The cybersecurity landscape is evolving rapidly, with 2025 poised to bring a new level of complexity to digital threats. Organisations must adapt to these changes by strengthening their defences against increasingly sophisticated tactics employed by cybercriminals. Okta’s latest predictions, shared by Brett Winterford, Regional Chief Security Officer for Asia Pacific & Japan, alongside Tim Peel and Moussa Diallo, highlight the most pressing challenges on the horizon. From advanced phishing kits to manipulating business processes, these insights provide organisations with a roadmap for fortifying their systems and ensuring resilience in an ever-changing digital world.
A cohesive cybersecurity strategy demands more than isolated solutions. As threats grow more interconnected, organisations must adopt a unified approach that combines advanced technology, rigorous processes, and a culture of awareness. The following sections explore the key challenges and how they interlink to shape the cybersecurity narrative for 2025.
Phishing evolves into a complex threat
Phishing remains one of the most enduring and adaptable cyber threats, and its evolution is far from over. Okta predicts that by 2025, phishing kits will be capable of bypassing traditional defences, such as geographic flags and behavioural analysis, with alarming ease. These kits will enable attackers to convincingly replicate user activities, making it more challenging than ever for organisations to identify malicious behaviour.
The impact of these advancements is significant. Cybercriminals are no longer limited to basic deception tactics. Instead, they can execute highly targeted attacks that exploit weak links in an organisation’s identity verification processes. These developments demand the adoption of phishing-resistant authentication technologies, including biometric security and advanced multi-factor authentication (MFA). Such measures ensure access is granted only to verified users, creating an effective barrier against unauthorised access.
While technological solutions are essential, phishing thrives on human vulnerabilities. Attackers exploit emotions like urgency and fear to trick employees into making mistakes. Addressing this aspect requires a shift in focusโfrom purely technical fixes to educating employees on how to recognise and respond to phishing attempts. Awareness campaigns must evolve in tandem with phishing tactics, keeping employees informed and vigilant.
Phishing attacks are often the starting point for broader exploits, including downgrade attacks. Once attackers gain initial access, they may manipulate users into disabling key security features, creating vulnerabilities that can be further exploited. This highlights the interconnected nature of threats and the importance of holistic defences.
Device-based attacks rise in prominence
As phishing defences improve, attackers are also increasingly focusing on devices, recognising them as a critical weak point. Laptops, smartphones, and other personal devices are often less secure than corporate networks, making them attractive targets for cybercriminals. By compromising a single device, attackers can gain access to sensitive organisational systems, bypassing even the most robust network defences.
Device-based attacks are becoming more sophisticated, with malware and spyware designed to steal credentials, track user activity, and infiltrate networks. The increasing reliance on remote and hybrid work further amplifies this risk, as personal devices often serve as access points to corporate systems. Organisations must recognise this shifting threat and adapt their strategies accordingly.
Endpoint detection and response (EDR) systems offer a powerful defence against device-based attacks. These solutions provide real-time monitoring and rapid response capabilities, allowing organisations to detect and neutralise threats before they escalate. Combined with strict device trust policiesโsuch as mandating encryption, regular updates, and access controlsโEDR systems form the backbone of device security.
Device-based attacks, too, are often accompanied by social engineering techniques, such as downgrade attacks. For instance, an attacker might trick a user into temporarily disabling MFA to allow a malicious device to connect. This underscores the need for constant vigilance and a layered approach to security.
Business processes as the next frontier
Another area in which cybercriminals are targeting an often-overlooked vulnerability is business processes. These attacks rely on social engineering to exploit procedural gaps, bypassing technical security measures and manipulating human behaviour. This trend reflects a deeper understanding of organisational workflows and an ability to exploit them for malicious gain.
Business process attacks often start subtly, with attackers gathering information over time. They might impersonate employees or partners during IT support calls, extracting sensitive details about internal systems and workflows. This intelligence allows them to craft highly convincing impersonation attempts, bypassing security measures that rely on human trust.
