7 security predictions for 2025 from Barracuda executives

Over the past year, the threat landscape has evolved quickly, and organizations of all sizes have been racing to keep their data, networks, and applications protected. That shows no signs of slowing down as 2025 gets underway.

To help you prepare for 2025, we recently spoke to three Barracuda executives, each with their own perspective and predictions about the changes, developments, and trends the coming year will bring and what businesses need to be aware of to stay protected.

Siroui Mushegian, Barracuda CIO

2025 will be a turning point for AI security

Businesses are at a pivotal moment in AI innovation — a thrilling opportunity that comes with sharp risks. AI is both a shield and a sword in cybersecurity: offering unprecedented potential to strengthen cybersecurity, while giving attackers new tools to exploit. As companies advance their use of AI, they must proceed cautiously. Success hinges on using AI thoughtfully and strategically, not just adopting AI for the hype but strategically deploying it where it truly adds value.

Companies will get serious about building cybersecurity resilience among rising threats

As ransomware and supply chain attacks surge, the compliance industry is raising the bar on cybersecurity standards, pushing companies to adapt and fortify their defenses. While there may be overlap globally, regional nuances require tailored approaches to compliance. Cybersecurity resilience is critical — not only to stay ahead of changing regulations, but also to ensure organizations can respond and recover swiftly if the inevitable happens. In the coming year, we’ll see companies across sectors embrace a unified approach, making cybersecurity a collective responsibility and improving overall cyber resilience against ever-evolving threats. 

Riaz Lakhani, CISO

Shadow IT risks will grow in 2025

The risk associated with shadow IT will grow significantly unless companies aggressively address it. With so many SaaS services being introduced by employees, contractors, or others as more innovative tools are available for easy deployment without a security review, there's a heightened risk of data leakage and general security threats. Additionally, the use of unsanctioned AI SaaS tools will increase, posing risks of downloading malicious LLMs or legitimate LLMs that have been tampered with.

Threat actors will double down on ransomware

Ransomware will continue to be a major issue, affecting not only large corporations but also small and medium-sized healthcare organizations and even individuals. Last year, I highlighted the UHC/Change Healthcare issue, which personally impacted my wife, a doctor who owns her private practice and uses Change Healthcare for revenue cycle management. We’ve also seen incidents like the one with GM. Threat actors are finding good ROI in ransomware attacks and will likely double down. Barracuda published a threat spotlight on a campaign where threat actors targeted individuals by showing pictures of their homes and insinuating physical threats unless a ransom was paid.

Social engineering attacks will get extremely persuasive

We will see very convincing social engineering attacks like never before. Threat actors will use AI to scale content creation, produce more persuasive content, and employ deepfake/voice replication for sophisticated phishing and social engineering attacks. Phishing already provides a good ROI for threat actors, and I fully expect to see high-quality phishing to warm up the target with layered follow-up social engineering tactics.

Adam Khan, VP of Global Security Operations

AI will drive innovation and evolution for XDR

In 2025, XDR will evolve beyond reactive monitoring to become the backbone of predictive and automated security operations. Expect XDR platforms to integrate with broader ecosystems like SOAR and AI-driven threat intelligence, enabling dynamic risk scoring and prioritized responses across cloud, endpoint, network, and more. AI will play a central role, enabling XDR to analyze vast volumes of data in real-time, detect subtle attack patterns, and predict potential threats before they materialize. This AI-driven evolution will transform XDR from a responsive tool into a proactive security strategy, capable of adapting to an ever-changing threat landscape.

SMBs, often seen as low-hanging fruit for attackers, will increasingly adopt XDR as a cost-effective solution to consolidate their defenses, mirroring enterprise-grade security at an accessible scale. AI’s automation capabilities will make advanced security attainable even for resource-constrained organizations, significantly reducing their reliance on large SOC teams. Think of XDR not just as a 911 system for your business, but as a full-service command center, driven by AI, preemptively defusing threats and continuously learning to enhance resilience.

Data protection strategies will shift to secure data in new ways

By 2025, data protection strategies will shift from solely securing data at rest or in transit to securing data in use. Privacy-preserving technologies like homomorphic encryption and confidential computing will see widespread adoption, driven by compliance requirements and the need for real-time collaboration without compromising sensitive data. Sectors like healthcare and education will embrace AI-based anomaly detection to safeguard their treasure troves of personal and organizational data, addressing attackers' increasing focus on these industries. Incident response will move from annual tabletop exercises to continuous testing through simulated attack platforms, enabling organizations to measure readiness in real-time.

New webinar with more insights

On January 22, Barracuda will be hosting a webinar looking at top cybersecurity trends and what to expect for 2025 and beyond. Adam and Riaz will lead an insightful discussion, including predictions about the evolving threat landscape and best practices to prepare for what’s ahead in the coming year. Join us for a first-hand look at what you need to know to protect your business and your customers this year, and get more expert insights from two Barracuda security executives.