Cybersecurity Experts Predict Major Shifts in Network Security and AI Landscape for 2025

Top 8 Key Trends That Will Define Network Security in 2025

As we look ahead to 2025, one thing is clear: the digital landscape is evolving quickly, and it's creating new cybersecurity challenges for businesses globally. From the growing speed, scale and sophistication of cyberattacks to the changing nature of how we work and connect, the future of network security depends on a holistic approach that integrates advanced AI technologies and seamless user experience. In fact, Palo Alto Networks 2025 Cybersecurity and AI Predictions showcase how we're at a pivotal moment in the evolution of enterprise security practices. One of the standout predictions we made was that 2025 will be the year enterprises will widely adopt a secure browser. This trend is not only an inevitability, it's a necessity. While secure browsers will see a huge increase in adoption in the year ahead, they represent only one piece of the puzzle.

8 Trends Reshaping Network Security in 2025

As we look ahead to 2025, one thing is clear: the digital landscape is evolving quickly, and it's creating new cybersecurity challenges for businesses globally. From the growing speed, scale and sophistication of cyberattacks to the changing nature of how we work and connect, the future of network security depends on a holistic approach that integrates advanced AI technologies and seamless user experience.In fact, Palo Alto Networks 2025 Cybersecurity and AI Predictions showcase how we're at a pivotal moment in the evolution of enterprise security practices. One of the standout predictions we made was that 2025 will be the year enterprises will widely adopt a secure browser. This trend is not only an inevitability, it's a necessity. While secure browsers will see a huge increase in adoption in the year ahead, they represent only one piece of the puzzle.Eight Network Security Trends We Think Will Redefine Organizations' Approach to Cybersecurity in 2025:1. The Rise of the Secure BrowserAs more work is done through the browser and data breaches increasingly originate from browser vulnerabilities, securing this gateway to the digital world is now non-negotiable. We're no longer living in an era where employees access business applications solely through desktops located primarily in an office. With the proliferation of remote work, BYOD (bring your own device) and the ever-growing reliance on cloud services, it's more critical than ever that organizations provide workers with secure access to the digital tools needed to get their work done, regardless of location, device or application. Secure browsers not only safeguard against attacks but also prevent accidental and intentional leakage of sensitive data, yet can be as easy to use as consumer browsers. As this technology becomes widely adopted, it will fundamentally reshape how organizations approach browser security, marking the start of a new era in secure digital transformation.2. As Nation-States Increase Attacks on Infrastructure, Governments Will Invest in Smart and Secure Infrastructure TechnologyWe expect governments will invest in modernized and secure systems, especially as nation-state attacks on critical infrastructure increase. This effort goes beyond replacing outdated technology and focuses on deploying smart technologies while securing both legacy and new infrastructure to meet the needs of a digitally connected world.Governments are also prioritizing investments in 5G technology to enable smart cities. These advancements will drive innovation in transportation, energy and public services, supporting the transition to smarter infrastructure. However, the challenges are significant. For instance, 66% of transportation organizations have been affected by ransomware attacks, and 77% of the government and other public sector organizations lack complete visibility over all their IoT devices. These gaps expose critical systems to risks, such as physical damage, data theft and service interruptions. This highlights the urgent need for comprehensive security measures.Many critical environments, including industrial sites and remote facilities, face unique challenges in securing infrastructure. Ruggedized NGFWs are an essential solution for these settings, providing reliable security in places where traditional equipment may fail. With increasing threats and the complexity of securing IoT and OT devices, a robust approach to visibility and protection is essential.We believe governments will focus on building integrated security solutions that protect both legacy systems and new technologies. By leveraging AI-driven tools for real-time discovery, monitoring and protection of IoT and OT devices, these investments will ensure critical systems remain secure while supporting the digital transformation of public infrastructure. These efforts will help keep essential services running while offering citizens the safety and confidence they expect.3. Attackers Will Leverage Post-Quantum Cryptography (PQCs) to Evade Security DefensesThe security controls that are intended to protect against future quantum attacks (PQCs) have created an opportunity for attackers to take advantage of security solutions that don't support or haven't been upgraded to identify and block traffic encrypted with PQCs. For example, the Google Chrome browser now supports PQCs by default. The unintended consequence of this is that we'll see an increase in PQC attacks, embedded in the web traffic that is encrypted now by default. This will affect cybersecurity because many network security products are unable to inspect PQC traffic, and attackers will take advantage of this to hide attacks inside of post-quantum encryption. To combat this, enterprises will need visibility into where these algorithms are being used and ensure they are able to decrypt and inspect all data flowing through their enterprise networks. The good news is that the technology exists, like the Strata Network Security Platform, to identify, block and decrypt PQCs. 4. Attacks Will Increasingly use Multiple Techniques for a Successful Breach, Requiring Security Services to Work Together as Part of a PlatformGone are the days of attacks hitting a single product or vulnerability. In 2025, one of the most alarming trends in cybersecurity will be the increasing use of multivector attacks and multistage approaches. How does it work? Cybercriminals leverage a combination of tactics, techniques and procedures (TTPs), hitting across multiple areas at once to breach defenses. We'll see an increase in sophistication and evasion from web-based attacks, file-based attacks, DNS-based attacks and ransomware attacks, which will make it more difficult for traditional, siloed security tools to effectively defend against modern threats. Preventing these attacks will require multiple security services to work together as part of an integrated platform to stop every attack along the cyber kill chain. For example, our Cloud-Delivered Security Services (CDSS) powered by Precision AI can prevent the latest and most advanced threats in real-time, with protections built into our Network Security Platform and delivered automatically. By protecting at multiple points in the cyber kill chain, companies can thwart the attack, providing defense-in-depth to address the full spectrum of threat vectors. In 2025 and beyond, only security solutions with global visibility into the attack patterns across network, cloud and endpoints will offer the most effective protection. 