I know what you’re thinking.
Yet another article telling you what’s on the rise? I get it. But stick with me. This one’s worth your time.
Things really seem to be moving pretty fast in the world of cybersecurity. Cyber warfare is emerging as a new geopolitical battleground. Artificial Intelligence (AI) is raising the stakes on the table even more. Cybersleuths are getting more sophisticated tools at their disposal. Governments across the globe are increasing their scrutiny and tightening the laws around cybersecurity, forcing companies to act fast.
But worry not, this is not a dystopian rabbithole. Instead, it’s a call to Aux armes, citoyens! Staying vigilant and being aware of the danger are the first steps in the fight to survival. In this article, we will look at the state of cybersecurity in 2025.
Table of Contents
The Battle Against AI
AI seems to be an ubiquitous buzzword these days, creeping into every news article and headline. Unfortunately, this article would be glaringly incomplete without talking about the AI threat. A shockingly high 45% of cybersecurity professionals feel that they are ill-equipped to handle the AI threat. There are myriad different ways in which attackers are utilising AI to target vulnerable networks and systems. Let’s take a look.
1. Optimised Attacks
Everyone on the face of the earth is now well aware of the increasing proficiency of Large Language Models (LLMs) or, as the layman might say, tools like ChatGPT. Apart from spinning out elaborate work emails and summarising reports, these tools can be used for more malevolent means like writing convincing phishing emails (adios Nigerian Prince), bypassing security filters and using AI chatbots gone wild. LLMs have truly gone mainstream and are being put to many creative uses. But cybercriminals have joined the party as well to up their game. So the next time you receive a rather convincing but suspicious email, do not be surprised.
2. Autonomous Malware
AI is good at a lot of things. Turns out, it’s great at coding. People who haven’t written a line of code in their lives can now conjure nifty tools that function well. Called vibecoding by the nerds, AI can now build simple to complex tools that assist with very specific tasks, like analysing your Google Calendar to plan your day or looking at your physique (through an uploaded image) to suggest the right workout. While neophytes like us are having fun, imagine what carnage expert cybercriminals can cause with such advanced tools. They can build innocuous-looking tools loaded with malware and seemingly harmless websites that can steal your data in a matter of hours, if not minutes.
3. Faster Recon
Reconnaissance is a major part of a cyber attacker’s workflow. They have to go through huge swathes of log activity and data to identify vulnerabilities and spot potential targets. AI can hasten this process due to its proficiency in data analysis. LLMs are masters of quickly analysing large chunks of data and identifying trends with such speed and efficiency that a human mind is incapable of.
Expanding Attack Surfaces
Not only are the attackers getting better weapons, but the battlefield itself is also getting bigger. Certain trends at the workplace are opening up new avenues for malicious actors to exploit. The increasing adoption of cloud computing has generated cost savings and made scaling up easier for companies. However, they are also fraught with multiple risks.
A poorly secured cloud API (Application Programming Interface) could be a ripe target for data exfiltration. Misconfigured settings (for instance, exposed S3 buckets) could also be a point of attack, as well. The increasing deployment of IoT (Internet of Things) devices has also proved to be problematic for cybersecurity professionals, adding to their workload. Many IoT devices are usually shipped with hardcoded passwords or unpatched firmware. They also produce no logs, so it becomes difficult to track user activity, and they lack built-in safeguards because their primary focus is connectivity rather than security.
Finally, while the trend of remote work has improved work-life balance, it has also exposed sensitive corporate data to unsecure home networks. Employees who work from home seldom have state-of-the-art security measures. Additionally, the usage of personal cloud storage and third-party communication apps by employees outside the purview of the official network can also lead to data leakage. All these trends of the workplace have cumulatively increased the vulnerability of sensitive data.
The Skills Gap
The industry is also battling a skills crisis. As per an AFR report, the cybersecurity industry in Australia needs to add 5000 skilled professionals every year just to avoid a massive shortfall. By increasing enrolments into cybersecurity programs, such as the Master of Cyber Security, we’ll have more cybersecurity graduates and advanced professionals joining to workforce to combat cybercrimes.
Regulatory Pressures
Red tape is coming! Policymakers and governments across the globe are tightening the scew around privacy and data laws. For a field centred around protecting the same, cybersecurity professionals will have to work on adapting their processes and workflows to match the changing legal requirements.
In Australia, the Australian Signals Directorate (ASD) and the Office of the Australian Information Commissioner (OAIC) are getting more active in their approach. This would translate into more stringent security measures, regular risk assessments, increased accountability and more government oversight. Cybersecurity professionals will be an integral cog in the larger scheme of things, ensuring that companies stay ahead of the curve to avoid litigation and fines.
Geopolitical Dimensions
Cyberwarfare has become another pawn in the global game of geopolitical chess. While there are obvious use cases in espionage, state-sponsored cyberattacks are also gathering momentum. These are devised to disrupt critical infrastructure and damage operations. A good example would be Stuxnet, a malware used to cause damage to the computer-controlled nuclear centrifuges based in Iran.
AI-generated content could also soon proliferate our social media feeds, with the intent of spreading misinformation and chaos in a particular country or region. We could soon start seeing governments across the globe be more vigilant and employ defensive measures to blunt such attacks. This would also increase the demand for local cybersecurity talent.
Change is the only constant in the world of cybersecurity at the moment. Rapidly evolving AI models are making all predictions redundant. While AI has beefed up the defence of sensitive data, it has also empowered cyberattackers with sophisticated tools. Increasing deployment of IoT devices, remote work teams and cloud computing has increased the risk profile of vulnerable individuals and companies. Regulatory pressure and surveillance activity are set to rise. Cyberwarfare has also cemented itself as a powerful geopolitical tool. The promising job prospects for future professionals offer a silver lining.
