2025 cybersecurity expert predictions: AI, IoT, ZTA and more

Every year seems to be less predictable than the last, but there are some cybersecurity trends that never fade. They either weaken or grow stronger. In 2025, some of the trends that are likely to grow aren’t the ones anybody wants to see accelerate. MSPs and cybersecurity professionals will need to adapt their tools and best practices to deal with them.

And then there are those things that might not have received as much publicity in 2024 but could emerge as major factors in the year to come. In this post, three Acronis experts offer their cybersecurity predictions for 2025.

Acronis President Gaidar Magdanurov, along with Alexander Ivanyuk, Technology Director, Research and Development, and Stephen Nichols, Director of Solution Engineering Sales, deliver their crystal-ball visions for the year to come. Some of these predictions, roughly organized from least to most surprising, will feel familiar, albeit with a few disturbing new developments. Others might not. But they’re all worth consideration.

These cybersecurity predictions might not be particularly surprising, but it’s worth noting that some of the familiar cybersecurity problems of the last few years are actually going to get worse, not better. The first problem is as familiar as it is dangerous and hard to control, and it’s not finished evolving.

No, ransomware’s not going away. It’s getting worse. The pace of ransomware attacks increased in 2024 and will likely do the same in 2025. AI is making ransomware attacks more potent and believable, and Alexander Ivanyuk predicts it’ll be the most problematic form of cyberattack in 2025.

But, he adds, the old menace could have some new wrinkles: “In 2025, we might see new forms of ransomware that don't just encrypt data but also target cloud backups, rendering recovery impossible unless robust countermeasures are in place,” Ivanyuk says. “Another threat in ransomware is double extortion — where attackers demand a ransom not only for decrypting files, but also to prevent the public release of sensitive data.”

Stephen Nichols notes that ransomware isn’t necessarily even about money anymore. Some attackers have begun to use it just to cause trouble. “One emerging trend is the use of ransomware tools to demand not so much payment but some other type of action from the victim, or simply to expose information, or even to create chaos,” he says. As if MSPs need more chaos.

So, what can MSPs do to combat a familiar threat with unfamiliar twists? “Moving forward, businesses will need to invest in solutions like endpoint detection and response (EDR) or extended detection and response (XDR), which enables continuous monitoring and fast incident response,” Ivanyuk says. “Similarly, cyber resilience strategies designed to ensure rapid recovery from attacks will be essential​.”

Generative AI isn’t an old technology, but it’s already a familiar threat to MSPs. Cyberattackers have used it to clean up their grammar and punctuation to make phishing emails more convincing, and in 2025, they’ll continue taking AI in dangerous new directions.

“Cyberattackers have developed lots of tools for automatic vulnerability research and testing, content generation for phishing emails and websites, and data analysis from public sources to tailor social-engineering attacks targeting individuals and companies,” Gaidar Magdanurov says. “At this time, any public information about any person that can be discovered online can be used for cyberattacks.”

And attackers are hitting every platform they can find, Nichols adds. “They’re launching identity and phishing attacks using AI and targeting social media, messaging, and email,” he says.”

And let’s not forget deepfakes, an already familiar attack vector that cybercriminals can use to trick an employee into thinking the boss is calling and asking for a huge transfer of funds, user login data or critical business information.  

But just as cyberattackers can use AI to launch threats, MSPs can fight back with AI-based solutions of their own. MSPs need to be proactive and use solutions that incorporate AI and machine learning (ML) to better manage alerts and information to predict attacks, Nichols said. And Magdanurov adds that a bit of make believe — or, at least something that’s not discoverable online — might help protect users from AI-based threats.

Security questions used to validate users often pose such queries as, “What was the make of your first car?” or “Where did you go to elementary school?” Unfortunately, facts of that nature aren’t that hard to find online. Many users willingly answer viral questions on social media, some of which come from would-be attackers, with personal details. In other cases, personal information ends up online, often shared by friends or colleagues. Users need to stop offering easily discoverable information about themselves in response to security queries. Entirely fictitious answers might be a better idea.

“It is time for people to use ‘fake personas’ for security questions related to their personal lives and experiences, something that attackers can’t get from their social media accounts,” Magdanurov says.

Ransomware and AI might seem like yesterday’s news, but with the rapid development of cyberattacks that employ both, they definitely are not. Still, some threats in 2025 will seem relatively new by comparison.

There’s nothing new about the concept of the internet of things, or IoT, which has filled technology predictions in one way or another for more than a decade. But Acronis experts predict that 2025 will be the year when IoT will finally become the threat vector many observers have feared for years that it could be.

“IoT devices continue to penetrate every area of our lives,” Magdanurov says. “All those devices connect to our networks and quite often are not very secure. Software for those devices is rarely updated and opens an opportunity for attackers to discover and leverage vulnerabilities in IoT devices to penetrate networks and collect information about individuals and companies.”

