As we reach the end of 2024 and look ahead, we’ve come to that magical time of year when the internet lights up with everyone suddenly becoming a Nostradamus of cyber, throwing out predictions left, right and centre. This year, Darren Humphries, Acora’s CISO and CTO Partner, has divided his predictions write-up into two sections: his own forecasts and insights into the impacts of cyber developments, followed by his commentary on other popular internet predictions for 2025.

As a CISO who’s been in the trenches long enough to see trends come, go, and come back again with new branding, I’m here to give it to you straight: are some of the most popular cyber forecasting concerns something we should genuinely buckle up for or not give a second thought to? This blog is equal parts cyber futurism and old-school CISO honesty. If you’re here for some unapologetic commentary and a hefty dose of “what we really need to be worried about,” let’s dive in. 

Supply Chains Under Fire

It’s predicted that supply chain attacks are likely to become more frequent because they offer cyber criminals an efficient way to maximise their impact. By targeting a single weak link, attackers can amplify their reach, making it a highly rewarding approach.  

Whilst suppliers could be thought of as having deeper pockets, they are required to meet compliance standards and ethically should be setup to defend themselves better than most other organisations against cyber attacks. However, suppliers are also more likely to have complex environments, complex ways of working and will include the use of development teams. This creates a broader attack surface, offering attackers more opportunities to exploit vulnerabilities or leverage existing tools and access points (“living off the land”). As a result, supply chains present an attractive and worthwhile target for cyber criminals to focus their efforts. 

In supply chain attacks, the stakes are significantly higher. If attackers successfully infiltrate the supply chain, they can exploit it to compromise the supplier’s customer base. Should the attackers be discovered early, they can pivot to a secondary objective: to double extortion. This involves deploying ransomware to disrupt the supplier’s IT systems or threatening to expose sensitive data to customers, aiming to damage the supplier’s reputation and leverage that fear for financial gain. 

In 2024, attackers targeted a U.S. company with ransomware and, when the ransom wasn’t paid, they escalated the situation by anonymously reporting the breach to regulators. This tactic forced the victim organisation into trouble for failing to self-report the breach, as required by regulatory obligations, ultimately leading to a fine. In the case of a supply chain compromise, the supplier faces a lose-lose situation if breached, making them an ideal target for cyber criminals. It’s therefore predicted supply chain will become more common place due to attackers’ risk versus reward economical strategy in this type of cyber crime. Phishing attacks, supply chain poisoning of source code, water holing attacks to lure developers, and attacks against weakness in PaaS and IaaS configurations will become common vectors of attackers that supply chain businesses need to protect against.  

Poisoning the Fount

As people strive to be more productive (or simply look for easier ways to cut corners), AI tools like large language models (LLMs) have become go-to shortcuts for everything from quick fact-checking to coding. Instead of sifting through search results or mastering the basics, many simply prompt, click, and trust whatever answers come back. But this reliance on “trusted” sources creates opportunities for attackers to exploit.

For instance, developers are increasingly turning to LLMs to generate code, bypassing the need to learn fundamentals and often copy-pasting results without thorough checks. This culture of convenience is a goldmine for attackers, who are finding creative ways to manipulate the process.

This is what could be called “poisoning the fount.” If LLMs are seen as the modern-day fountain of knowledge, attackers are finding ways to contaminate the source. By injecting malicious code, fake links, or misleading references into AI systems, they can influence the information these tools provide.

We’re already seeing early examples of this, with dubious domains and harmful scripts making their way into LLM-generated outputs. By 2025, these “poison the fount” strategies are likely to become even more widespread. The mix of people seeking quick answers and attackers exploiting that trust creates the perfect storm for this kind of abuse. Phishing might have been the original con, but targeting LLMs could well be the next frontier.

Insider Threats: Assisting in Sabotage

Insider threats will be a key concern in 2025 and beyond. Both industrial espionage and cyber crime are financially driven, time-tested strategies employed by advanced threat actors and nation-states.

While accidental or non-malicious insider threats continue to grow—fueled by the increasing complexity of IT systems and human tendencies to cut corners—there’s a sharper edge to this issue. Insider threats also include individuals deliberately placed within large supply chain organizations to steal intellectual property, sabotage systems to enable extortion schemes like ransomware, or disrupt operations by injecting malicious code into products or services.

Darren also notes that bribery and corruption among employees have been recorded multiple times in 2024 and are poised to increase in 2025 and beyond, further amplifying the insider threat landscape.

The Usual Suspects: Darren Reviews 2025’s Popular Cyber Threat Forecasts

To align with mainstream perspectives, Darren has shared his thoughts on other predictions commonly found in LLM outputs or quick internet searches. Below is a list of common threat predictions for 2025 from Copilot, accompanied by Darren’s commentary.

AI-Driven Attacks

Quoted from Copilot: Artificial Intelligence (AI) is expected to play a major role in cyber attacks, enabling cyber criminals to develop more sophisticated malware, phishing campaigns, and deepfake impersonations.

Reflecting on this prediction, Darren notes that while there was a notable case of financial fraud involving a fake CFO video, the widespread adoption of deepfake attacks remains unlikely. Major video generation platforms offering SaaS solutions have implemented fingerprinting mechanisms to track requestors, and conferencing tools like Zoom and Teams now detect deepfake usage. These developments make deepfake-based attacks more traceable and less practical for mainstream use.

