+ AI-driven security threats, neglected cloud security, evolving ransomware, software supply chain security, and OT/IoT security were chosen
+ Risk management strategies from an enterprise perspective are needed to respond to AI technology-based security threats that have become more intelligent and sophisticated
Samsung SDS analyzed cybersecurity issues that occurred in and outside of Korea last year and announced five key cybersecurity threats that require caution in 2025.
The cybersecurity threats are as follows: need to prepare for AI-driven phishing – ‘AI security threats’; ‘cloud security threats’ due to long-neglected user credentials; ‘ransomware attacks’ evolving into a dual extortion strategy; ‘security threats to software supply chain’ due to open source malware infiltration; and security threats infiltrating OT and IoT -- poison in a hyperconnected society.
Based on its experience in running global security operation centers, Samsung SDS gathered opinions from approximately 400 security experts from corporations (in manufacturing, finance, and logistics) and those in the public/national defense sectors. Solutions to overcome security threats were also suggested.
■ Need to Prepare for AI-Driven Phishing – ‘AI Security Threats’
In 2025, security threats within companies will rise as more companies utilize generative AI in earnest. Notably, an AI-based system that detects, analyzes, and protects against threats needs to be established to more accurately and promptly respond to damage due to AI-based phishing attacks or malware. Also, companies should ensure their response is continuously evolving. For instance, they need to proactively respond to threats by leveraging their intelligent security control system to catch up with the speed of AI’s development.
■ 'Cloud Security Threats' Due to Long-Neglected User Credentials
Following the pandemic, companies are increasing their use of cloud infrastructure for introducing new base technologies and services, including generative AI, data analytics, etc. However, wrong changes to cloud configurations, long-neglected ‘user credentials’ that have been exposed, and security settings for existing system versions can lead to security accidents. Therefore, ‘security platforms that fit the cloud environment’ are needed to prevent such accidents.
*User credentials refer to information or credentials submitted by users to verify their identity (including ID, password, or certificate).
■ ‘Ransomware Attacks’ Evolving into a Dual Extortion Strategy
Ransomware has evolved into a dual extortion strategy that combines data encryption and information theft followed by information disclosure threats, causing greater damage. As a result, ransomware attacks through RaaS, etc., targeting critical data and sensitive information, are raising concerns about financial losses and damage to company reputations. Companies should prevent ransomware risks through stricter external access control and account management, as well as regular data protection and management.
*RaaS (Ransomware as a Service) refers to a business model where ransomware is offered as a service, allowing affiliates without any programming knowledge to carry out attacks simply by paying a fee.
■ ‘Security Threats to Software Supply Chain’ Due to Open Source Malware Infiltration
Recently, companies have developed and operated software by leveraging external resources, including open source, as well as internal resources. The use of external resources makes malware infiltration easy, possibly causing greater security threats. Malware can be infiltrated even with software updates. Companies should conduct audits on their software and overall IT environment; prepare for the introduction of S-BOM; and develop risk management plans for proactive response to threats.
*S-BOM (Software Bill of Materials) is a specification that includes detailed information such as a list of components included in the software, information on who created them, and interdependencies.
■ Security Threats Infiltrating OT and IoT – Poison in a Hyperconnected Society
There are growing security threats against Internet-connected production facilities and related systems (OT), as well as interconnected environments (IoT) between computing devices and gadgets, and between things and wearable devices. In particular, un-updated OT/IoT devices are easy targets for hackers, possibly leading to security breaches for the entire connected network. To respond to this, companies should stick to basic principles, such as strong authentication procedures, regular security updates, etc.
*OT (Operational Technology) refers to production facility operating technology
*IoT (Internet of Things) refers to technology related to connecting and communicating with various physical objects, including mobile devices, wearables, and vehicles.
Yong-min Chang, Vice President of the Security Business Unit at Samsung SDS, said, “Security threats that utilize AI technology have already become intelligent and sophisticated. Enterprise-level risk management strategies are needed.” He emphasized, “To respond to such threats, companies should have a comprehensive approach, from organization-level responses to IT environments and security system management for partners. The responses include introducing AI-based intelligent security solutions; setting up cloud platforms suitable for the company’s own environment; reinforcing control of accessing enterprise information systems; partner IT and security system management; and stronger authentication and regular security updates.”
Meanwhile, Samsung SDS has demonstrated its competency as a security leader. It was named by the global market survey agency IDC as a leader in the managed security service arena (2024 APAC) and a major player in cloud security (2022-2024 worldwide).
