Cybersecurity trends that shaped January 2025
Yes, we used the term "cybersecurity trends". You read that correctly. Of course, we mean trends in the world of information security. But we, too, can’t avoid using words that others might search for. Such is life. Anyway.
January 2025 kicked off with a series of notable developments in the field of information security. For professionals focused on securing web applications, websites, and corporate networks, there were several trends with a direct impact on day-to-day operations. Below is an overview of the most striking events and shifts.
Explosive growth in AI-driven attacks
Cybercriminals are increasingly leveraging artificial intelligence to refine their attacks. In January, a surge was observed in AI-generated phishing emails and deepfake impersonations that are nearly indistinguishable from real ones. These advanced techniques make it harder for traditional security systems to detect malicious activity and call for a revision of existing security strategies.
Rise of non-human Identity (NHI) attacks
Another noticeable trend is the rise in attacks targeting non-human identities, such as API keys, service accounts, and digital certificates. These machine identities are often less strictly secured than human accounts, making them an attractive target for attackers. January made it clear that organizations must extend their security measures to cover these non-human entities in order to minimize risks.
Introduction of the Digital Operational Resilience Act (DORA)
On January 17, the Digital Operational Resilience Act (DORA) came into force across the European Union. This legislation imposes strict requirements on financial institutions regarding digital resilience and ICT risk management. A key aspect of DORA is that top-level executives can be held personally accountable for deficiencies in their organization’s digital resilience, highlighting the need for a robust and proactive cybersecurity strategy.
Multi-vector DDoS attacks pose new challenge
January also saw an increase in complex DDoS attacks that target multiple layers of a network simultaneously. These multi-vector attacks combine traditional network flooding with targeted strikes on web applications and APIs, making them harder to mitigate. Organizations must adapt their defenses to face these advanced threats.
These developments underscore the importance of a dynamic and comprehensive approach to information security. Trends like these signal a challenging year ahead for professionals in the infosec world. More than ever, it’s time to batten down the hatches.