Is 2025 going to be a year of cyberattacks?

In early December, the chief executive of the UK’s National Cyber Security Centre made a sobering speech which was under-reported by the media.

Richard Horne warned the NCSC had faced a significant increase in what are deemed “serious cyberincidents” throughout 2024.

By the time of his speech, there had been almost 60 more incidents last year than in the whole of 2023, including 90 deemed to be nationally significant.

Although the origins of cyberattacks may be difficult to identify, days before this speech, Russian hackers had threatened to publish patient data stolen from Alder Hey Children’s Hospital.

Some nations have more of an axe to grind than others, but cybercrime is a global phenomenon without borders, capable of impacting all of us.

So what do cyberattacks consist of? How do they affect individuals? And what can we do in 2025 to improve our own cybersecurity and maximise resilience against future attacks?

Moves and countermoves

A cyberattack is any attempt to steal, expose, alter, disable or destroy digital information by gaining unauthorised access to computer systems.

That could be a company’s mainframe server, or the computer you’re reading this article on.

Cyberattackers will use any available method to access a computer network or IT system, from phishing to Trojans, and from drive-by downloads to DDoS attacks.

The main objectives of cyberattacks are either data theft or financial gain, often achieved through ransomware locking legitimate users out of their own systems until a fee is paid.

Even then, there’s no guarantee access will be restored, or that the hackers won’t just double the ransom, or install hidden software enabling them to reactivate a lockout in future.

Richard Horne pointed out hostile activity in cyberspace is increasing in both frequency and sophistication, seeking to exploit our growing dependence on technology.

When two NHS hospitals were attacked in December, and IT systems collapsed, staff had to resort to using pens and paper, while numerous appointments were cancelled.

The most widely targeted sectors might surprise you – legal and construction firms, charities and academic institutions. Even the British Library was attacked last year.

And this is where the murky world of digital security begins to leach into your own unassuming daily life.

From grounded flights and cancelled hospital appointments to the economic costs of ransomware and cybersecurity investment, the actions of foreign agents impact on us all.

Equally, we can all play a modest part in reducing the prevalence of cyberattacks, through basic online housekeeping and best practice.

Safety in numbers?

Richard Horne used his speech to highlight the “clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us.”

He wasn’t just referring here to NHS departments relying on antiquated versions of Windows, or defence contractor personnel leaving laptops behind on trains.

Nonetheless, people usually represent the biggest weakness in any IT network or system.

Can you honestly say you’ve never left a works laptop momentarily unattended, set your password as ‘password’, logged onto insecure public WiFi or opened an unsolicited email?

Securing your home broadband is secure is easy, as is ensuring devices are never left unattended or connected to public networks while transmitting sensitive data like passwords.

If you work for a company whose activities, data or networks might be attractive to cybercriminals or foreign agents, accept 2FA logins with good grace.

Even the widely loathed Microsoft Authenticator was developed with the best of intentions, though its complexity and unreliability make it potentially more of a hindrance than a help.

Enable automatic updates on antivirus software suites and apps, change your home broadband router’s default password, and delete unsolicited emails or texts.

At home and at work, avoid clicking on insecure hyperlinks or unknown attachments, responding to emails unless you’re sure the sender is legitimate, or sharing login credentials.

We rightly expect corporations to move heaven and Earth to protect our data, but repelling cyberattacks is a job for all of us – requiring vigilance, patience and healthy suspicion.