5. AI in Security Will Allow Organizations to Chip Away at the Cybersecurity Skills GapAs cyberthreats become more sophisticated and widespread, the demand for skilled cybersecurity professionals continues to outpace the supply. But, there are bright skies ahead as AI-powered copilots fill in the gaps as intelligent assistants designed to support cybersecurity professionals in their daily tasks. If 2024 was the year when every security vendor introduced a copilot, 2025 will be the year of widespread adoption as customers understand the full extent of their power. Using our copilots, cybersecurity experts can harness knowledge at their fingertips, gain instant access to insights and benefit from guided automation. In the future, the life of the cybersecurity professional will get even easier, thanks to copilots' ability to automate repetitive tasks, sift through huge amounts of data, and give more insightful answers and analysis. This is a huge deal as the cybersecurity skills gap has long been a challenge to enterprises globally. When every cybersecurity professional is armed with a highly capable, AI-powered assistant (like our free Strata Copilot), cybersecurity professionals will be empowered to work smarter, not harder. 6. 2025 will be an Inflection Point Year, as Companies Will Double Their Interest and Deployment of Single Vendor Secure Access Service Edge (SASE)No longer confined to the office, workers need secure, high-performance access to critical business technologies. From the home office, to the local coffee shop, to the beach, they need to get their work done no matter where they are, and no matter what device they use. To adapt to the next frontier of work, companies will need to do more to protect sensitive workloads and data, while ensuring worker productivity. This is why in 2025, we'll see the widespread adoption of single-vendor SASE solutions. Because workers will demand the same experience they get from consumer applications, the security solution of choice will need to help, not hinder, productivity. This includes ensuring that users experience minimal latency and downtime, even when accessing cloud-based applications from remote locations. With a cybersecurity vendor like Palo Alto Networks, your workforce can access SaaS apps up to 5x faster than they would directly over the internet, so you don't have to make a choice between security and performance. The future of work demands flexibility, and single-vendor SASE solutions are poised to provide the agility and security that enterprises need to thrive in an increasingly distributed workforce. And a comprehensive SASE solution should include a secure browser natively! 7. AI Will be Infused in Every Major Business Application, Leading to a Rise in AI-Specific AttacksWe anticipate the number of AI Apps will increase by 3-5x in the next 12-24 months. As companies eagerly bring these technologies onboard, they may overlook key issues in data collection methods, governance and AI-specific security needs. Anticipating weaknesses, attackers will step up their attacks against new components, such as LLMs, and training and inferencing data. This has the potential to create security incidents, compliance and legal issues in the coming year. At the end of the day, it's about protecting your sensitive data. But the question is how? The only way to protect against all these AI-specific threats is through comprehensive, AI-powered solutions. You can enable AI with AI, by using AI Access Security, which ensures that employees can securely access GenAI applications. AI Security Posture Management (SPM) identifies risks in your AI supply chain, including configuration issues and ways you might be exposing your sensitive data. AI Runtime Security ensures your applications, data and models are protected from AI-specific threats. In 2025, the companies that are securely adopting AI will separate themselves from the pack. 8. AI Will Make Phishing Emails Indistinguishable from Legitimate OnesIn 2025, user-targeted techniques, like phishing emails, will become more successful, thanks to bad actors' adoption of generative AI (GenAI) to craft better and more convincing attacks. We're already seeing a 30% increase in successful phishing attempts when emails are written or rewritten by GenAI. Mere humans, like ourselves, will become even less reliable as a last line of defense and enterprises will rely on advanced, AI-powered security protections to defend against these sophisticated attacks. While companies today rely on antiphishing technologies, such as URL filtering (AURL) at the network level, more companies will enhance their protection with secure browsers as a first line of defense against these attacks. Pair this with an AI-powered single vendor SASE solution that offers advanced, cloud-delivered security services and your company will be ready to prevent the latest and most advanced threats in real-time. The best part? With Palo Alto Networks, these protections are built into our SASE solution and delivered automatically. And with us, you don't need to cobble together point products. All these innovations are natively integrated into one comprehensive SASE solution, across every user, device and app. Preparing for the Future of Network SecurityThe future of network security is an exciting one, but it also comes with its challenges. As 2025 approaches, it's critical for organizations to stay ahead of these emerging trends by building agile security strategies that are adaptable to the rapidly changing threat landscape. For businesses looking to future-proof their network security, the key is investing in a holistic platform approach that incorporates new technologies like secure browsers, single-vendor SASE, AI Copilots and AI-driven threat detection and response. By doing so, they will not only defend against today's threats but also be ready for the cyber risks of tomorrow. In 2025, network security will be more dynamic, innovative and proactive than ever before -- transforming the way organizations defend their most valuable assets and ensuring a secure, resilient future in the face of an ever-evolving digital world.

