SERVICE: YouTube
Year in weekly reviews 2025
When you move to the YouTube website, please note that YouTube has its own cookie and privacy policies.
You can watch the video here:
Information security now!
Published
This week, we look back at the cyber phenomena of 2025 in a video in which our experts discuss the most significant and interesting cyber developments of the year and provide tips for citizens and organisations on how to approach a cybersecure year in 2026.
Topics covered in this week’s review
What stood out from the cyber phenomena of 2025?
In 2025, the NCSC-FI’s weekly reviews covered, among other things, a wide range and large volume of scams and phishing campaigns, account breaches spreading from one organisation to another, critical vulnerabilities, compromised edge devices and various types of malware. There was also plenty to report on technical developments in information security — for example, quantum technology and artificial intelligence were topics that remain important to monitor this year as well. Significant steps were also taken in the regulation of information security.
Phishing attempts are becoming increasingly convincing
Last year, many people encountered phishing carried out in the name of public authorities, exploiting the strong trust Finns place in authorities. Phishing campaigns also took advantage of timely themes such as the Black Friday online shopping season and tax refunds. Artificial intelligence is making scams ever more convincing, as the complexity of the Finnish language no longer limits scammers producing machine-translated content.
Attackers are exploiting security vulnerabilities exposed in systems faster year by year, for example through automation and the use of AI. The timeframe has shifted from days and weeks to hours. Organisations in particular should pay close attention to the devices located at the network edge and ensure that they are properly updated.
We recommended effective protection measures for M365 environments
In the autumn, Microsoft 365 account breaches spread between organisations at a record pace. The NCSC-FI issued a severe alert on the topic on 9 September 2025. A particularly deceptive aspect of the situation was that compromised accounts were used, among other things, to send further phishing messages. Identifying phishing messages coming from a familiar account requires heightened vigilance.
We recommended that organisations protect their employees by enabling the security features available in the M365 environment. As protective measures were implemented and information was shared, reports of account breaches decreased towards the end of the year.
Technologies and regulation evolved
Developments in artificial intelligence were leveraged by both cyber defenders and cybercriminals. Attackers are exploiting security gaps exposed in systems faster year by year, for example through automation and the use of AI — the timeframe has shifted from days and weeks to hours. Organisations in particular should pay close attention to the devices located at the network edge and ensure that they are properly updated.
Preparation for quantum-safe cryptographic methods should be started no later than this year. In terms of cybersecurity regulation, organisations were reminded in 2025 of the first obligations of the Cyber Resilience Act, which will enter into force in 2026.
Watch the video to learn more about the most talked-about cases of last year. At the end of the video, our experts also share their best cybersecurity tips for the year ahead.
Tips for citizens and organisations
Stay calm and think first
Criminals are sending an increasing number of ever more convincing scam and phishing messages. Think before clicking on any links in messages. Log in to services only via their official homepages.
Use more secure authentication
Use strong, unique passwords and multi-factor authentication, or technologies such as passkeys.
Take care of the security of your networks and devices
Over the past year, security risks have arisen from both home routers and network edge devices used by organisations. Connect devices to networks securely and with care.
Keep updates up to date
Updates fix vulnerabilities found in devices and software, among other things.
Quantum-safe cryptographic methods
It is important for organisations to prepare for the fact that traditional cryptographic methods may be broken once quantum computers become a reality. Preparations for transitioning to quantum-safe cryptographic methods should be started as soon as possible.
What to do if you get scammed
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI. (External link)
- Guidance for victims of a data leak (External link)
Learn how to detect and protect yourself against online scams
About the weekly review
This is the weekly review of the National Cyber Security Centre Finland (reporting period 2–8 January 2026). The purpose of the weekly review is to share information about current cyber phenomena. The review is intended for everyone from cybersecurity professionals to ordinary people.