The other day, I was reviewing some risk registers from various boards. Exctiing, I know. Anyway, a pattern emerged: cybersecurity consistently ranked as one of the top perceived risks organisations. It’s a huge and increasingly urgent issue, yet it remains a mystery for most. Technologists bear some responsibility for this confusion; as an industry, we’ve developed a habit of cloaking discussions in jargon and even profiting from the opacity.
This was on my mind recently when I received an email from NordVPN. For those unfamiliar, NordVPN provides a virtual private network (VPN) service. Think of it as a secure “tunnel” between your device and the internet, masking your IP address and allowing you to browse privately—even on vulnerable public Wi-Fi networks. Put simply, a VPN makes your online activity safer and more secure.
Nord’s email was on point. With business leaders preparing for the holidays, they outlined the biggest cybersecurity threats they foresee for the coming year, giving folks something to consider for 2025. Their predictions stemmed from investigations into activity on the dark web, where emerging cyber threats often first appear.
So… what are the key risks identified for the coming year?
One of the biggest issues remains stolen passwords. Hackers continue to exploit databases of usernames and passwords leaked from data breaches. As long as people reuse the same password across multiple accounts, cybercriminals will have opportunities to infiltrate systems. For Kiwi businesses, this is very real. If an employee’s reused password is compromised, it could act as a gateway into your company’s systems.PASSWORD01 just doesn’t cut it anymore.
Breaking the bad habit of reusing passwords is essential. Encouraging employees to adopt unique passwords for every account can feel a pain in the proverbial, but it’s worth the effort—especially when combined with multi-factor authentication for added protection.
Another growing vulnerability comes from smart devices, which are now a staple in many remote work environments. Gadgets like smart locks, security cameras, or even connected fridges might seem harmless but can serve as entry points for hackers to access home networks. Once inside, they can easily infiltrate work systems. Ort, perhaps even worse, play with the temperature settings on your fridge and spoil your smelly French cheese.
Identity theft remains a lucrative avenue for cybercriminals, but their tactics are evolving. A rising trend is synthetic identity fraud, where hackers combine real and fabricated details—sometimes even using deepfake technology—to create entirely new identities. Another unsettling phenomenon is reverse identity theft, where criminals don’t just steal a person’s identity to drain their finances but use it to live as that person, applying for jobs, benefits, or evading legal consequences.
For businesses, this highlights the need to strengthen identity verification processes. Whether hiring new employees, managing customer accounts, or handling sensitive transactions, it’s worth investing in tools and training that can help detect fraudulent activity.
Disinformation, once primarily a tool of anti-vaxxers and geopolitical actors, is now increasingly available for hire on the dark web. Hackers offer “disinformation as a service,” targeting companies with fake news, spam campaigns, and algorithm manipulation to damage reputations. For Kiwi businesses, this could mean anything from bogus complaints about your product to full-blown smear campaigns. Monitoring your brand’s online presence and responding quickly to misinformation will be vital in 2025.
Cybercriminals are also turning to artificial intelligence to enhance their attacks. AI allows them to craft more convincing phishing scams, target businesses with greater precision, and even manipulate automated customer service processes. These tools make attacks faster, harder to detect, and increasingly sophisticated. One concerning trend involves scammers exploiting company systems to issue fraudulent refunds or replacements. While such scams may seem like problems for large corporations, smaller businesses aren’t immune and should review their internal controls to prevent similar vulnerabilities.
The truth is that cybersecurity threats are, like viruses, always evolving. What worked last year to protect your business might not suffice in the year ahead. Staying ahead of these threats requires a proactive approach: keeping informed, investing in the right tools, and embedding cybersecurity into the culture of your organization.
It’s not enough to view cybersecurity as a box-ticking exercise. Instead, it requires a mindset shift. Everyone in the organization, from the CEO to the most recent hire, needs to understand the risks and how to avoid them. Simple steps—like enforcing strong passwords, keeping systems updated, and providing regular employee training—are critical to staying ahead.
As New Zealand businesses embrace the opportunities of a more connected, digital-first world, the risks will only grow. But with vigilance and the right strategies, you can protect your company while focusing on what you do best. Perhaps 2025 will even be the year we finally leave passwords like “123456” behind for good.