Sophos, a cybersecurity solutions company, has released its cybersecurity predictions for 2025, highlighting critical trends, emerging trends, and issues such as vulnerabilities in artificial intelligence systems, the persistence of ransomware, and new attacker tactics.

According to Sophos, ransomware remains a significant threat, with the education and healthcare sectors particularly vulnerable. Limited cybersecurity budgets, reliance on legacy systems, and the handling of sensitive personal data make these sectors attractive targets for cybercriminals. Sophos warns that without a proactive approach, these industries will continue to face escalating risks.

Artificial intelligence is both a revolutionary tool and a potential vulnerability, says Sophos. Christopher Budd, Director of Sophos X-Ops, highlights the growing concern, stating, "Microsoft has been issuing patches for AI products over the past year, and attackers can use large language models (LLMs) to deploy malware such as trojans. In the next year, AI users and security professionals will need to figure out the best way to patch these vulnerabilities, safeguard against malware, and protect against the eventual attacks that inevitably follow." As generative AI tools become more prevalent, their misuse for phishing, malware creation, and scam campaigns increases, adding complexity to the cybersecurity landscape, further adds Sophos.

Nation-state groups, once focused on enterprise-level targets, are now exploiting vulnerabilities in edge devices to broaden their reach, states Sophos. Chester Wisniewski, Global Field CTO at Sophos, points out that these attackers are leveraging the shift in corporate security practices: "As organisations implement more advanced endpoint security tools and deploy multi-factor authentication (MFA), attackers are increasingly targeting cloud environments. This is in part because companies are less likely to use MFA with their cloud access tokens. This also means that, where passwords used to be the prize for an attacker, now they're looking for cloud assets and authentication tokens to gain footholds."

These evolving tactics, combined with distraction strategies that overwhelm incident response teams, have become a hallmark of modern cyberattacks, says Sophos. Additionally, supply chain vulnerabilities remain a prime target, with attacks on third-party software providers creating cascading effects across industries.

Sophos also underscored the importance of following proactive measures in the following ways: Prioritising software patching, strengthening MFA implementation, enhancing cloud security practices, training employees to report anything suspicious, and investing in Managed Detection and Response (MDR) services for robust defences.