Amongst the key trends, AUSCERT General Manager, Dr Ivano Bongiovanni announces that AUSCERT will step up efforts in 2025 to increase phishing takedowns attempts to protect more small and medium sized businesses.  

AUSCERT also anticipates that Australia will seek to strengthen global cyber security collaborations. Also, deployment of deep fake images, voice and video will escalate more phishing attacks globally.  

1. Phishing takedowns efforts will increase in 2025

   The team at AUSCERT will be on the alert to assist during seasonal peak times in 2025 to increase phishing takedown attempts. Phishing attempts are expected to surge during high-transaction periods, particularly at the end of the financial year. Cyber attackers often exploit these peak times, targeting financial transactions and tax filings to maximise their impact and particularly target vulnerable small and medium Australian companies. 

   A primary focus for AUSCERT in 2025 will also be to enhance awareness of brand impersonation risks and spear phishing. The rising prevalence of schemes that impersonate high-level executives, for example in banks and government agencies, will require enhanced efforts in 2025 to equip individuals and organisations to recognise and avoid these threats.

2. Australia will enhance its focus on global cyber collaboration 
   
   As we head towards 2025, the need for a coordinated global response to cyber security incidents will be more critical than ever, especially around regulations and common business practices. Nationally, cybersecurity regulations are expected to keep maturing. Organisationally, public and private sector will prioritise partnerships that enhance their ability to swiftly and effectively address emerging threats.

   AUSCERT will play a pivotal role in this landscape by continuing to strengthen our relationships with global partners. By fostering these connections, we aim to ensure that our community is equipped with the best protection and support available.
    

3. Deep fakes will feature in more successful phishing attacks  

   In 2025, phishing is expected to remain the most frequently reported incident type, as cyber criminals continue to exploit vulnerabilities in both individuals and organisations. Phishing attacks will leverage more AI and we will see an escalation in successful deep fake attacks using audio, images and video. AUSCERT cautions businesses and individuals to be on the look-out and always double-check sources. 

4. Spam and malware attacks will increase 

   AUSCERT warns that spam and malware attacks are expected to rise in 2025, driven by their accessibility and the ease with which they can be deployed at a large scale. As cyber criminals continue to refine their tactics, leveraging technology, these threats will become increasingly prevalent, posing significant challenges for the public and private sector as well as consumers and not-for-profits. 

5. Enrolments to increase for cyber security training for senior executives and all employees

   AUSCERT anticipates growing demand for training as organisations increasingly recognise its crucial role in enhancing cyber resilience. In 2025, we expect higher enrolment in training courses, targeting not only technical staff but all employees within an organisation. Elevating cyber security awareness across the entire workforce is essential to counter a more complex threat environment. 

   There is an urgent need for senior executives to participate in cyber security training courses to acquire the essential skills and knowledge required for effective leadership. As regulatory pressures intensify, the demand for leaders to have a solid understanding of cyber security principles will elevate in 2025 and beyond. 

6. Increased focus on Governance, Risk, and Compliance (GRC)

   AUSCERT predicts a significant rise in demand for both maturity assessments and tabletop exercises in 2025. As organisations face increasingly complex cyber threats and regulatory requirements, they will actively seek these services to bolster their security posture. 

   Conducting maturity assessments will allow organisations to identify vulnerabilities and enhance their compliance efforts, while tabletop exercises will provide critical practice in crisis management.