Phishing emails, on the other hand, have indeed become more prevalent and will likely continue to do so. However, AI and LLMs haven’t created a conveyor belt for significantly improving these attacks beyond their already-effective methods.

Darren also argues that the hype surrounding AI-driven cyber attacks hasn’t materialised into any large-scale weaponization. While polymorphic AI malware has been a long-standing trope in Hollywood (seriously, check out Swordfish if you haven’t—one of the coolest films from 2001), it remains more fantasy than reality for now.

Ransomware Evolution 

Quoted from Copilot: Ransomware attacks are predicted to become even more sophisticated, with AI and automation increasing the speed and precision of these attacks. The focus will likely shift towards targeting supply chains, which can have a cascading effect on entire industries. 

Darren’s reflections: He doubts AI is going to play any significant role in the increased sophistication of Ransomware in 2025. However, he does agree with the supply chain being a focus for cyber attack economics.  

Quantum Computing Threats

Quoted from Copilot: Quantum computing poses a potential threat to current encryption methods. As quantum computers become more powerful, they could potentially break traditional encryption algorithms, making sensitive data vulnerable.  

Darren disagrees quantum computing will perform any significant risk to anything other than Critical National Infrastructure and National Interests. Quantum computing will not be available as an infrastructure or platform as a service in 2025 not until around 2035 Darren predicts.  

Only nation-state resources will be able to deploy the types of cyber attacks that have the ability to intercept network communications and then use quantum decryption. This means attacks of this nature will be highly targeted to the missions needed most by nation-states rather than a general use cyber weapon with the ability to deploy widespread. So it will be very much a targeted use cyber attack capability used for complex nation state targeting.  

It has been predicted and worried about for years that this type of cyber attack is coming with the ability to “possibly” be used against connected devices such as vehicles or to, intercept and snoop on business communications or even to inject attacks into encrypted network traffic. Darren notes that while it’s possible, this concept is likely to remain novel and won’t become a reality for businesses outside of telecommunications and critical national communications in 2025.

Social Media Exploitation and Deepfakes

Quoted from Copilot: The exploitation of social media platforms and the use of deepfakes for misinformation campaigns are expected to rise. These tactics can be used to manipulate public opinion, disrupt elections, and damage reputations.  

Darren’s view is this is where AI deepfakes and AI-generated text in LLMs using techniques such as poisoning AI tools (poisoning the fount) and using social media to present to the internet masses will become more widespread and it makes economic sense. 

This type of attack suits the interests of nation-states economically as a long game to reduce foreign interests to allow disinformation in favour of their own economic ideology or take advantage monetarily by causing instability. This technique, is becoming easy to use against the unsuspecting average internet user citizen, rather then attackers using deep fake to committing fraud. 

Economically, this type of attack is far more effective when used to generate hundreds of millions or even billions in revenue by causing geopolitical disruption that benefits the attacker’s nation-state, rather than being deployed in a limited capacity against corporations, where the payoff might only reach tens of millions.

These misinformation techniques have been allegedly used to disrupt both the UK and U.S elections since 2016, with the increased capabilities in AI and LLM it will just make this easy to achieve.

Regulatory Changes and Compliance Challenges

Quoted from Copilot: With the increasing complexity of cyber threats, regulatory bodies are expected to enforce stricter compliance standards. Organisations will need to stay ahead of these changes by implementing robust security measures and ensuring they meet all regulatory requirements.  

Darren agrees this will be a common focus in 2025 and beyond as regulatory and compliance bodies try to help secure businesses and battle the loss of customer data for the greater good by holding businesses to account ethically to correctly protect against cyber attacks.

Supply Chain Attacks

Quoted from Copilot: Supply chain attacks are anticipated to increase, targeting critical vendors and partners. These attacks can disrupt entire industries and have far-reaching consequences. 

Darren agrees and has elaborated in part one on his deeper thoughts on the subject.

AI-Assisted Cyber Security Tools

Quoted from Copilot: On the defensive side, AI-assisted cyber security tools will become more prevalent. These tools will help organisations manage and secure their environments more effectively, even with limited human resources.  

Darren agrees and is seeing great approaches of employing AI in a defensive way by Cyber tooling providers and service providers.

Insider Threats

Quoted from Copilot: Insider threats, including those from nation-state actors, will continue to pose significant risks. These threats can come from employees, contractors, or other insiders who have access to sensitive information.  

Darren agrees and has elaborated on the subject earlier on in this article.

Phishing and Social Engineering

Quoted from Copilot: Phishing remains a major gateway for cyber attacks. With AI-generated emails and deepfake technology, phishing attempts will become more convincing and harder to detect.  

Darren agrees and has elaborated on this further in this article. 

Conclusion 

The cyber threat landscape in 2025 will be marked by increased sophistication and complexity. Organisations must stay vigilant, adopt advanced security measures, and continuously update their defences to protect against these emerging threats. By understanding and preparing for these challenges, they can better safeguard their assets and maintain resilience in the face of evolving cyber risks. 

Related Insights