2024 welcomed a variety of developments in cloud security, with no shortage of risks, innovations, and collaborations among them. Yet with 2025 rapidly approaching and annual planning already underway, organizations need to prepare for what the New Year may bring. And who better to help than some of the industry’s top experts at Orca Security, who developed their key cloud security predictions for 2025.
In this post, we examine each prediction, why it matters, and how you should prepare.
Prediction #1: AI will become a key tool for reducing manual workload in cloud security
Expert: Avi Shua, Chief Innovation Officer and Co-Founder, Orca Security
Description: “In 2025, AI will be instrumental in reducing the manual work required to manage cloud security. From tasks like risk attribution to identifying top-priority issues, AI will automate time-consuming processes, allowing security teams to focus on high-impact work. These are just a few examples of how AI can streamline operations, minimizing routine tasks and enhancing the overall efficiency of cloud security efforts.”
Why it will happen in 2025: “Advances in AI technology, coupled with a growing shortage of skilled cloud security professionals, make automation essential. As cloud infrastructures become more complex, the need for efficient, automated solutions will only increase, helping organizations stay secure without needing a large team.”
Why it matters: “Scaling security efforts effectively in line with cloud growth requires a non-linear approach. AI-driven automation enables teams to manage security at scale, addressing complex environments with fewer resources and reducing the risk of human error.”
Preparation tips: “Organizations should review their current security processes to identify repetitive or resource-intensive tasks that could be automated with AI. This strategic focus on automation can help security teams adapt to a rapidly evolving cloud landscape and improve their overall security posture.”
Prediction #2: Ransomware will become a top cloud threat
Expert: Neil Carpenter, Field CTO, Orca Security
Description: “Ransomware continues its multi-year reign as a top cybersecurity threat, with attackers adopting more advanced techniques to evade detection and gain leverage over their victims. The threat has now made inroads in cloud computing, with attackers increasingly targeting cloud environments to exploit security weaknesses.
As the movement of data and critical applications to public cloud computing accelerates, attackers have more opportunity and incentive to compromise cloud accounts and extract value.”
Why it will happen in 2025: “2024 saw multiple high-profile ransomware attacks in the cloud, with victims ranging from government agencies to global corporations and beyond. With 2025 expected to witness a 21.5% growth in public cloud services, according to Gartner, we should see a significant uptick in cloud ransomware attacks.”
Why it matters: “Ransomware remains one of the most pervasive and costly threats facing organizations today. According to Verizon’s 2024 Data Breach Investigations Report, ransomware accounted for nearly a quarter of all security breaches last year and affected nearly every industry. The consequences of a ransomware attack can be devastating—resulting in significant financial, operational, legal, and reputational damage.”
Preparation tips: “To effectively safeguard against ransomware, focus on creating a strong and mature cloud security posture. Start by conducting a comprehensive risk assessment of your environment, prioritizing the most critical vulnerabilities, and remediating them promptly.
While ransomware is a key threat, it’s equally important to assess all types of risks—particularly those that could enable lateral movement or expose sensitive data. Ensure your security stack includes cloud threat detection and response (CDR) capabilities to identify any anomalous or malicious activity.”
Prediction #3: Attackers will target non-human identities (NHI)
Expert: Bar Kaduri, Cloud Threat Research Team Leader, Orca Security
Description: “Non-human identities (NHIs) play an essential role in cloud computing. They help power critical applications and efficient operations by enabling digital identities to gain the machine-to-machine access and permissions they need within cloud environments. NHIs come in several forms, including IAM entities, API keys, tokens, and credentials. They enable cloud operations like provisioning resources, accessing sensitive data, and interacting with third-party APIs.
In 2025, attackers will make NHIs a prime focus, searching for leaked identities or trying to manipulate known and supply chain services to compromise NHIs.”
Why it will happen in 2025: “As organizations embrace cloud-native architectures, the number of NHIs continues to increase exponentially. According to some estimates, NHIs currently outnumber human identities 45-to-1. This drastically expands the attack surface and increases security risks.”
Why it matters: “A recent report from the Cloud Security Alliance indicates that nearly 1 in 5 organizations have already encountered security incidents linked to NHIs. The most common causes of these incidents are inadequate credential rotation (45%), insufficient monitoring (37%), and over-privileged accounts (37%).
