As AI-powered attacks and quantum computing reshape the cyber threat landscape, organizations must rethink traditional defense strategies. In an exclusive interview, Sujoy Banerjee, Associate Director at ManageEngine, reveals how businesses can prepare for 2025’s most critical threats—from AI-generated phishing scams to quantum-decrypted ransomware

What do you see as the most critical emerging cybersecurity threats in 2025, and how should organizations prepare for them?
Emerging technologies like AI and ML are disruptors leading to the rise of cyberattacks. AI-powered attacks are increasingly affecting businesses via phishing scams, ransomware attacks, malware attacks, and endpoint vulnerability exploitation. Organisations need to move beyond traditional defences to mitigate this risk. By investing in proactive measures, like penetration testing to uncover vulnerabilities, and using purple team exercises to simulate real-world attacks, organisations can improve their threat detection and response.

With threats targeting both on-premises systems and cloud environments, it’s crucial to secure all digital fronts. Companies must also run tailored incident response drills to stay ready for fast-moving threats. Ultimately, building a strong, adaptive cybersecurity strategy that accounts for AI-driven attacks is essential to protect digital assets and stay resilient in the face of evolving cyber risks.

How is the rise of AI and quantum computing reshaping the cybersecurity landscape, and what risks do they introduce?
As much as it is being hailed for making our lives easy, AI has also become a powerful ally for digital miscreants. In particular, threat actors are using generative AI (GenAI) to create highly convincing phishing emails, fake websites, and deepfakes for deceiving users and stealing their information. Threat actors are also using GenAI to develop sophisticated malware that bypasses traditional security defences.

Similarly, quantum computing is a double-edged sword. These powerful machines are capable of rendering traditional encryption methods obsolete, especially public key cryptography, as what once took a traditional computer years to decode RSA-2048 (a widely used encryption algorithm) takes a quantum computer a matter of seconds or minutes to decode.

How do you predict ransomware tactics will evolve in the near future, and what proactive measures should businesses take?
Threat actors are using AI to develop sophisticated, highly accurate ransomware that not only widens the reach of the attack but increases the impact on its victims. And this issue will only get worse as threat actors evolve their use of AI to carry out these attacks, drastically altering the threat landscape.

Businesses can adopt several key strategies to defend against ransomware attacks effectively. These include improving employee awareness and periodic training, restricting user access by implementing a Zero Trust approach and multi-factor authentication, taking regular data backups, keeping systems updated, and configuring the firewall to filter out suspicious activities and network segmentation to limit the spread of malware.

How does regulatory compliance (like UAE’s Data Protection Law or Saudi’s NCA requirements) impact cybersecurity strategies for regional businesses?
Governments across the region, led by the UAE and Saudi Arabia, have taken it upon themselves to enforce a safe and resilient cyberspace. This is in line with the region’s ongoing efforts to promote digital innovation, thereby delivering better services for people and driving faster economic growth. Compliance mandates, like Saudi Arabia’s and the UAE’s PDPL, play a major role in setting various polices, standards, and guidelines to safeguard the IT infrastructure in the respective countries. By incorporating these controls in their cybersecurity strategies, regional businesses can improve their security posture and protect their sensitive data. Failure to do so not only makes them vulnerable to cyberattacks, but invites substantial fines, legal action, and loss of operating license.

Can you explain ManageEngine’s “unified security” approach and how it simplifies cybersecurity for enterprises?
With over 20 years of experience in observing the changing IT landscape and building highly scalable and integrable solutions, ManageEngine recognises there is no single path to cyber resilience for enterprises. To stay ahead of both established and emerging threats, there is a need to take a holistic approach wherein identities, endpoints, and network infrastructure are all properly secured and governed. ManageEngine’s AI-powered cybersecurity solutions, all of which have been built from ground-up, effectively ensure this. They also help enterprises comply with the most important cybersecurity frameworks and data privacy regulations like the GDPR and the PDPL.

How does ManageEngine leverage AI to enhance phishing simulations and employee training?
For over a decade, we have been researching emerging technologies, resulting in the development of our own in-house AI based on contextual intelligence. We understand AI’s importance in detecting and mitigating cyberattacks. Our AI capabilities can be leveraged for a variety of security use cases, such as ransomware protection, anomaly detection, data exfiltration, and preventing insider access abuse.

Most phishing attacks are carried out via email, which lures an individual to download malware that enables the attacker to breach the user’s system and network. By relying on AI, our solutions can flag potential phishing attempts by continuously analysing emails and websites. This will enable security administrators to prioritise such threats and mitigate their impact.