AI will dominate in cyber security in 2025 and a robust security culture remains the best form of defence, says KnowB4. (Image: Freepik.com)

AI tools will have a significant impact on cyber security in 2025 and will be used by attackers and defenders alike.

This is according to cyber security firm KnowBe4, which released a list of cyber security market predictions for the year ahead.

“In 2024, the world witnessed cyber threats evolve faster than before, primarily due to the rise in the number and popularity of AI tools," the company states. "These tools assist cyber criminals in refining and making attack tactics more sophisticated and more difficult to recognise, while helping cyber security professionals defend against attacks more effectively.”

Stu Sjouwerman, CEO of KnowBe4, says, “The cyber security landscape is rapidly evolving, and the dynamic between defenders and attackers has never been more complex. As we enter 2025, we must embrace the potential of AI to enhance our defences and protect organisations globally."

According to KnowBe4, it is more important than ever to focus on the human element in organisations to lower the risk of becoming a victim of cyber crime.

“One of the best forms of defence remains cultivating a robust security culture,” adds Sjouwerman.

KnowBe4 predicts

1. AI-enabled tools for cyber defence and attacks will continue to improve

As AI technology advances, both defenders and attackers are taking advantage of its capabilities. On the cyber security side, sophisticated AI-powered tools that detect and respond to threats more efficiently are being developed. Capabilities like AI being able to analyse big amounts of data, identify anomalies, and enhance the accuracy of threat detection will be of massive assistance to cyber security teams going forward.

However, cyber criminals are also adopting AI to create more advanced attack methods. For instance, AI-powered social engineering campaigns that manipulate emotions and target specific vulnerabilities more effectively will make it difficult for individuals to distinguish between real and fake content. As AI capabilities evolve on both sides, the standoff between defenders and attackers intensifies, making constant innovation and adaptation crucial.

2. Ransomware attacks will remain a problem

Ransomware attacks will continue to be a massive threat due to the collaboration between ransomware gangs and initial access brokers. In a measure to combat this, AI will become a popular tool to monitor networks and individual devices for anomalies like unusual encryption processes. This will greatly reduce the impact of attempted ransomware attacks.

3. The human factor in cyber security will become more of a focus

Organisations will continue to recognize the importance of frequent security awareness training and simulated phishing tests to manage the inherent human risk that exists within it. At the same time, cyber criminals will keep refining their social engineering techniques, making attacks more personalised and effective.

Going forward, the challenge will lie in maintaining employee vigilance without causing phishing fatigue. To prevent this, it is important for organisations to focus on making training more adaptive and relevant to employees to create better protections and engagement for a positive security culture.

4. The improvement of deepfake detection technologies

2025 will see deepfake AI detection technologies improve, become more accessible, and more effectively address the growing concern of identifying deepfakes. On the other hand, cyber criminals are also expected to leverage disinformation and deepfakes in their attacks, using them to accelerate extortion, hide other attacks, or damage organisational reputations.

5. The adoption of a zero-trust mindset and cyber mindfulness

There will be a wider adoption of a zero-trust mindset and cyber mindfulness, representing a proactive approach to cyber security. Organisations embracing these principles encourage a vigilant attitude among their employees, treating every user and device as a potential threat. Training employees to maintain a healthy level of scepticism encourages them to apply critical thinking skills, and this mindset shift will be another crucial step in mitigating internal risks.

6. The overlap of cyber crime and human trafficking in Africa

The region has experienced an increase of cyber criminals targeting its youth with false job opportunities which often result in human trafficking. The worry is that the overlap of cyber crime and human trafficking will continue to escalate in 2025.

Targeted attacks like romance and job scams will increase as cyber criminals become more adept at exploiting economic hardships and limited digital literacy.