2025 Predictions from Sophos Experts

Ransomware Ransomware Attacks Will Continue -- especially Against the Healthcare and Education SectorsEducational and healthcare institutions frequently operate on limited cybersecurity budgets and with legacy systems in place. Both sectors also handle significant amounts of sensitive personal data. Add to the fact that, in the case of healthcare, ransomware attacks disrupt essential, life-saving operations, and you have a perfect storm of pressure that helps attackers secure quick ransom payments. That means these sectors will continue to be two of the biggest targets of ransomware attacks. (Chester Wisniewski, director, global field CTO) AI The honeymoon ends and reality Sets in as AI becomes a target for vulnerabilities, malware and attacksEvery new internet technology has a honeymoon period that ultimately ends when reality sets in. That time is coming for the latest LLMs as vulnerabilities and malware emerge. Microsoft has been issuing patches for AI products over the course of the past year, and we're starting to see how attackers can use LLMs to deploy malware such as trojans. In the next year, a clearer picture will emerge of the risks of AI -- and AI users and security professionals will need to figure out the best way to patch these vulnerabilities, safeguard against malware and protect against the eventual attacks that inevitably follow vulnerabilities and malware. (Christopher Budd, director, Sophos X-Ops)Generative AI is the risk that keeps on givingThanks to AI, certain cybercriminal activities have been democratized. Low skilled, opportunistic attackers can now ask some AI platforms for "educational" information on how to build anything bad, from a believable phishing lure to a sample of code from popular ransomware. While AI-generated attacks have a low success rate and often seem obvious, they contribute to a growing flood of "noise" in offensive operations, obscuring the real threats. (Aaron Bugal, field CTO)Rather than changing the world, we're going to see incremental changes in LLMsLarge language models (LLMs) like ChatGPT signaled a major breakthrough in the development of AI in the past few years. Much like the prior deep learning breakthrough 12 years ago, future progress will be incremental -- at least for a while. The improvement and development of AI is actually a slow-moving process punctuated by big changes. We still have so much optimization and improvements that can be made with the current iteration of LLMs, such as power and cost efficiencies. These smaller improvements will be the type of advancements we should expect to see in the next few years. (Ben Gelman, senior data scientist)There will be a rise in multi-agent systemsThe next evolution in the utilization of LLMs will be chaining them together to create more complex tasks. So, rather than opening up ChatGPT and asking it to write a line of code, researchers and possibly cybercriminals will orchestrate multiple LLMs and other AI models to carry out more complex tasks like automated cybersecurity penetration systems, customer service, and integrated assistants. This is similar to what Sophos created in its "scampaign" -- a fully automated constructor for fake, AI-generated e-commerce websites. (Ben Gelman, senior data scientist) Nation-States Nation-State attacks aren't just for enteprises anymoreNation-state groups have turned their attention to edge devices to build useful proxy networks for chaos and sabotage. These edge devices are frequently unpatched and vulnerable, especially since many companies still have end-of-life (EOL) devices deployed in the wild. With nation-state groups building proxy networks, the victim pool has broadened -- and companies of all sizes may now be targeted. (Chester Wisniewski, director, global field CTO) Attacker Tactics Cyber criminals will bring the noise to distract targetsThrowing a smokescreen or a flash bang and causing disruption, distraction and confusion takes the focus off the real threat - and cybercriminals know this. To evade detection, cybercriminals are using distraction tactics to pull incident responders' attention away from their primary objective. By creating "noise" -- such as minor attacks or false incidents -- attackers can overwhelm response teams, allowing larger threats to advance undetected. These distractions tactics are becoming a serious challenge, draining resources and stretching even well-equipped security teams thin, weakening defenses and making organizations vulnerable. (Aaron Bugal, field CTO)When the security community zigs, the criminals zagAs organizations implement more advanced endpoint security tools and deploy multi-factor authentication (MFA), attackers are increasingly targeting cloud environments. This is in part because companies are less likely to use MFA with their cloud access tokens. This also means that, where passwords used to be the prize for an attacker, now they're looking for cloud assets and authentication tokens to gain footholds. (Chester Wisniewski, director, global field CTO)Expect attackers to focus on the supply chainTwo of the biggest cybersecurity events of 2024 have targeted third-party software suppliers: Blue Yonder and CDK. The latter disrupted thousands of car dealerships across the United States for over a week, and the former hit major retailers during the holiday shopping week. Expect more attacks like these in the coming year. Attacks against the software supply chain have reverberating consequences far beyond the initial company targeted. Software supply chain attacks are a highly effective way for attackers to increase pressure on victims since affected customers often have limited options while awaiting remediation. (Chester Wisniewski, director, global field CTO) Lessons Learned: Plan for disruption. With the rise in supply chain attacks, companies need to proactively plan for vendor disruptions. This includes thoroughly evaluating vendors' security measures and testing incident response plans during the procurement process. Organizations are often blind to these single points of failure, and that needs to change in 2025. (Chester Wisniewski, director, global field CTO)Prioritize patching and MFA. The majority of compromises still begin with unpatched software and systems or through a stolen password. Internet-facing networking equipment without MFA is particularly vulnerable. If companies prioritize patching and MFA, they can dramatically improve their security posture. (Chester Wisniewski, director, global field CTO)Strengthening the security of products. Efforts like Secure by Design and Secure by Demand, launched by the US government CISA, are positive developments in the cybersecurity community. Going forward, pushing technology vendors to improve the security and quality of their products from the start will be crucial in safeguarding the world's supply chains, which are increasingly under threat. (Chester Wisniewski, director, global field CTO)Reporting Helps Prevention. Educating users on best practices regarding suspicious emails and attachments is still a good practice, but it is unlikely to detect today's more sophisticated lures. What's most important is that users are trained to report when something is unexpected or suspicious so you can investigate and potentially respond to those threats before they cause more harm. Early warnings from vigilant users can help protect less sophisticated users as well as kick-off a threat hunt before the attackers are able to fully exploit your systems. (Chester Wisniewski, director, global field CTO)Fatigue and Burnout are No Longer a Risk; They're Apparent. Burn out and fatigue is now the norm, not the exception within the cybersecurity community. People are exhausted from being under-resourced and dealing with technology that has either aged out or is not being used to its full potential. In addition, cybersecurity professionals are dealing with processes, responsibilities and governance that are ill defined. Organizations should look for ways to identify burnout within employees, look for ways to harness technology and leverage Managed Detection and Response (MDR) services from security vendors to help scale stretched employees. (Aaron Bugal, field CTO)

