iscover
Sabeen Malik, Rapid7’s VP, Global Government Affairs and Public PolicyShare this article on:
Powered by
MOMENTUM
MEDIA
The surge in sophisticated cyber threats, ransomware attacks on critical infrastructure, and the increasing impact of AI and machine learning on cyber security continue to make the attack surface more volatile than ever.
As we approach 2025, here are four insights to consider.
1. National cyber security programs will prioritise critical infrastructure
Governments worldwide will continue to implement stricter security measures to safeguard critical infrastructure such as energy, healthcare, and transportation.
Australia’s progress on the new Security of Critical Infrastructure (SOCI) Bill serves as a model for others. The Asia-Pacific region is also making strides, with initiatives highlighted during the recent Singapore Cyber Week, including collaboration among Singapore, Australia, the Philippines, and India, to protect critical infrastructure.
The Philippines and Australia, for instance, have launched a “cyber boot program” to raise awareness and enhance preparedness for cyber attacks. This initiative follows their signing of a memorandum of understanding on cyber security and critical infrastructure cooperation earlier this year.
Regulatory mechanisms like licenses, audits, and fines are becoming more common across the Asia-Pacific region to enforce transparency and security. Australia has expanded its list of critical infrastructure operators, now covering more than 40 entities across energy, finance, and communications sectors. These operators face new cyber security obligations as part of the country’s evolving approach to safeguarding national significance.
2. Escalating nation-state cyber activities
Nation-state-sponsored cyber activities remain a significant concern. Groups like Volt and Salt Typhoon have actively targeted critical infrastructure in the United States and rebuilt their botnet capabilities. These groups are under FBI investigation for their suspected involvement in attacking commercial telecommunications infrastructure.
Australia is not immune to such threats. In July, the Australian Signals Directorate published an advisory on activities by a Chinese Ministry of State Security-backed threat actor targeting Australian organisations. Public attributions like this will continue to play an increasingly important role in deterring malicious cyber activities.
3. Supply chain risks require coordinated responses
The interconnectedness of critical infrastructure demands a systematic approach to addressing supply chain risks. Investments in offensive capabilities may also increase as part of these efforts.
In 2025, collaboration among Five Eyes nations will be essential for sharing intelligence and understanding diverse threat landscapes. While much attention has been placed on incident response, proactive prevention must also become a priority. Government agencies can lead the way in fostering a preventative approach, emphasising the timeliness of threat intelligence as a foundation for cyber resilience.
Enhanced collaboration between the UK, Australia, and the US will further solidify the understanding of risk contexts, contributing to stronger foundations for cyber security.
4. AI will drive both attack and defence strategies
AI will intensify the geopolitical cyber arms race while prompting increased outsourcing of AI-ready security operations centres (SOCs).
AI systems are set to become indispensable in detecting potential breaches, identifying anomalies, and securing networks against threats before they cause critical damage. Beyond back-end algorithms, AI agents and chatbots will play a role in countering phishing attacks and social engineering attacks by simulating threats.
According to Gartner, in 2025, generative AI will drive a spike in the cyber security resource demand, leading to a greater than 15 per cent incremental spend on application and data security. By 2026, organisations that integrate generative AI with platforms-based architectures in security behaviour and culture programs will experience 40 per cent fewer cyber security incidents.
Be the first to hear the latest developments in the cyber industry.
