It’s mid-December, which means it’s time for three things: panettone, a look back at cybersecurity trends and a look forward at what to expect in the new year. You may want to look elsewhere for the best panettone, but here are five predictions from Nozomi Networks OT/ICS experts, based on trends we followed during 2024.
1. Geopolitical Events Will Continue to Impact Critical Infrastructure.
As the war in Ukraine wore on for a third year and tensions in the Middle East spread, cyberthreats linked to these and other global military conflicts followed suit. Critical infrastructure sectors like water and wastewater, utilities and even space are becoming prime targets for cyberattacks. Nation-state motivations range from advancing their ideologies to incapacitating public services. The common denominator is a desire to fear, uncertainty and chaos.
Global unrest will likely persist in 2025. Expect to see nation-state actors and hacktivist groups continue to shift their focus from spying to sabotage, directly targeting industrial systems.
2. Ransomware Isn’t Going Anywhere.
Cybercriminals like to innovate to stay one step ahead of defenders. But they also don’t like to fix what isn’t broken. Ransomware attacks were a serious problem for industrial targets in 2024, with manufacturing, telecom and utilities remaining key targets. Manufacturers in particular are considered attractive targets for their valuable intellectual property, healthy bottom lines and low tolerance for downtime. As attackers became more aggressive this year, we started seeing cases with double extortion to demand payments not only for decryption but also to keep stolen data private.
Despite reports that bad actors have diversified into other forms of extortion such as leakware and doxing, supply chain attacks and business email compromises (BECs), ransomware remains a significant threat to industrial organizations. The persistence of ransomware and rise of other extortion methods emphasizes the importance of investing in effective prevention and recovery measures while avoiding the practice of paying ransoms, which only encourages cybercriminals.
3. AI/ML Will Play Offense and Defense — and Be the Target.
The application of AI/ML is expanding into nearly every area imaginable. While AI/ML-enabled cyberattacks are on the rise, industrial automation vendors are also leveraging their power to enhance automation capabilities. However, these systems may themselves become targets of AI/ML-driven cyberattacks. Fortunately, cybersecurity solutions are adopting AI/ML technologies to process large volumes of data, enabling more effective detection and prevention of advanced cyber threats.
In the new year, we are likely to see an increase in AI/ML-enabled cyberattacks targeting critical infrastructure and new attacks on AI/ML-based OT/IoT assets and networks. Smart city projects, particularly entertainment and sports facilities, are increasingly recognizing the importance of securing their cyber-physical systems. Often overlooked, systems like building management and other connected devices can be both final targets and serve as potential entry points for cyberattacks.
4. Beware of Cyberattacks in the Sky.
If you’re looking for the perfect gift for that person who has everything, consider a drone. They’ve been popular holiday gifts in recent years, and technological advancements such as obstacle avoidance have made them easier to operate. In fact, they’re so advanced that cybercriminals are enlisting them as weapons. With growing applications in both military and civilian/industrial contexts, they’re also becoming high-value targets since many critical processes now rely on them.
Beyond drones, the cybersecurity of space infrastructure – including satellites and ground systems – is becoming a pressing concern. Industries across sectors rely heavily on space-based communications and services, leaving them vulnerable to threats in this domain.
In 2025, the rise of wireless connectivity through drones, autonomous systems and other devices will create more opportunities for exploitation, especially given the potential for misconfigurations and insecure deployments.
5. Regulations Will Determine Focus. And Investments.
Regulatory compliance is the top driver for cybersecurity programs, which tend to evolve based on where government and industry regulations dictate. While collectively these regulations improve resilience, transparency and accountability, they also put significant pressure on organizations to meet often strict new requirements despite limited resources. In 2024 this manifested in three areas:
- Supply chain vulnerabilities have emerged as critical factors in modern cyberattacks. Initiatives like requiring software bills of materials (SBOMs) may help. The EU’s Cyber Resilience Act (CRA), which took effect December 10, stands out by emphasizing better vulnerability management and increased transparency across supply chains, including mandated SBOMs.
- Incident reporting requirements are reshaping security practices for critical infrastructure. The EU NIS2 Directive sets an example with clear definitions and a prescriptive reporting process. In the U.S., CIRCIA incident reporting requirements for critical infrastructure don’t take effect until 2026, but the broader SEC cyber disclosure rule has already resulted in a steady stream of incident disclosures that likely wouldn’t have occurred without it.
- Saudi Arabia’s new framework for licensing managed security operations center services, adopted in March, demonstrates how governments are driving more effective threat detection and response via centralized security operations.
Finally, while not a regulation, the first major update in 10 years to the ISA/IEC 62443-2-1:2024 standard (which addresses security for industrial automation and control systems) has been incredibly helpful. Overall, updates to many parts of IEC 62443, along with new certification schemes and wider national adoption in recent years, provides a stronger, more consistent foundation for securing industrial systems worldwide.
Expect more regulations in 2025, even in countries where the tide is turning against government oversight. Cybersecurity is recognized as essential to national security, around the globe and across party lines.
OT/ICS Cybersecurity Takeaways for 2025
Bad actors were as bad as ever in 2024. We saw a significant escalation in cyber threats targeting critical infrastructure. Based on this year’s trends and predictions, here are some recommendations worth heeding.
AI/ML is shaping every aspect of our lives faster than we can assimilate. The rise of AI/ML-enabled cyberattacks underscores the need for organizations to stay vigilant and adapt to new, advanced techniques, using the best available threat intelligence. Understand your vulnerabilities and how attackers might exploit them, while also exploring how AI/ML technologies can enhance your resilience.
Whether AI-assisted or not, don’t ignore the increasing volume and sophistication of attacks. Work on bolstering comprehensive OT security monitoring beyond your ICS network, to cover host activities, network communications and emerging wireless technologies in industrial applications. Automate OT security incident analysis and integrate it into your SOC processes to handle threats faster and more efficiently.
Once these defenses are in place, they’ll be a gift that keeps on giving.
