Listen to the Article
As our digital world keeps evolving, so do the issues it brings. From remote work and self-driving cars, we are increasingly relying on big data systems and new technologies. This means we also need better ways to respond to cyber threats and stop them in their tracks. However, because the line between our digital and real lives is now blurred, our cybersecurity strategies must also adapt to this shift. New technologies, such as AI, blockchain, and 5G, continue to alter the way we work, learn, and spend our free time. But with these changes come new risks. The need to stop cyber threats has never been greater.
The KPMG 2024 Global CEO Outlook report has already demonstrated that stopping cyber threats is a must for most companies. According to this report, CEOs say this has been the most important threat to businesses over the last decade. The sixth Cybersecurity Considerations Report by KPMG also emphasizes how important these threats are and how Chief Information Security Officers (CISOs) can deal with them. It points out things CISOs must look at in 2025 if they want to lower the risk level, and help their companies grow. In this piece, we will explore five important cybersecurity threats to watch for in mid-2025.
Social Engineering: Using People’s Weaknesses
Social engineering is still one of the most important cyber threats, and it shows that people can be used as a tool to hack computer systems. By simply manipulating human psychology, hackers can defeat even the best security systems. One of the most common social engineering strategies is phishing. This is a type of social engineering attack where scammers design a fake website, email, or text message, use it pretending to be a person or institution the victim trusts, and convince the victim to give away info or money.
According to NPR, Departments of Motor Vehicles (DMVs) across America have recently reported a major increase in fake text messages. Texts received by people in New York, Florida, and California warned them they have unpaid fines for various traffic violations. These were used to inform the victims that, if they did not pay right away, they would lose their licenses. While the texts seemed real, however, they were anything but – in fact, they were part of a new type of scam.
The DMV scam shows how hackers can use social engineering tricks like phishing to steal the victims’ money. Moreover, scammers can now use new technologies to improve their strategy, using deepfake elements and AI-generated language to make the scam seem real.
AI-powered Cyberattacks: Using AI as a Tool to Attack People and Companies
AI-powered technologies are also used by hackers to improve their cyberattacks. Bot-attackers can rapidly find weak spots in a system, and they can also create new ways to exploit that weakness in real-time.
AI can also be used to create fake emails and fake personas, and even to edit voice or video pieces to deceive victims. Moreover, these new technologies can also learn by doing, and adapt their strategies in time, making it harder for CISOs to maintain security. To fight back, companies will probably need to invest in new AI tools that can effectively detect anomalies, predict attack patterns, and respond. This proactive strategy involves a shift from a reactive approach to a dynamic plan.
Ransomware: Evolving with Double Extortion
Ransomware continues to hurt people and companies around the world, and it’s becoming more sophisticated. In the past, ransomware would simply lock an organization’s data and hackers would demand money to restore the rightful owners’ access. Nowadays, hackers are employing a technique called “double extortion” – they steal the data before encrypting it and warn companies they will leak it unless payments are made.
The fact that these attacks are evolving has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to provide people with the resources needed “to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.”
Supply Chain Problems: The Weakest Link
Most companies work in an interconnected environment, using many outside resources to do business. While this approach is rapid and effective, it also comes with important security risks. Hackers are now looking more at supply chains, using their weaker parts to gain access to otherwise well-protected systems.
According to J.P. Morgan, supply chain vulnerabilities can lead to data leaks, service interruptions, and long-term reputational damage. Companies should put in place strict rules for watching and checking outside collaborators, making sure all partners meet the minimum cybersecurity requirements.
Deepfake Technology: Fake Media Threats Are on the Rise
One of the most important issues that has emerged during the past few years is deepfake technology – AI-generated content that mimics the look of real people, sounds like them, and acts like them. This technology has evolved at a rapid pace. There were 550% more deepfakes in 2023 compared to 2019, according to Security Hero, while DeepMedia shows that people around the world have shared 500,000 deepfake videos and clips on social media in 2023. By 2025, this number is expected to reach 8 million.
Deepfakes are already being used to create false stories, manipulate public opinion, and impersonate public figures. The University of San Diego provides the perfect example – “a recent fake photo of a superstar endorsing a politician, after which the superstar clarified and endorsed a different candidate.” It becomes apparent that deepfakes are now easier to make, thanks to new technologies and access to data. This makes it hard for CISOs to protect companies and employees against disinformation and manipulation.
In business, deepfakes are used for fraudulent wire transfers, fake CEO directives, and manipulated communications that can hurt the company in question. To stop this, CISOs will need to stay up to date with new technologies, teach staff how to spot fake content and implement effective media verification protocols.
Conclusion: Embracing a Holistic Approach to Security
As we’re getting closer to mid-2025, it’s becoming clear that the line between the physical and virtual worlds is rapidly dissolving. Effective cyberattacks now have important consequences in real life – disrupting work and causing economic damage and even loss of life, particularly when critical infrastructure is targeted, such as hospitals or power grids.
Companies should stop thinking of cybersecurity as a purely digital concern. Physical breaches can lead to virtual vulnerabilities and vice versa. Embracing a holistic approach and understanding the threats listed above is vital. Bobby Soni, Global Technology Consulting Leader at KPMG International, explains that “to stay ahead, businesses must be proactive — not reactive — to safeguard their digital assets, ensure compliance, and foster an environment where innovation can thrive securely.”
