Welcome to part two of our deep dive into 2025’s cybersecurity landscape. As highlighted in part one of this blog, generative artificial intelligence (GenAI) and supply chain vulnerabilities are at the forefront of cyberthreats. We consulted with other industry experts to uncover emerging trends, evolving threats, and key areas that managed services providers (MSPs) should monitor closely.
AI leads the way
Tracey Beveridge, HR Director at Personnel Checks, points to AI as the top challenge. “With AI technology more accessible, this has resulted in an increase in impersonation fraud in 2025,” she says. She adds that such impersonations can range from sophisticated deep-fakes, voice cloning, spoofing attacks to bypass biometric checks, forged documents, and even record manipulation.“
“This level of fraud can be so realistic that it is easy for people to fall for scams, even if checks have been made,” Beveridge says. She states that background check companies have to up their game to utilize more advanced verification technologies.
Colton De Vos, marketing specialist at Resolute Technology Solutions, notes that cybercriminals are becoming increasingly innovative. One of the most common social engineering tactics we’re seeing lately is the “Fake IT Support” scam. “This tactic involves phishing emails, calls, or messages where attackers impersonate your internal IT team or software/app vendors. They are trying to trick you into giving up access or installing malicious software,” he explains.
The surge in unstructured data due to GenAI
Francis Fabrizi, a cybersecurity expert and accountant at Keirstone Technologies, also highlights AI as a key factor in cybersecurity this year, noting that generative AI is reshaping industries by generating a substantial amount of unstructured data, including text, images, videos, and audio.
“This has transformed cybersecurity priorities by moving the focus away from protecting structured data, such as databases and spreadsheets, to addressing the complexities of safeguarding unstructured data,” Fabrizi says. He notes that tracking and securing these forms of data pose unique challenges, further increasing the need for innovative approaches in cybersecurity.
The growth of generative AI, Fabrizi says, has also led to a surge in machine identities.
“AI tools and cloud services increasingly rely on credentials and accounts that introduce potential vulnerabilities into organizations,” Fabrizi says. He explains that if attackers compromise a machine identity, they could gain unauthorized access to sensitive systems or manipulate AI outputs.
“For example, if attackers hijack the credentials of an AI-powered tool, they could disrupt critical infrastructures,” Fabrizi notes. “They could also expose valuable data, causing significant harm to the organization.”
He says that security professionals are increasingly needed to identify AI vulnerabilities and test its integrity. “They can now focus on areas such as prompt injection and model manipulation, which can help organizations proactively secure their AI infrastructure.”
Detecting the undetectable
Marin Cristian, CEO of OnlineGames.io explains that what currently draws attention in cybersecurity isn’t the increase in volume of attacks but the subtle and almost undetectable ones. “The invaders are now playing a long-term strategy. An increasing number of the infiltrations we come across are the so-called low-and-slow types representing ordinary network traffic and mimicking team workflows, particularly in the cloud-native environments,” Cristian says.
However, he notes that an even less-discussed emerging phenomenon in artificial intelligence (AI) is AI-based internal impersonation. These messages, he says, are not your typical phishing emails, which simply appear in the inbox, but rather, they come as genuine Slack messages or Jira comments. “Hence, for MSPs, it means that the traditional detection tools of little usage and the behavioral monitoring add to the pressure.”
Another trend he is noticing is “security fatigue.”
“Users become confused with the plethora of MFA requests and app logins, which leads them to the overlooked credentials and the backdoor risks,” Cristian says, adding that the solution is to not only deploy more sensors but to analyze data better. He shares that footholds from nation-states into the IT ecosystem are also increasing.
“These attacks are becoming increasingly destructive,” Cristian says. “Nation-states are prepositioning assets to disrupt basic services, while bad actors are targeting financial gain through ransomware attacks.” He adds a grim prediction: “I wouldn’t be surprised if a large U.S. city loses one of its critical services this year, whether it’s telecommunications or water utilities, due to a ransomware attack.”
Security in the age of AI
As organizations scale up their use of AI, he says, managing machine identities has emerged as a critical concern. Addressing this requires a comprehensive approach to identity and access management, Fabrizi notes. “Systems must be designed to continuously secure and update machine credentials whilst enforcing stringent verification processes for access requests and utilize advanced tools that can monitor machine activities for signs of anomalies.”
Machine identities may soon outnumber human ones, raising serious ethical and operational questions. Organizations must find ways to balance security and usability without compromising system functionality or performance. At the same time, they must manage their growing reliance on AI and automation while upholding high ethical standards. “The continued growth of AI in everyday use reflects a transformation that is reshaping the technological and security landscape of organizations,” Fabrizi concludes.
As we progress through 2025, it’s clear that cybersecurity is undergoing a profound shift. Cyber threats are becoming increasingly complex, driven by subtle, long-term intrusions, AI-driven impersonation, and security fatigue. At the same time, the explosion of unstructured data is accelerating the pace of these evolving risks. For MSPs and security professionals, staying ahead means rethinking traditional defenses and adopting smarter, more adaptive strategies.
Photo: panuwat phimpha / Shutterstock
This post originally appeared on Smarter MSP.