Organisations must reinforce their processes with robust identity verification protocols to counter these threats. For instance, requiring multiple layers of verification during critical workflows can significantly reduce the risk of unauthorised access. Embedding security into everyday processes ensures that even routine interactions are protected against manipulation.
Generative AI compounds the risk to business processes. Deepfake technologies can create convincing impersonations of senior executives, tricking employees into transferring funds or sharing sensitive information. Organisations must develop protocols for verifying authenticity in communications, such as using code words or multi-channel verification for high-stakes transactions.
Generative AI as the next cybersecurity frontier
Generative AI (GenAI) is transforming industries with its innovative capabilities, but it also introduces unprecedented challenges for cybersecurity teams. In 2024, we witnessed the rise of scams leveraging deepfake videos of C-suite executives to deceive employees into transferring funds or disclosing sensitive information. By 2025, these threats are expected to escalate, with real-time audio and video deepfakes becoming increasingly sophisticated and harder to detect.
The implications of GenAI in cybercrime are vast. Attackers can now create highly convincing phishing emails, fake customer support interactions, and real-time impersonations of trusted individuals. This evolution in attack vectors demands that organisations rethink their defences, particularly around verifying identities in critical communications and transactions.
To mitigate the risks posed by GenAI, organisations must evolve their business processes. Implementing methods such as code words, safe phrases, or multi-channel verification for critical requests can help confirm authenticity and prevent fraudulent actions. Additionally, organisations should establish a culture of empowerment, where employees feel comfortable questioning unusual or unreasonable requests, even if they appear to come from senior leaders.
Beyond procedural changes, technology can play a role in combating GenAI threats. Advanced tools capable of detecting deepfakes and analysing anomalies in voice or video patterns are becoming essential for identifying impersonation attempts. By integrating these tools into their security strategy, organisations can stay ahead of this rapidly evolving threat.
Comprehensive training as the foundation of resilience
Training is not an afterthought but the foundation for all other cybersecurity measures. As threats evolve, so must the knowledge and preparedness of an organisation’s workforce. Comprehensive training programmes are essential for equipping employees with the skills to navigate an increasingly complex threat landscape.
Effective training goes beyond traditional awareness campaigns. It includes regular simulations, scenario-based learning, and tailored sessions for different roles within the organisation. For instance, IT teams require in-depth technical knowledge, while non-technical staff need practical guidance on recognising phishing attempts, securing devices, and identifying social engineering tactics.
Continuous learning is key. Cyber threats do not remain static, and neither should training. Programmes must be updated regularly to reflect the latest developments in cybercrime, ensuring that employees are always prepared to respond effectively. By embedding training into organisational culture, businesses can foster a sense of shared responsibility for security.
Training is especially critical in combating threats like downgrade attacks and generative AI-enabled scams. Employees must learn to verify unusual requests, recognise deepfakes, and avoid disabling security measures under pressure. A trained workforce becomes a proactive line of defence, complementing technological safeguards.
Proactive cybersecurity for a complex future
The interconnected nature of modern cyber threats demands an equally integrated approach to defence. Okta’s predictions for 2025 highlight the importance of viewing cybersecurity as a multi-faceted challenge, where technology, processes, and people must work harmoniously. By addressing the evolving tactics of cybercriminals and investing in comprehensive solutions, organisations can build the resilience needed to thrive in an increasingly digital world.
Proactive strategies are essential, including adopting advanced authentication methods, robust device security, and process-focused defences. However, the true cornerstone of an effective cybersecurity strategy lies in empowering employees through training and education. By fostering a culture of awareness and shared responsibility, organisations can ensure that every individual contributes to the overall security posture.
As cyber threats continue to evolve, organisations that remain agile, adaptive, and forward-thinking will be best positioned to meet the challenges ahead. With the right mix of technology, processes, and training, businesses can safeguard their operations, protect their data, and maintain the trust of their stakeholders in an increasingly complex digital age.
