Thales forecasts cybersecurity trends reshaping 2025 landscape

Thales has released predictions regarding the trends expected to dominate the cybersecurity industry in 2025, highlighting issues ranging from critical infrastructure attacks to the adoption of passwordless security measures.

According to Nanhi Singh, Chief Customer Officer and General Manager of Application Security at Imperva, a Thales company, a significant threat predicted for 2025 is the loss of intellectual property due to a prompt injection breach.

"The loss is likely to plunge AI into the 'trough of disillusionment' faster than anticipated, as the security risks rattle corporate confidence, undermining the perceived benefits and reliability of AI systems," said Singh.

Todd Moore, Vice President of Data Security Products at Thales, foresees a sharp increase in attacks on critical infrastructure.

"Given that critical infrastructure will always be a prime target for cybercriminals due to its potential for widespread impact, the disconnect between IT and OT, combined with geopolitical issues, creates the perfect storm for insider threats to thrive. In the year ahead, addressing this gap will be crucial to safeguarding critical infrastructure," Moore explained.

In light of the rising frequency of cyber-attacks in 2024, Moore anticipates a shift in the cybersecurity landscape from reactive to proactive measures in 2025.

"Continuous monitoring and getting ahead of potential threats will become standard practice, along with more robust authentication measures. Compliance with new regulations such as NIS2, DORA, PCI 4.0, the UK Cyber Resilience Act, and the EU AI Act will be crucial. We will see some companies move to handle their data on-premises as a result, necessitating the same stringent security postures as cloud environments," Moore stated.

Danny de Vreeze, Vice President of Identity & Access Management at Thales, predicts significant advancements in passwordless security.

"We will see a ripple effect in the use of passkeys first most visible in the banking industry, due to growing use within mobile banking applications. We'll also see variations in the types of passkeys emerge for different use cases. Passkeys, particularly those that are bound to a mobile application or hardware token, offer banking-grade authentication, allowing FinServ organisations to meet regulatory compliance while also enhancing the end user experience. This continued demand will further drive passkey adoption elsewhere, meaning 2025 will be the year we see passkey talk start to walk the walk," de Vreeze observed.

The introduction of post-quantum cryptography to combat threats posed by quantum computing is also on the horizon. Moore stresses the necessity for crypto agility to stay current with evolving security needs.

"While TLS and SSH protocols are being updated to meet NIST's standards, enterprises will need to embrace crypto agility in 2025. The biggest barrier will be ensuring they have the time and resources to identify their exposure, take inventory of their assets, and employ crypto discovery. This will manifest in a steady rise of crypto centers of excellence among major enterprises. Enterprises must place agility at the center of their quantum readiness, ensuring crypto-agile solutions are leveraged to keep pace with emerging quantum-resistant cryptography," Moore emphasised.