2025 Cybersecurity Predictions: It’s Not Just AI, Here’s How Cybersecurity Will be Transformed in 2025

Earlier this month I joined Mikey Pruitt, our Global Partner Evangelist, on the DNSFilter podcast dnsUNFILTERED to discuss my 2025 cybersecurity predictions. We had a lot of fun and covered all of the points I’ll outline here, but I wanted to go deeper. My 30 years of cybersecurity experience have given me a strong sense of where we’re heading as an industry—the shift to the cloud in many ways is a precursor in the adoption of AI and the future move to quantum computing. However, I was eager to see how our network data might further illuminate these trends and provide additional context for us to understand the bigger picture.

Zero Trust is No Longer Optional

By 2025, Zero Trust will be the dominant architecture model, fully replacing outdated perimeter-based models. Security controls will focus increasingly on the workforce and workloads rather than just the workplace, leading to enhanced protection across diverse environments. 

In a Zero Trust environment, every user, device, and application is treated as a potential threat. This means continuous monitoring and threat intelligence become absolutely crucial. Monitoring DNS activity for anomalies, such as sudden spikes in queries to unusual or suspicious domains, provides a vital early warning system. These anomalies could indicate attempts to contact command-and-control servers, exfiltrate data, or deliver malware. By identifying these red flags in real-time, organizations can proactively block connections, isolate compromised devices, and prevent further damage. 

This proactive approach aligns perfectly with the Zero Trust principle of "never trust, always verify," ensuring that only legitimate and authorized DNS requests are allowed, regardless of their origin. New domains, which are domains that are newly registered within the last 30 days, pose a serious threat to businesses as these domains are commonly used and quickly discarded by threat actors.

The following chart shows the raw number of new domains that we encountered on our network since June 2024:

Over this roughly six month period, traffic to new, potentially risky new domains more than doubled—a 108% to be exact. This increased volume highlights the critical need for a zero trust policy which includes protective DNS to proactively track and block these unknown domains, preventing potential threats from compromising your organization.
While Zero Trust focuses on securing access, another critical aspect of cybersecurity in 2025 will be data privacy.

Everyone Will Care About Data Privacy in the Future

Data privacy is no longer a niche concern for tech-savvy individuals. It's rapidly becoming a mainstream issue, and businesses that fail to take it seriously are putting themselves at risk. Consumers are increasingly aware of how their data is being collected, used, and potentially misused. This awareness, coupled with high-profile data breaches and mishandling incidents, is driving a demand for greater transparency and accountability.

In this environment of heightened data privacy concerns, protective DNS solutions like DNSFilter play a critical role by blocking access to malicious websites and preventing data exfiltration, but also in blocking domains that may be used to collect data on the end users.

One way in which we see the trend of an interest in data privacy on our network is how often our trackers and advertising categories are blocked by our users. The percent of traffic on our network that represents advertising has remained consistent over the last year at 3.55% as you can see by this trendline:

However, when we look at the raw queries on our network and what users are blocking, we see more of our network are actively blocking advertising when we look at the dotted blue trendline than they were earlier in the year:

Early in the year, roughly 15% of advertising queries were blocked. By the end of 2024, we’ve seen it rise 6 percentage points at its peak with the average by November being 19% of all advertising is blocked.

Trackers, more invasive sites used to track where you go online often for the purpose of advertising, are blocked far more often than advertising on our network and saw similar growth in 2024:

Earlier in the year, we saw 30% of trackers blocked consistently through August. In September, we started seeing trackers blocked closer to 40% of the time. To put this into perspective, our cryptomining threat category is not blocked by our users nearly as often as ads or trackers.

We know that individuals care more about the privacy of their online data, and this will continue far into the future. As data privacy concerns grow, so too does the sophistication of cyberattacks, fueled in part by advancements in artificial intelligence.

Hacking is Getting Easier - AI is both the Reason and the Cure

2025 marks a turning point in our relationship with reality. AI's ability to generate hyperrealistic images, videos, and audio is forcing us to constantly question the authenticity of our senses. This challenge goes beyond mere skepticism; it has profound implications for how we consume information, form opinions, and interact with the world around us. It is also impacting both how threats are created and countered.

Thanks to AI, creating cyber exploits will become easier as the barrier to entry lowers. Cybersecurity will require strategic thinking in addition to technical skills.

One way DNSFilter is already combatting AI-based threats is through Malicious Domain Protection, which uses machine learning to categorize suspected threats. Some malware uses domains created by "domain-generation algorithms" (DGAs). These algorithms churn out countless random-looking domains designed to evade traditional security tools that rely on lists of known bad domains. What Malicious Domain Protection does is inspect these domain strings to assess their risk. This feature excels at identifying DGAs, but it's not limited to just those. It can also identify domains associated with other online threats.

It’s just one way DNSFilter is fighting AI-driven threats. Over the last year, potentially malicious traffic identified by our Malicious Domain Protection capabilities have more than doubled:

While legitimate interest in AI is high, with a significant portion of our network traffic going to AI-related sites, we're seeing a disturbing trend. A surprisingly large percentage of domains containing 'artificial intelligence' or 'machine learning' are actually categorized as threats. These sites, often newly created, are designed to exploit an interest in AI. This means that for every few legitimate AI sites, there's at least one that's designed to steal information or spread malware. This emphasizes how cybercriminals are capitalizing on popular trends to carry out their attacks and aligns with our 2025 cybersecurity predictions. 

AI is a powerful tool, but it also empowers those with malicious intent. Organizations must ensure their employees use legitimate AI tools and critically evaluate the information they encounter, recognizing that AI can be used to create deceptive content. To counter the evolving threat landscape, organizations will need to upgrade their cybersecurity toolsets and move away from outdated technologies.

Up-Leveling Toolsets, Goodbye Legacy Tech

By 2025, many current cybersecurity tools will become outdated, as they still reflect a perimeter-based mindset. In today’s world, effective defense is necessary for every device and at every location where people live, work and play. We have seen remote deployments increase steadily on our network in 2024, with monthly traffic to remote devices increasing by 56%. This trend will continue as protection on the endpoints, layered with the network, will become more important.

Organizations will need proactive tools that don’t wait for an attack to happen. Instead, these tools will run tests and simulations on themselves to ensure they can maintain operational continuity in both good times and bad. Automation will be crucial, as it must continuously test and model threats with every network change before attackers can exploit vulnerabilities.

A key shift in cybersecurity strategies will be “tempo.” As the pace of change and attacks increases, defenders must also quicken their responses. Those who don’t keep up will be vulnerable.

These 2025 cybersecurity predictions underscore the need for proactive and adaptive security measures. The future of cybersecurity demands vigilance, adaptability, and a willingness to embrace new strategies. By understanding where we’re likely heading, we can proactively address emerging challenges and fortify our defenses to secure our digital future.