Finding cybersecurity's place in the world

Issue 2 2025 Information Security

We have become accustomed to passwords, fingerprint readers, and antivirus software. We use one-time PINs to authenticate transactions and activate VPN software to stay safe on public networks. We are well aware of threats like identity theft, ransomware, and phishing emails, which fuel a cybercrime scourge that cost the world just shy of $10 trillion in 2024.

However, cybersecurity continues to be marginalised as a technology topic. This is beginning to change, and three trends indicate that we are progressing towards recognising cybersecurity as more of a social and business imperative.


Gerhard-Swart.

Risk, not response, will lead security

Cyberthreats continue to dominate risk registers and publications such as the Allianz Risk Barometer Report and IRMSA's Risk Report 2024. Companies and their leaders are very aware of and even proactive about cyberthreats.

However, an increasingly costly arms race between cybercrime and cybersecurity is made worse by a tendency to focus on buying and deploying security solutions in response to every security problem. This is a zero-sum game in which the customer eventually loses due to cost or complexity.

Instead, experts advocate risk as the departure point, determining the most mission-critical assets in an organisation, then building security to focus on those and spreading from there. Analyst firm, Gartner, has coined this as continuous threat exposure management (CTEM).

While this approach seems obvious, it is a radical departure from cybersecurity tactics and sales models, but it works very well, and we will see more support for risk-prioritised cybersecurity in 2025.

AI will amplify data governance issues

After many years as a technical or fringe business practice, artificial intelligence (AI) has become the focus of most business leaders (whether they understand it or not). Data quickly became synonymous with AI, which needs that information to function.

This marriage has amplified data problems. Companies could skirt the data issue. As long as they adhered to regulations and felt satisfied with their usable data, they did not bother too much with managing, cleaning, and securing most of their data.

AI has tipped that cart over. For example, data leakage used to be about disgruntled employees stealing customer lists or someone irresponsibly sending financial statements via a private email address. Now, companies worry that someone will feed their year-end spreadsheet into ChatGPT. The catch is that the person does this to improve productivity – they want to do a better job faster – and who would discourage that?

Better data management and integration are rising from technology black sheep to top executive priorities, a trend highlighted by numerous surveys, including the MIT Technology Review. This trend is inseparable from data governance and security. During 2025, businesses will increasingly prioritise data security and governance as a competitive strategy, rather than just a compliance exercise.

Deepfakes will make users more sceptical and aware

AI's impact will not only concentrate on data. I believe it will also affect user behaviours and attitudes. Humans are the weakest link in security and information. Our prejudices and distractions make it easier for criminals to goad us into harmful actions. The classic example is clicking on a dangerous link in a phishing email or falling for a romance scam on social media.

Until recently, we trusted our critical thinking, regardless of its accuracy. We assume we are above average when it comes to judging threats and opportunities, and we quickly believe that the bad things that happen to others will not happen to us. This attitude has been a gift to cybercriminals, leading to over 91% of all cyberattacks starting with a phishing email. Training people to become security-aware is crucial, but it is not enough. People do not make these mistakes because they are stupid. It is much more complicated than that.

People make these mistakes because they are overconfident in their ability to spot a scam or an attack. I believe that generative AI—specifically deepfake content—will dramatically affect that. AI-generated content means we can no longer trust what we see or hear.

There are early signs of this growing scepticism, such as a majority of people feeling conscious concern about deepfakes. I anticipate we will see this concern grow in 2025 and beyond, and perhaps we can weaponise it against the scourges of fake news and cybercrime.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Cybersecurity in South Africa
Information Security
According to the Allianz Risk Barometer 2025, cyber incidents, including ransomware attacks, data breaches and IT outages, are now the top global business risk, marking their fourth year at the top.

Read more...
Are AI agents a game-changer?
Information Security
While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants, functioning as self-learning digital operatives that plan, execute, and adapt in real time. These advancements do not just enhance cybercriminal tactics, they may fundamentally change the battlefield.

Read more...
Disaster recovery vs cyber recovery
Information Security
Disaster recovery centres on restoring IT operations following events like natural disasters, hardware failures or accidents, while cyber recovery is specifically tailored to address intentional cyberthreats such as ransomware and data breaches.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
The rise of AI-powered cybercrime and defence
Information Security News & Events AI & Data Analytics
Check Point Software Technologies launched its inaugural AI Security Report, offering an in-depth exploration of how cybercriminals are weaponising artificial intelligence (AI), alongside strategic insights defenders need to stay ahead.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
What does Agentic AI mean for cybersecurity?
Information Security AI & Data Analytics
AI agents will change how we work by scheduling meetings on our behalf and even managing supply chain items. However, without adequate protection, they become soft targets for criminals.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...