The industrial threat landscape continues to shift and evolve. And while the good guys are typically playing catch-up, a number of industry experts offer their prognostications of what to expect, and how to prepare for cybersecurity’s biggest trends as we head towards 2025.
Escalating ‘Steal-Now, Decrypt-Later’ threats will drive broad integration of post-quantum encryption. In 2025, the intensifying threat of ‘Steal-Now, Decrypt-Later’ attacks will force organizations to accelerate the adoption of post-quantum cryptography (PQC). With quantum computing advancements making traditional encryption methods increasingly vulnerable, adversaries are actively stockpiling encrypted data today to decrypt it with future quantum capabilities.
The recent standardization of FIPS-203 in August 2024 enables organizations to legally deploy proven PQC algorithms like ML-KEM, pushing CISOs to establish comprehensive cryptographic asset registers and proactively overhaul encryption strategies. Without immediate action to secure high-value assets, organizations face a growing risk of quantum-enabled breaches, threatening not just data but national security and global stability.
Escalation of attacks on critical infrastructure. In 2025, cyberattacks on critical infrastructure will intensify, targeting sectors such as energy grids, water supply systems, and communication networks. Driven by a range of factors, including geopolitical tensions, these attacks will disrupt essential services and erode public trust. Governments and private sectors will be forced to fortify their detection systems, enhance threat intelligence sharing, and take proactive measures to defend against increasingly sophisticated and coordinated threats, including those from nation-states.
Fallout from the ‘Wild West’ of AI deployment. The unchecked, mass deployment of AI tools—which are often rolled out without robust security foundations—will lead to severe consequences in 2025. Lacking adequate privacy measures and security frameworks, these systems will become prime targets for breaches and manipulation. This ‘Wild West’ approach to AI deployment will leave data and decision-making systems dangerously exposed, pushing organizations to urgently prioritize foundational security controls, transparent AI frameworks, and continuous monitoring to mitigate these escalating risks.
Escalating threats to network devices. Advanced threat actors, primarily nation-state threat actors, are likely to focus more on targeting network devices, specifically routers and firewalls. While threat actors continue to struggle to stay ahead of endpoint detection and response (EDR) software on endpoints, similar monitoring software can’t be installed on network devices. We’ve already seen multiple threat actors targeting networking devices to gain access to networks.
While this isn’t exactly unprecedented, we can expect the scope and scale of these efforts to increase as threat actors encounter more difficulty maintaining operations with EDR software. It’s also worth noting that the number of compromised network devices is almost certainly underreported today. The vast majority of organizations lack a dedicated threat hunting program for compromised network devices. Very few have the telemetry needed to perform such threat hunts, and even fewer know what to look for.
All of this creates a perfect storm for threat actors targeting network devices. Finally, threat actors may target network devices for their lawful intercept capabilities or to disrupt operations in a destructive cyberattack. Some evidence of such prepositioning was seen with Salt Typhoon in 2024, doubtless a sign of more to come.
- Eric Knapp, CTO of OT at OPSWAT.
Securing the shift to cloud for ICS/OT systems will demand new approaches to tackle cyber risks and the expanding skills gap. The 2024 SANS ICS/OT Cybersecurity Report revealed a surge in cloud adoption for ICS/OT applications, with 26 percent of organizations now leveraging cloud solutions—a 15 percent increase from previous years. This shift brings greater flexibility and scalability but also exposes these critical systems to new cyber risks.
With more organizations leveraging the cloud, robust network security controls at the perimeter are essential. To ensure secure communication, devices that regularly interact with cloud services should ideally be channeled through data diodes, allowing safe, one-way data transfer. However, many sites also require remote access into OT environments for maintenance, upgrades, and similar tasks, calling for separate, secure pathways tailored to specific OT functions and restricted to authorized personnel only.
In 2025, there is an expectation of increased adoption of both secure cloud controls and OT-specific pathways as organizations manage their cloud connections. Investment in proper controls will be crucial to achieving the asset and connection visibility many organizations are striving for. The question for next year is whether organizations are prepared to invest in a comprehensive, layered approach. Historically, the industry has tended to focus on a single “technology du jour,” but indications suggest that 2025 may bring a more balanced approach.
Stay tuned for more cybersecurity predictions and projections in the weeks to come.