Our research at Orca supports these findings, revealing that many organizations leave NHIs unused for extended periods. In 35% of organizations, more than 10% of IAM roles have remained inactive for the past three months, increasing the vulnerability to attacks. Additionally, 70% of organizations expose critical credentials like API keys in code repositories, compounding the security risk. Exposure of these credentials can lead to data breaches, abuse of resources, or full account takeover.”
Preparation tips: “To secure your NHIs, utilize tools to track and map both human and non-human identities in your cloud environment, ensuring that you remove unused identities to reduce exposure. Also, focus on limiting the permissions granted to identities, services, and pipelines to only what is necessary. This reduces the potential impact of a breach by containing compromised identities.
Meanwhile, use secrets detection to identify NHIs in codebases before they get deployed to production or exposed to public repositories.
Additionally, ensure you continuously monitor all cloud identities for suspicious activity, such as unusual access patterns or locations. Anomaly detection can help identify potential security incidents early, minimizing their impact.”
Prediction #4: Adoption of Zero Trust frameworks and passwordless authentication will increase
Expert: Yonatan Yosef, Cloud Threat Researcher, Orca Security
Description: “Zero Trust is a modern security framework based on the principle of ‘never trust, always verify.’ Unlike traditional perimeter-based security, it emphasizes continuous verification of users and devices, micro-segmentation, real-time monitoring, adaptive access policies, and least privilege access. This approach minimizes attack surfaces and protects against both external and internal threats by requiring verification for every access attempt.
Complementing Zero Trust, Passwordless Authentication eliminates reliance on traditional passwords, using secure alternatives like biometrics (fingerprints, facial recognition), hardware tokens, or cryptographic keys. This reduces risks from password misuse, phishing, and credential theft.
Together, Zero Trust and passwordless authentication strengthen cybersecurity, mitigate credential-based attacks, and simplify secure access, making it harder for attackers to compromise systems.”
Why it will happen in 2025: “In 2025, Zero Trust and passwordless authentication will be crucial for countering increasingly sophisticated threat actors. These attacks are expected to escalate due to advancements in AI technology that enable attackers to automate and scale complex threats, adapt quickly to defenses, and exploit vulnerabilities at an unprecedented rate.”
Why it matters: “Zero Trust leverages micro-segmentation to isolate threats and prevent attackers from moving laterally within networks, thereby containing potential breaches before they cause significant damage. Additionally, continuous verification ensures that even advanced threats are identified and blocked in real-time, significantly reducing incident response times and allowing security teams to focus on proactive measures and threat hunting.”
Preparation tips: “Implementing Zero Trust in a traditional organization is complex, requiring a mix of hardware, firmware, and software. Even if Zero Trust may not be suitable for every organization, maximum effort should still be applied to secure the organization using concepts such as MFA, principle of least privilege, conditional access, key rotation, password policies, and other best practices with combination of logging and monitoring.”
Prediction #5: Advances in social engineering will increase the need for cloud security
Expert: Roi Nisimi, Cloud Threat Researcher, Orca Security
Description: “In 2025, attackers will leverage deepfake technology to execute more sophisticated phishing and social engineering campaigns—placing added pressure on cloud security teams to address pre- and post-breach risks.”
Why it will happen in 2025: “Deepfake technology can enable attackers to create convincing audio, video, or synthetic personas that manipulate and deceive even the most vigilant employees. This threat has already surfaced in several instances and is expected to grow more prevalent.”
Why it matters: “Advanced social engineering attacks exploit a critical vulnerability in an organization’s attack surface—human error. This underscores the growing importance of zero-trust principles to mitigate the heightened risks of unauthorized access, privilege escalation, lateral movement, and other serious security incidents.”
Preparation tips: “In addition to using AI-based phishing detection tools, security teams must strengthen their cloud security posture and improve IT hygiene, especially in the area of identity and access management (IAM). Key areas of focus include securing identities and entitlements, enforcing the principle of least privilege (PoLP), and embracing a zero trust framework.
Organizations must also enhance their ability to detect, monitor, and address critical attack paths—dangerous risk combinations that threaten high-value assets.
And to further safeguard their environments, security teams should also leverage cloud detection and response (CDR) capabilities to identify anomalous activity and mitigate post-breach risks.”
Cloud security predictions 2025
The future in cloud security promises plenty of risk and reward. Safeguarding against the former and capitalizing on the latter requires organizations to stay attune to the emerging trends in the field, including our experts’ top cloud security predictions.
To learn more about how Orca Security can help you enhance your cloud security for the present and future, schedule a personalized 1:1 demo.