Seven cybersecurity trends and threats for 2025

Be careful with sensitive data
According to Andy Quaeyhaegens of Netskope, sharing information with AI models raises fresh concerns. “When you ask ChatGPT a question, you expect a particular answer. If the expected answer doesn’t come, you will reformulate the question with more context, possibly to the point where you reveal internal and confidential information. Clearly, that information is of interest to cyber criminals. The rise of the Chinese DeepSeek raises even more questions and concerns about matters such as privacy, data security and censorship.”

Prompt injections
And that’s not all, unfortunately. Bart Salaets of F5 points out the biggest security threats per segment according to knowledge source OWASP. “Prompt injections are number 1 in the field of large language models. Criminals try to change the behavior or output of LLMs using manipulated user prompts. The ultimate goal is to spread malware, steal sensitive data and even take over systems and devices. Few businesses have adequate defense mechanisms against these new threats.”

Cloud-specific vulnerabilities
Greater dependency on cloud providers is leading to the exploitation of more cloud-specific vulnerabilities, according to Geri Révay of Fortinet. “You can’t just rely on the cloud provider for security. It is important to augment your cloud infrastructure with cloud-specific security services from your trusted security vendor. Improving cloud visibility, enforcing access with the fewest possible privileges and using solutions for continuous monitoring are key to building resilience within the cloud.”

The cloud as a criminal marketplace
The as-a-service model is also flourishing in hacker circles. “A virtually endless number of attack vectors with associated code are now available, such as ransomware-as-a-service and DDoS-as-a-service,” says Geri Révay of Fortinet. “We expect attackers to grow this market even further using LLMs. One way of doing this, for instance, is by scouring social media and automating that information in neatly packaged phishing kits."

According to Salaets of F5, APIs have to be included in the list of growing attack surfaces. “More than half of application attacks ultimately target API endpoints,” says the expert. “Organizations often lack the necessary tools to deal with them. Traditional application security techniques such as DDOS mitigation and web app firewalls (WAFs) don’t give sufficient protection.” The greatest danger lies in unmanaged APIs. “That’s why it’s a good idea to monitor, inventory and protect open APIs.”

So how do you respond to this as a company? Nico Sienaert of Microsoft: “At Microsoft we’ve introduced the Secure Future Initiative (SFI). This involves regarding system security as standard for every action, and asking questions about it all the time and in every context. The program involves a complete culture shift that affects people, processes and technology. We’re now rolling this out to our customers, with the mantra ‘security above all else’. From obvious actions such as not simply connecting to a potentially unsafe network, to a ‘shift left’ where you immediately include security in the development process … There are often a great many action points.”

Visibility and centralization
Visibility is an increasingly important advantage within cybersecurity policy. “In the context of NIS2 and the CyberFundamentals Framework, it’s more crucial than ever to know where your data is located and who has access to it, so it’s important to identify all your tools and check who owns the data you store,” explains Andy Quaeyhaegens of Netskope. “Even more important is monitoring the sensitivity of that data and the associated risks. The security stack you previously used for this purpose is no longer adequate when you have hybrid workflows.”

Central security management
“It’s also advisable to use a central platform to monitor and visualize all IT infrastructure, applications and data spread across different environments, such as local databases, and multicloud and SaaS services,” adds Sienaert of Microsoft. “With AI, we’re facing a paradigm shift for both attackers and defenders. What’s not changed, though, is the need for end-to-end security, in which speed is more important than ever. A platform approach that makes it possible to integrate a range of security solutions will enable organizations to optimize, reduce complexity and respond more quickly to detection and response.

The impetus for demands to tighten up security policies further isn’t just internal. Belgium was one of the first EU member states to transpose the NIS2 Directive into national legislation. All essential and important entities, as well as entities providing domain name registration services, must register within five months of the law coming into effect. This means that registration must be completed by 18 March 2025 at the latest. In order to support businesses, the Centre for Cybersecurity Belgium is putting together the Cyberfundamentals Framework, a set of best practices and recommendations.

Financial institutions, meanwhile, had until 17 February 2025 to comply with all the requirements of the DORA Regulation. “The preparation period is over and there will soon be audits with associated penalties,” explains Jesper Olsen of Palo Alto Networks.

However, the expert notes that at many businesses the required procedures and documentation have not yet been developed. “What’s more, it’s not enough to simply be compliant by the deadline. Setting up the necessary mechanisms for continuous monitoring and registration brings fresh challenges.”

The World Economic Forum has drawn attention this year to growing cyber inequality. “Smaller and mid-sized companies may lack the required budgets and find that experts tend to be looking for business from multinationals,” says Jesper Olsen of Palo Alto Networks. “In addition, criminals use both targeted attacks and a ‘spray and pray’ approach in which they approach a broad spectrum of businesses in one go. SMEs are among these targets. Given that they also have a smaller arsenal of weapons against cyber attacks, they look more vulnerable.”

Operational technology (OT) plays a crucial role in vital industries such as healthcare and the energy and transport sector. OT systems perform a wide variety of tasks, from monitoring critical infrastructure to controlling machines and robots. “That explains the big potential impact of cyber attacks,” explains Sofie Huylebroeck of Proximus NXT. “OT security is essential to protecting these critical systems. With IT and OT being increasingly linked, these risks are growing. In addition, the NIS2 Directive forces organizations in critical sectors to adopt a proactive approach to OT security. In view of the complexity of OT system security, many businesses still have a lot of work to do in 2025.”

• Andy Quaeyhaegens is Senior Solutions Engineer at Netskope.
• Jesper Bork Olsen is Chief Security Officer at Palo Alto Networks.
• Bart Salaets is EMEA Field CTO at F5.
• Nico Sienaert is Senior Security GTM Lead at Microsoft.
• Geri Révay is Principal Security Researcher at Fortinet.
• Sofie Huylebroeck is Cybersecurity Sales Lead at Proximus NXT.