Full Report
Experts at Infosecurity Europe 2025 highlighted a range of major industry trends, from advanced social engineering techniques to vulnerability exploits
Analysis Summary
# Industry News: Infosecurity Europe 2025 Highlights Trends in Social Engineering, Identity, and AI Risk
## Summary
Key takeaways from Infosecurity Europe 2025 emphasize a critical shift in attacker focus towards voice-based social engineering (deepfakes) and the persistent failure of organizations to implement robust identity protection, despite credential compromise remaining the leading source of breaches. Experts stressed that driving security effectiveness requires balancing stronger controls, like phishing-resistant MFA, with minimizing employee friction, while simultaneously adapting human risk management strategies to counter evolving AI-driven threat landscapes.
## Key Details
- Date: [Implied - Following Infosecurity Europe 2025]
- Companies Involved: Fleet Mortgages, Rapid7, Darktrace, SoSafe (as quoted experts/entities)
- Category: Industry Trends Summary/Expert Commentary
## The Story
Infosecurity Europe 2025 sessions highlighted several dominant cybersecurity trends. Foremost is the evolution of social engineering, where threat actors are increasingly using highly convincing voice calls, often augmented by deepfake technology, to trick employees into resetting passwords or divulging credentials—an attack vector difficult to block at the perimeter. This aligns with data from Rapid7 showing that 56% of Q1 2025 compromises involved stolen credentials without MFA. Consequently, experts are strongly pushing for adoption of phishing-resistant MFA (like FIDO standards) over less secure SMS 2FA due to rising SIM-swapping fraud. A second major theme was the balance between security and usability; effective security measures, especially in identity management (e.g., passwordless), must reduce employee friction to ensure adoption. Finally, the growth of AI is accelerating vulnerability exploitation and attack scaling, requiring organizations to move beyond simple awareness training towards real-time human risk management and fostering a "Just Culture" for reporting errors.
## Business Impact
### For the Companies Involved
- **Tool/Solution Providers (Implied):** Companies offering FIDO-based MFA, sophisticated identity governance, and human-centric risk management platforms are well-positioned to capitalize on the identified urgent needs for stronger identity hygiene and behavioral change.
- **Consultancies/Service Providers:** Increased demand for foundational security maturity assessments, particularly concerning patch management and identity control weaknesses.
### For Competitors
- Competitors who are slow to integrate usability into advanced security stacks (e.g., frictionless passwordless or efficient MFA rollouts) risk being overlooked by enterprises prioritizing employee experience alongside security posture.
- Companies lagging in capabilities to support defense against AI-enhanced attacks or voice-based impersonation may see market share erode as leading vendors address these novel threats.
### For Customers
- **Increased Security Burden:** Customers face pressure to immediately upgrade authentication mechanisms, especially moving away from SMS 2FA.
- **Operational Changes:** Organizations must implement non-technical controls like pre-agreed passphrases and adopt continuous, real-time behavioral nudges rather than relying solely on legacy annual security awareness training.
### For the Market
- The identity and access management (IAM) market is shifting decisively towards phishing-resistant authentication technologies.
- There is a growing bifurcation between foundational hygiene enforcement (MFA, patching) and next-generation defense against sophisticated threats (AI-driven automation, deepfake social engineering).
## Technical Implications
The rise of deepfake voice attacks creates an immediate technical challenge for traditional perimeter defenses, necessitating deeper identity verification measures integrated into internal communications or identity access workflows. The push for FIDO standards signals a platform-level maturation where browser and OS support for hardware-backed credentials becomes essential for mitigating bulk phishing campaigns. Enhanced vulnerability management, driven by AI-accelerated discovery, demands faster patch deployment cycles, potentially requiring automated or continuous prioritization based on observed threat intelligence.
## Strategic Analysis
- **Market Positioning:** The industry is clearly pivoting attention back to "the basics" (Identity, Human Factors), but with advanced technological solutions (FIDO, AI-powered risk management). Vendors positioned at this intersection of basic necessity and advanced technology will lead.
- **Competitive Advantage:** Advantage lies with vendors who can seamlessly embed security controls without disrupting workflows (frictionless security). This validates the strategic importance of passwordless solutions.
- **Challenges:** The main challenge is organizational inertia—getting security leaders to successfully champion and implement controls that require high levels of employee adherence (like adopting new MFA methods or engaging in human risk management programs). Blocking phone calls without impacting business continuity remains a major technological hurdle for service providers.
## Industry Reactions
- **Analyst Opinions:** Analysts likely view the focus on fundamentals (56% of breaches from creds) as validating ongoing concerns about implementation quality rather than just feature deployment.
- **Expert Commentary:** Experts are unified in highlighting the inadequacy of legacy defenses (SMS 2FA, simple awareness training) against modern, AI-enhanced social engineering.
- **Market Response:** Expect acceleration in investment and vendor M&A activity targeting strong phishing-resistant authentication and behavioral monitoring platforms.
## Future Outlook
- **Predictions and Expectations:** The trend toward voice social engineering will likely force the adoption of context-aware authentication that verifies identity more robustly mid-session. Vulnerability patching will continue to be explosive until security-by-design incentives become standard across the supply chain.
- **What to watch for:** Look for new tools specifically designed to authenticate inbound voice communications within enterprise telephony integrations, potentially using AI to spot deepfake anomalies.
## For Security Professionals
Security practitioners must immediately audit MFA deployment, prioritizing the phases-out of vulnerable SMS 2FA and deploying FIDO-compliant solutions. Focus resources on developing real-time response capabilities, such as mandatory passphrases for sensitive requests and establishing reporting mechanisms that foster a "Just Culture" to catch near-misses related to sophisticated voice attacks.