Tesserent put the call out to their 500 cybersecurity practitioners for their predictions for 2025, based on what they are observing at the coalface working to keep their clients secure.  

Amongst the key trends, Jason Plumridge, Chief Information Security Officer, Tesserent warns that we will see escalating social engineering attacks, but this time powered by AI.  AI will also be leveraged to step up attacks on critical infrastructure.  

1. Rise of social engineering – powered by AI
   AI is providing cyber-criminals with the tools to quickly and convincingly craft phishing emails. Social engineering will be a key attack vector consumers and businesses need to watch out for in 2025. The return to people-based attacks, rather than technology driven cyber-attacks will feature in 2025 according to Tesserent’s experts. 
   
   
2. More cyber-attacks fueled by AI
   The rapid speed that cyber-criminals are deploying AI, means they can execute more attacks with greater velocity and precision. Tesserent warns this trend will continue to accelerate in 2025. The number of AI-based tools for cyber criminals will increase in 2025 and drop in price on the dark web, further democratising the use of this technology by threat actors and removing the need for cyber-attackers to have strong technical skills that until now have remained a barrier.
   
   
3. The good guys will use AI to fight back
   Tesserent predicts that AI will continue to advance as a core element of data analysis, threat monitoring and orchestrated and automated response as part of an organisation’s security program throughout 2025. Enabling the good guys to leverage AI to help them protect, defend and fight back in an escalating threat environment.
   
   
4. More attacks will be leveraged against Australian critical infrastructure
   Tesserent expects there will be increasing attacks that threaten Australian critical infrastructure and utilities in 2025 with these attacks supported by AI. We are likely to see AI drive scripting and coding making the attacks easier to perform for cyber-criminals as they attempt to target known critical infrastructure vulnerabilities in new ways.  AI is already being used in defending technologies such as SIEM to identify threats based on patterns – and this will continue in the coming year. The most successful attacks will still be because of poor security practices and lack of vulnerability management or access control that allow initial access to networks and systems.

5. Public and private sector will continue to struggle to hold onto cyber security talent
   Maintaining the trend of the past couple years, Tesserent expects that Australian businesses and governments will continue to find it difficult to retain cyber security talent in an increasingly competitive environment. More government departments and private sector enterprises will continue/look to outsource as a result.