Identity is at the root of most cyberattacks, but although we're seeing greater adoption of things like biometrics we still rely heavily on passwords.

There's added complication in the form of soaring numbers of machine identities too. Here's what some industry leaders think the identity landscape has in store for 2025.

Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.

The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.

New research shows 88 percent of security leaders believe machine identities, specifically access tokens and their connected service accounts, are the next big target for attackers.

The survey from Venafi of 800 security and IT decision-makers from large organizations across the US, UK, France and Germany, finds 56 percent have experienced a security incident related to machine identities using service accounts in the last year.

Social media has seen a 335 percent boom in new scams using deepfake videos and company-branded posts to lure victims into fraudulent investment schemes.

The latest threat report from ESET tracks these as HTML/Nomani, the countries with the most detections being Japan, Slovakia, Canada, Spain, and Czechia.

As we approach the end of the year it's time to start wondering what the next one will have in store. As always we'll be running a series of pieces looking at what industry experts think will be key tech industry trends for 2025.

We start with a look at quantum, which is getting ever closer to widespread commercial deployment and could open up great opportunities but is also leading to increasing fears about security.

Stories of CISOs being held personally liable for cybersecurity incidents has negatively affected their opinion of the role for 70 percent of respondents to a new survey.

At the same time 34 percent in the study for BlackFog, of 400 IT decision makers across the US and UK, believe that the trend of individuals being prosecuted following a cyberattack was a 'no-win' situation for security leaders: facing internal consequences if they report failings and prosecuted if they don't.

A new cybersecurity leadership survey from ISC2 shows 85 percent of all respondents identify communication as the most important leadership quality, followed by strategic thinking (41 percent), open-mindedness (37 percent), technical expertise (33 percent) and decisiveness (21 percent).

However, the findings reveal that formal leadership training remains largely inaccessible for most respondents, with fewer than 63 percent reporting they have received such formal training. Instead, 81 percent say they primarily developed leadership skills through on-the-job experiences with supervisors and managers.

A new report shows that endpoint platform security -- securing the hardware and firmware of PCs, laptops and printers -- is often overlooked, weakening cybersecurity posture for years to come.

The report from HP Wolf Security is based on a global study of over 800 IT and security decision-makers (ITSDMs) and over 6,000 work-from-anywhere (WFA) employees, it shows that platform security is a growing concern with 81 percent of ITSDMs agreeing that hardware and firmware security must become a priority to ensure attackers cannot exploit vulnerable devices.

New research from Imperva shows that 71 percent of UK consumers believe bad bots are ruining Christmas by snapping up all the most wanted presents.

It finds that 40 percent of consumers surveyed say they have been thwarted when trying to buy a gift in the past, only to find that it was completely sold out.

New analysis released by SecurityScorecard reveals that 97 percent of the top 100 US banks have experienced a third-party data breach in the past year.

As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities increases. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard's experts analyzed how third-party breaches impact the banking sector.

Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.

A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.

In the modern business world, organizations face the ongoing challenge of aligning their IT and cybersecurity efforts with their business priorities.

The difficulty lies in understanding how your infrastructure supports your business's core functions. Without this understanding, prioritizing cybersecurity initiatives, managing vulnerabilities, and ensuring business continuity remains an uphill battle.

A new study finds 25 percent of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75 percent of respondents expressing serious concern about AI-enhanced attacks in the future.

The research from API specialist Kong shows that although 85 percent say they're confident in their organization's security capabilities, 55 percent of respondents have experienced an API security incident in the past year, highlighting a notable disconnect.

The use of container images is growing fast thanks to their flexibility and convenience, but they can also represent a weak cybersecurity link in software supply chains.

A new report from NetRise looks at the scope and scale of the components and risks found across 70 of the most commonly downloaded Docker Hub container images.

A new report shows that 96 percent of attacks conducted by a leading pro-Russian hacktivist group targeted Europe this year, with attackers focusing on influencing public perception and trust over direct technical disruptions.

Based on research and data from more than 135,000 security events in 160 countries, the Security Navigator report from Orange Cyberdefense also reveals that hacktivists were responsible for 23 percent of cyberattacks that directly targeted OT and 46 percent of these attacks resulted in a 'manipulation of control.'