threats that bridge the gap between cyber and physical warfare.
The recent compromise of communication devices by Israel demonstrates how firmware-level threats can have real-world impact, said Rik Ferguson, vice president of security intelligence, Forescout.
“Traditional defenses, including Software Bill of Materials (SBOMs), often fail to provide the necessary visibility and detection capabilities for these sophisticated implants,” he noted.
“As IoT adoption accelerates, the risks associated with supply chain compromises grow exponentially,” he added. Securing every step of the production and distribution process is becoming imperative.”
