At the end of 2024, one conclusion was already clear: cybersecurity had moved beyond prevention alone. Resilience – the ability to prepare for, withstand, respond to, and recover from cyber incidents – had become central to how organizations thought about risk.
In 2025, this direction did not change. Instead, it deepened.
The past year was less about redefining priorities and more about putting cyber resilience into practice – operationally, strategically, and at scale. Organizations faced the reality that resilience is not a concept or a framework, but an ongoing discipline that must evolve alongside technology, threats, and business models.
In this review, we look back at 2025 through the perspectives of our experts, the industry discussions we took part in, and the changes we made to our services – all shaped by the realities of an evolving threat landscape and the growing need for continuous validation.
Evolving Threats: When Deception Took the Lead
In 2025, attackers increasingly shifted away from purely technical exploits toward more advanced social engineering and deception-based tactics. The objective was no longer to break systems, but to convincingly imitate trusted ones.
Social engineering became more targeted and context-aware, driven by the rapid evolution of deepfake technology. Voice and video impersonation attacks grew significantly more realistic, making it harder – even for experienced professionals – to distinguish legitimate requests from malicious ones based on appearance or tone alone.
The next wave will be also shaped by the unprecedented digital footprints of Generation Alpha – the first generation to have their identities documented online from birth. Years of images, videos, voice recordings, and behavioral data shared across platforms will form rich material for highly targeted, personalized manipulation.
At the same time, techniques such as Browser-in-the-Browser (BitB) phishing gained traction. By embedding realistic, interactive login windows within malicious web pages, attackers replicated trusted authentication flows with alarming accuracy. These fake browser windows closely mirrored legitimate ones – including branding, URLs, and interface behavior – making them difficult to identify even for security-aware users (a topic we explore in more detail in a recent blog post).
Together, these developments signal a shift from traditional social engineering to synthetic engineering – where generative AI enables hyper-personalized, context-aware attacks capable of mimicking communication styles and adapting in real time. As deception becomes more convincing, a key lesson from 2025 stands out: resilience depends less on static prevention and more on continuous validation, awareness, and rapid response.
Trust as a Prerequisite for Resilient Security
As resilience matured, so did expectations around trust and quality. Organizations became more cautious about how security testing was conducted and who performed it.
In this context, independent standards and accreditation played a critical role. In 2025, AMATAS achieved four CREST accreditations across penetration testing, SOC services, and offensive vulnerability scanning for mobile and application environments, becoming the first and only Bulgarian company to reach this level. At the same time, the expertise within our penetration testing team continued to grow, reflected in individual achievements such as Lyuben Petrov’s CREST certification, further strengthening the depth and consistency of our testing capabilities.
These milestones reflected a broader industry requirement: resilient security must be verifiable, consistent, and aligned with internationally recognized best practices.
Making Professional Security Testing Accessible
Another key lesson from 2025 was that resilience must be achievable for organizations of all sizes, maturity levels and industry. Many smaller organizations understood the need for structured security testing but faced barriers related to complexity and cost.
To address this gap, AMATAS introduced Essential Penetration Testing – designed to deliver professional, CREST-aligned security testing without enterprise-level overhead. This testing provides a targeted, efficient approach to security that meets both NIS2 and DORA requirements while keeping costs manageable and shortening delivery timelines expectations from weeks to days.
The focus with Essential Testing is on clarity, relevance, and actionable results – enabling organizations to take meaningful steps toward resilience without being overwhelmed.
The Evolution of Pentesting: The Launch of Continuous Testing
The year also highlighted the limitations of periodic security assessments. In environments that change daily, annual or ad-hoc testing provides only a partial and often outdated view of risk.
This challenge – and the need for continuous validation – was a central theme in the keynote of AMATAS CEO Marko Simeonov at the annual Cybersecurity and Data Protection Forum, co-organized with Capital. The discussion highlighted how new attack paths and constantly shifting environments demand ongoing security testing rather than isolated checks.
Against this backdrop, AMATAS launched Continuous Penetration Testing, combining automated assessments with expert review to provide ongoing visibility into evolving security risks. Rather than replacing human expertise, automation was used to extend it enabling faster detection, better prioritization, and more informed decision-making.
Continuous penetration testing proved to be a practical foundation for cyber resilience, rather than an advanced or optional add-on.
Resilience Through Shared Knowledge
Cyber resilience does not develop in isolation. In 2025, meaningful progress increasingly came from open dialogue, shared experience, and practical discussion across the industry.
For several years in a row, AMATAS has been a co-organizer of the annual Cybersecurity and Data Protection Forum with Capital, where business leaders and security professionals explore how the threat landscape is evolving and why continuous validation matters. This year’s key takeaways focused on new attack paths and the shift toward continuous penetration testing.
AMATAS experts also contributed to discussions at Kosher (Hive), ISACA Day, Capital AI in Practice, Bulgarian Identity Conference 2025 (IDVKM), DigiPay, and more. Insights from these conversations – including perspectives from our CEO Marko Simeonov and our CSO Boris Goncharov – are captured in What Business Leaders Really Talk About When They Talk About Security.
The exchange continued through podcasts such as Cyber Security Matters and Digitalk with Boris Goncharov, and The Recursive with Miroslav Naydenov. We remain committed to actively participating in industry events, forums, and conversations that advance practical cybersecurity knowledge and strengthen collective resilience.
Key Takeaways from 2025
- Resilience is not a new concept – but it requires constant execution
- Trust in security outcomes depends on standards and independent validation
- Accessibility is essential for resilience to scale
- Continuous testing provides more value than isolated assessments
- Knowledge-sharing remains a critical enabler of better security decisions
Conclusion
2025 was not about redefining cybersecurity priorities, but about making them real. The focus on resilience that emerged in 2024 continued to shape how organizations tested, validated, and improved their security posture.
As we move forward, resilience remains a continuous commitment – built through trusted standards, ongoing visibility, expert insight, and collaboration. The question is no longer whether resilience matters, but how consistently it is applied.
