Kaspersky Industrial Control Systems Cyber Emergency Response Team (ICS CERT) has outlined its cybersecurity predictions for 2025. There will be a growing need to protect both innovative and legacy systems, all while navigating the landscape of geopolitical tensions, sanctions, and trade barriers. Careful technology vendor choice by industrial enterprises will also be key to ensuring resilient operations.
ICS predictions are part of the Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts in the cybersecurity world. A year ago, Kaspersky predicted multiple ICS threat developments for 2024 which came true. Ransomware has become a serious threat to industrial enterprises, with cybercriminals targeting high-value organizations, unique product suppliers, and major logistics companies. In addition, geopolitically motivated hacktivism has persisted, adding complexity to the threat landscape.
With these risks remaining relevant, Kaspersky highlights six new developments that industrial enterprises should watch out for in 2025.
1. Growing risks of innovative tech being stolen from industrial enterprises
While innovations are transforming businesses and driving a new technological revolution, this surge also attracts cybercriminals targeting research institutions and technology leading enterprises to steal valuable technical information. Industrial enterprises are particularly vulnerable, as sensitive data is often more at risk on their “shop floor” or through supply chains rather than in their research labs. Protecting operational technology (OT) assets to counter these growing threats in the coming year requires increased awareness and robust cybersecurity measures.
2. Intentionally created barriers and sanctions expose operational technology to additional threats
Geopolitical tensions, sanctions, and artificial barriers to accessing advanced technology are driving violations of intellectual property rights. This creates security risks for OT developers and suppliers, as the safeguards built into their products may no longer adequately protect their intellectual property. From the other hand, cracked software, third-party patches, and license workarounds further elevate cybersecurity risks to their customers by additionally exposing their OT environments to threats.
3. The adoption of new technologies leads to new cyber risks
Industrial enterprises are increasingly implementing innovations such as AI / machine learning, augmented reality, and quantum computing to enhance efficiency. AI-powered process control is already delivering billion-dollar gains in industries like non-ferrous metallurgy. These systems are becoming indispensable production assets, but they also introduce new cybersecurity challenges. Misuse of AI can lead to unintended data disclosures and other security risks that are hard to predict. Both AI systems and the unique enterprise data they rely on may become high-value targets for cyberattacks, with potential consequences like permanent data loss and production efficiency degradation. Meanwhile, attackers are leveraging AI themselves as well to develop malicious tools and improve social engineering tactics.
4. The use of time-tested tech leads to new cyber risks as well
In 2025 and beyond, time-tested systems like telecom equipment and industrial IoT devices may become targets of cyberattacks due to outdated security measures. Remote facilities that rely upon inexpensive network equipment are especially prone to exploitation. Additionally, the rise of Linux systems in OT environments introduces new challenges, as they may lack mature security solutions, and there are fewer skilled Linux cybersecurity professionals to safeguard them properly. Consequently, revising cybersecurity measures for legacy and time-tested technologies is essential.
5. Wrong equipment vendor choice means higher risk
Vendors that underinvest in cybersecurity expose their clients to significant risks. Long and complex supply chains, often involving smaller niche providers, make things extremely hard to manage. Additionlly, industrial enterprises frequently develop unique automation solutions in-house or through affiliates, often with inadequate security measures. These factors amplify risks in 2025, making the supply chain and custom equipment easy targets for cyberattacks. Selecting reliable vendors that adhere to high security standards is crucial.
6. Security by obscurity will not work in 2025 for OT infrastructures
The proliferation of open source tools for industrial automation has simplified the task of attacking critical production assets. Industrial enterprises, while improving automation and documentation, inadvertently make it easier for attackers to further craft sophisticated attacks on the production assets when persistence within the victim network has been achieved. In 2025, targeted cyber-physical operations will be significantly easier to implement than a few years ago. Attackers now have access to tools and information that dramatically decrease the need for industry-specific expertise.
“The evolving cyberthreats, from AI-driven attacks to vulnerabilities in new and legacy technologies, pose significant risks to industrial enterprises in 2025. Cybercriminals are increasingly targeting supply chains, operational networks, and trusted partners, making no part of an organization’s ecosystem 100% secure. To counter these risks, industrial enterprises must prioritize proactive cybersecurity measures, carefully explore vendor and supply chain security, and continuously educate their teams – both regular employees and cybersecurity professionals,” commented Evgeny Goncharov, head of Kaspersky ICS CERT.
Read the full list of ICS predictions for 2025 on the Kaspersky ICS CERT website and on Securelist.
ICS predictions are part of the Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts in the cybersecurity world. Follow this link to explore other KSB pieces.
About Kaspersky ICS CERT
Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global initiative of Kaspersky aimed at coordinating the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from
cyberattacks. Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. Learn more at ics-cert.kaspersky.com.
