Key takeaways
- People can be the weakest link in a cyber defense strategy. Training employees regularly on social engineering tactics is recommended.
- Focusing on business continuity practices and monitoring suspicious behavior can help prevent damage from malware and ransomware.
- Rising attacks on critical infrastructure and supply chains highlight the need for businesses to carefully vet third-party partners and control access.
- Educate employees on AI-enabled scams and update internal protocols to help combat evolving AI- and deepfake-driven attacks.
- Never skip an update or patch. Threat actors continuously watch for known weaknesses to infiltrate networks.
Cyber threats grow more sophisticated every year, but the most effective prevention strategies remain simple. Many breaches still stem from well-known attack methods that manipulate human behavior, system delays, or gaps in third-party controls.
Huntington’s Cybersecurity and Enterprise Fraud teams track emerging threat patterns across industries. This year, what stands out is the frequency of incidents and how often they trace back to ignored fundamentals. The cost of leaving these gaps unaddressed is only getting higher. In 2024, the average data breach cost was $4.88 million, up 10% from the year prior†. Reducing the risk of evolving threats still comes down to consistently applying basic controls across people, systems, and vendors.
In this article, we highlight five threats expected to remain prominent throughout this year and into the next and strategies to help reduce exposure.
1. Social Engineering & Human Error
Social engineering attacks manipulate people rather than systems. With this tactic, threat actors impersonate internal staff, vendors, or executives to request access, information, or funds transfers. This can be accomplished with phishing emails, fake login pages, and live phone calls. The attacker’s success depends on workplace norms of helplessness, familiarity, and urgency. Between September 2024 and February 2025, one in five reported phishing emails relied solely on social manipulation, and the most common words used were “urgent,” “review,” and “sign‡.”
A combination of training and process discipline can help prevent employees from becoming victims of these attacks. Consider taking these actions:
- Offer regular role-specific phishing simulations and training that reflect actual tactics seen in the wild.
- Require dual approvers or verified callback steps for sensitive financial transactions.
- Apply control policies to limit access to systems and data based on necessity and role.
2. Malware and Ransomware
Malware refers to any software designed to harm systems. Ransomware is a type of malware that threat actors use to lock systems or data and demand payment to restore access. Increasingly, attackers extract sensitive data before triggering the lockout, which increases legal exposure and operational risk.
Many attacks bypass traditional antivirus protection. Prioritizing prevention and recovery can help defend against it:
- Back up data regularly, including copies stored offline and tested for recovery.
- Use endpoint detection and response tools that flag unusual behavior.
- Segment networks to help prevent threat actors from moving freely across systems.
3. Supply Chain Attacks and Vendor Weaknesses
As businesses rely more on third-party platforms and providers, threat actors are targeting the weakest link in those networks. Recent findings from a data breach investigations report found 30% of reported breaches involved a vendor, double the rate from the year prior§. These ranged from exploited software vulnerabilities to compromised partner credentials.
These attacks are especially difficult to contain because they extend beyond internal systems. A breach at a payroll vendor, infrastructure partner, or software provider can cascade into business interruption or legal exposure, even if the company wasn’t directly targeted. This risk has grown with the rise of nation-state actors and the expanded attack surface created by supply chains.
To help strengthen resilience, organizations should consider the following:
- Include cybersecurity requirements in vendor contracts and onboarding.
- Require multifactor authentication, passkeys, and encryption standards from third parties.
- Monitor for unusual activity in shared interfaces.
- Control vendors’ network access by implementing network segmentation and time-based restrictions.
- View vendor trust as a process, not an assumption. Verify, then trust.
4. AI Scams and Deepfake-Driven Attacks
Advances in generative tools have reshaped fraud. Threat actors use voice cloning, fake videos, and personalized phishing emails to convincingly mimic executives or employees, all with minimal resources or expertise.
Deepfakes use synthetic audio or video to imitate real people, often executives. In one recent case, a finance employee at a multinational firm received a video call that appeared to come from the CFO requesting an urgent funds transfer. The face and voice were convincing, but the message was fake. The result? The equivalent of $25.6 million was transferred to the fraudster≠.
Phishing messages using these generative AI tools have doubled over the past two years. In 2024, 82.6% of phishing emails identified showed signs of using AI§.
Companies can help limit exposure to these threats:
- Educate teams on how these scams work and what to watch for.
- Require internal authentication for high-risk requests, such as verbal codes or secondary confirmation through secure apps. This is especially important for finance, HR, and IT requests.
- Use domain authentication to flag spoofed company emails.
5. System Vulnerabilities and Missed Patches
Many breaches exploit known and unpatched software vulnerabilities. A "zero-day" vulnerability is one that becomes known before a fix exists, but most attacks succeed by exploiting older, well-documented issues that simply haven't been addressed. One data breach report found 20% of identified breaches involved exploited vulnerabilities, up 34 percent from the previous year§.
Attackers scan the internet for unpatched systems and outdated software. Once inside, they can install malware, steal data, or quietly expand their presence within the network.
These prevention strategies can help organizations address vulnerabilities quickly:
- Patch critical systems as soon as software updates are released, especially for operating systems, VPNs, and remote access tools.
- Maintaining a complete asset inventory to help avoid blind spots.
- Using automated scanning tools to detect and prioritize vulnerabilities.
Where Focus Matters
Most breaches don't begin with breakthrough tactics. They start with untrained users, missed updates, or over-trusted partners. While headlines may highlight new threat technology, the root causes are often avoidable lapses in execution or training.
Prioritizing the basics of access control, verification, patching, and monitoring remains the most effective strategy to help reduce exposure.