Yes, IoT-based threats have been coming for a long time, but now they are here in a way businesses haven’t had to deal with previously. A remote worker’s thermostat could be an attack vector. That development massively expands the notion of endpoint management. And it adds a new layer of complexity to cybersecurity defenses.

“Moving forward, businesses will need to ensure that IoT devices are properly secured through firmware updates, segmentation and access controls​,” Ivanyuk says.

Not everything that’s on the radar for 2025 is an attack or a facilitator of one. Zero trust architecture, or ZTA, will emerge as a standard method of user authentication, Acronis experts say. In ZTA, no user or device is trusted by default, even inside the network. Ivanyuk says businesses will invest in identity and access management (IAM) systems as ZTA adoption accelerates.

“Traditional, perimeter-based security is being abandoned in favor of zero trust architecture,” Magdanurov says. “Organizations of various sizes will implement comprehensive identity verification and access management systems that continuously verify every user and device, regardless of location. Security based on user behavior analysis will become a necessity, and the automation of revoking access based on suspicious behavior will allow the prevention of data exfiltration and malware deployment from compromised accounts.”

Users have long been able to sign into devices and accounts with their faces, fingerprints or even voices. However, IT gatekeepers haven’t always liked biometrics, frequently banning physical authentication in corporate settings. Magdanurov says 2025 is the year biometrics take over.

“Biometric authentication will become a primary method of authentication for most users,” he says. “Even though biometrics are often not recommended and even disabled by corporate IT departments, users rely more and more on biometrics while accessing their phones, and phones are serving as a second-factor authentication.”

More than just convenient, biometrics are almost inevitable, Magdanurov says. MPSs and IT leaders need to be ready.

“The technology for biometrics has become so advanced that for many users, fingerprints and facial recognition have become the default method of accessing their computers and phones,” he says. “Directly or indirectly, biometrics will become the biggest influence on the authentication of business users.”

Some emerging technology or threat seems to mark every year. And for 2025, there are two candidates for emerging trends that will make the year memorable.

ARM stands for Advanced RISC Machine, but the important thing to understand is that, according to its creators, ARM “specifies a set of rules that dictate how the hardware works when a particular instruction is executed. It is a contract between the hardware and the software, defining how they interact with one another.”

What’s even more important to know is that ARM-based processors will increase in popularity in 2025, as Ivanyuk notes. “The possibility of ARM-based malware is a growing concern for 2025,” he says. “As manufacturers like Apple and Microsoft increasingly adopt ARM silicon for their flagship devices, attackers will begin experimenting with ARM-specific malware designed to exploit weaknesses in the Windows on ARM (WoA) ecosystem. While ARM processors offer benefits in terms of power, efficiency and performance, security vendors are still catching up in fully supporting ARM-based platforms.”

So, can cyberattackers reach out and grab the ARM architecture? “One critical threat is the creation of customized ARM malware that exploits vulnerabilities unique to ARM chipsets,” Ivanyuk says. “For example, cross-platform malware that operates on both ARM and x86 architectures could provide attackers with a broader attack surface, especially if users are switching between ARM-based mobile devices and traditional PCs. ARM-based firmware attacks could also allow attackers to compromise a device at a low level, bypassing many of the security protections found in modern operating systems.”

Again, endpoint protection using EDR and XDR will be critical to combatting yet another threat that targets devices.

Quantum computing is a topic far too large and complex for a predictions blog post, but it’s worth mentioning in any discussion of cybersecurity in 2025. Essentially, quantum computing could make today’s encryption methods borderline obsolete.

“Quantum computing threatens to break existing encryption methods,” Ivanyuk explains. “Current encryption algorithms, such as RSA, are vulnerable to quantum computing attacks, which can perform calculations exponentially faster than classical computers. Businesses in 2025 will need to explore quantum-resistant cryptography to safeguard sensitive data​.”

Organizations are responding, Magdanurov notes, but not without hassle and complexity. “More companies are implementing quantum-resistant algorithms, and that drives the adoption of new security tools and upgrades of the existing tools,” he says. “Organizations that store encrypted archives have to review the security of the archives and implement procedures to enhance the encryption of data from the past, given that in the near future, encryption may become vulnerable for quantum-computer-driven attacks.”

Most years, unpredictability is the only sure thing in terms of cybersecurity. But MSPs need to be ready for the threats most likely to affect them and their clients in the years to come. One effective way to guard against threats is to deploy a natively integrated solution that includes cybersecurity, data protection and endpoint management, among other capabilities.

The turning of the year is as good a time as any for MSPs to reevaluate both their cybersecurity offerings and how they manage their operations. It’s critical for MSPs to be ready for just about anything.