Sophos Experts Reveal Top Cybersecurity Predictions for 2025

a. Thanks to AI, certain cybercriminal activities have been democratized. Low skilled, opportunistic attackers can now ask some AI platforms for "educational" information on how to build anything bad, from a believable phishing lure to a sample of code from popular ransomware. While AI-generated attacks have a low success rate and often seem obvious, they contribute to a growing flood of "noise" in offensive operations, obscuring the real threats. (Aaron Bugal, field CTO) 3. Rather than changing the world, we're going to see incremental changes in LLMs a. Large language models (LLMs) like ChatGPT signaled a major breakthrough in the development of AI in the past few years. Much like the prior deep learning breakthrough 12 years ago, future progress will be incremental -- at least for a while. The improvement and development of AI is actually a slow-moving process punctuated by big changes. We still have so much optimization and improvements that can be made with the current iteration of LLMs, such as power and cost efficiencies. These smaller improvements will be the type of advancements we should expect to see in the next few years. (Ben Gelman, senior data scientist) 4. There will be a rise in multi-agent systems a. The next evolution in the utilization of LLMs will be chaining them together to create more complex tasks. So, rather than opening up ChatGPT and asking it to write a line of code, researchers and possibly cybercriminals will orchestrate multiple LLMs and other AI models to carry out more complex tasks like automated cybersecurity penetration systems, customer service, and integrated assistants. This is similar to what Sophos created in its "scampaign" -- a fully automated constructor for fake, AI-generated e-commerce websites. (Ben Gelman, senior data scientist)