Four key cyber trends to watch for in 2025

Understanding these trends can help you and your clients stay ahead of risk.
 

1. Ransomware attacks are becoming more advanced with AI
   
   According to Munich Re¹, ransomware will continue to be the top cyber threat, fueled by emerging technologies and AI-driven tactics. AI-powered ransomware-as-a-service models will lead to more individualized and automated attacks, with tailored phishing and email extortion that can be easily translated into multiple languages. This will enable hackers to launch simultaneous attacks across various regions, targeting employees, suppliers, customers, and other third parties.
   
   
2. Supply chain and third parties are providing indirect access to hackers
   
   The great majority of businesses rely almost entirely on third-party vendors for our cloud services (websites, social media, and entertainment), software (accounting, payroll, and HR) and data storage (documents, photos, and videos).
   
   Cybercriminals are increasingly targeting these service vendors as their doorway to gain access to individuals and businesses.
   
   A weak link in the supply chain can expose entire networks to cyber threats. An example is hackers compromising a routine software update by injecting malicious code into it. In this example, attackers are able to gain access to high-profile targets. As is often the case, such attacks can remain undetected for months, demonstrating how dangerous supply chain vulnerabilities can be.
   
   
3. Zero-Trust environments are providing enhanced protection
   
   On the positive side, see a movement towards Zero-Trust practices.
   
   A Zero-Trust environment is a cybersecurity framework where no user, device, or system is automatically trusted, even if it is inside the organization’s network. The Zero-Trust model assumes that every login attempt could be a threat.
   
   In the Zero-Trust environment, even if an attacker steals an employee’s password, they will still need Multi-Factor Authentication, a trusted device, and normal behavior-based authentication to gain access. If the hacker somehow breaches one system, they would not be able to move freely across the network due to continuous monitoring.
   
   This Zero-Trust approach greatly reduces the risk of cyber threats such as ransomware, insider threats, and phishing attacks.
   
   
4. Government regulations are becoming more stringent
   
   The most recent legislation introduced into parliament in Canada concerning cyber privacy and security is Bill C-26. Introduced in 2022 and having already passed two readings in the House of Commons, Bill C-26 aims to enhance the protection of critical cyber systems and infrastructure within federal jurisdiction, including sectors such as telecommunications and banking.
   
   This bill creates a framework that holds operators of essential systems to higher cybersecurity standards, aiming to protect against cyberattacks and ensure operational continuity in case of a breach.