As 2025 comes to a close, cybersecurity professionals are taking stock of a year shaped by both familiar threats and rising perils.
So, what truly surprised security leaders this year—and what can we learn from it? To find out, I spoke with two industry experts: Amit Shingala, CEO of Motadata, and David Ratner, SVP of Strategic Partners at Silent Push. Shingala works closely with enterprises and MSPs managing large‑scale IT environments using AI‑driven ITSM, AIOps, and advanced monitoring tools. Ratner brings deep experience in intelligence‑led security strategies and tracking emerging attack patterns.
What was the most significant cybersecurity development of 2025?
Amit Shingala, CEO of Motadata:
From my perspective at Motadata, the most significant development this year was the expanded use of AI in IT operations to prevent security incidents before they occur. For example, one of our enterprise clients saw our AIOps platform detect unusual network behavior that signaled a potential ransomware attack. The system automatically flagged the anomaly and isolated the affected nodes before the threat could spread—saving the organization hours of downtime and preventing sensitive data exposure. This shows how AI‑driven ITSM has evolved from monitoring to actively protecting the business.
What trends surprised you?
Amit Shingala:
What stood out most this year was how quickly AI and predictive analytics became standard in everyday IT operations. A surprising trend was the speed at which MSPs began using network monitoring data to uncover cybersecurity gaps. In one instance, continuous performance monitoring revealed a misconfigured firewall creating an exploitable vulnerability. With AI‑generated alerts, the IT team corrected the issue before it turned into a breach—something traditional monitoring would likely have missed. This proves that predictive ITSM is no longer theoretical; it’s already safeguarding real organizations.
David Ratner, SVP of Strategic Partners at Silent Push:
One of the most surprising—and alarming—trends in 2025 was how clearly cyberattacks crossed from the digital world into the physical one. While incidents like the 2021 Colonial Pipeline attack offered early warnings, the scale and frequency of attacks with tangible, real‑world consequences grew dramatically this year.
We saw cyber activity disrupt critical infrastructure, from major airport outages across Europe to hospital attacks that directly affected patient care. Healthcare was particularly vulnerable: ransomware and cyber intrusions surged globally, impacting hospitals, clinics, and service providers, and disrupting essential systems such as lab services, imaging, and clinical operations.
This shift from profit‑driven attacks to those focused on disruption and damage is deeply concerning. It underscores the need for proactive, intelligence‑led security strategies—especially those that focus on early indicators and emerging attack patterns.
What trends didn’t surprise you?
Amit Shingala:
It came as no surprise that ransomware and phishing continued to dominate the threat landscape, especially in critical sectors. What I fully expected was the increasing reliance on integrated ITSM and observability tools to counter these threats. In one example, a healthcare client used CMDB integration with our event correlation tools to trace a suspicious login to a rarely used server. By linking incident data with asset information, the team stopped the attack within minutes—far faster than traditional manual investigation. This aligns with the broader trend of embedding security into everyday IT operations, something we’ve championed for years.
David Ratner:
Two ongoing trends remained consistent in 2025.
First, ransomware continued to be one of the most damaging and pervasive threats. Attackers expanded their extortion models, adding double extortion and data‑leak tactics, while ransomware‑as‑a‑service (RaaS) made it even easier for less‑skilled criminals to launch attacks.
Second, people remained the most consistently targeted and vulnerable attack surface. Whether through social engineering or increasingly realistic phishing campaigns, attackers again proved that exploiting human trust is often faster and more effective than trying to break through technical defenses.
Photo: Rawpixel.com / Shutterstock
This post originally appeared on Smarter MSP.