Water Sector Targeted, Essential Ai Security, Trump Cybersecurity Shifts

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Water Sector Targeted, Essential AI Security, Trump Cybersecurity Shifts

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-19946">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/01/Water-Sector-Targeted-Essential-AI-Security-Trump-Cybersecurity-Shifts.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M26S">2:26</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-19946" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-19946" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-19946" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-19946" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/water-sector-targeted-essential-ai-security-trump-cybersecurity-shifts/&t=Water Sector Targeted, Essential AI Security, Trump Cybersecurity Shifts" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/water-sector-targeted-essential-ai-security-trump-cybersecurity-shifts/&url=Water Sector Targeted, Essential AI Security, Trump Cybersecurity Shifts" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/01/Water-Sector-Targeted-Essential-AI-Security-Trump-Cybersecurity-Shifts.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/water-sector-targeted-essential-ai-security-trump-cybersecurity-shifts/" class="input-link input-link-19946" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-19946" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-19946” readonly/>

					<button class="copy-embed copy-embed-19946" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

2024 whirled by just like that, and we are already celebrating the new year 2025. Unfortunately, with every passing year, the threat actors are getting more and more sophisticated. While you are busy celebrating the new year, threat actors are inching closer to your data every moment.

That’s exactly why we are here with our latest dose of cyber bulletin. This week, the focus is on **AI security trends in 2025. We will also discuss the major shifts in the Trump-led USA. Lastly, the focus will be on the hacker’s favorite- the utility sector.

So, let’s not waste any more time and get started with today’s digital report !

The water utilities sector becoming the prime target of threat actors!

In the last year and a half, the US water utility sector has been hard hit by the threat actors. State-sponsored cybercriminals, hacktivists, and random fraudsters have preyed upon this crucial **infrastructural system now and again.

As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

Cybercriminals identify the most vulnerable, insecure water utilities that do not have any kind of safety mechanisms or security setups. Experts believe that attacks on the water utility sector are to cripple the confidence of people.

Government and federal agencies are working closely with other departments to curb such attacks on the utility sector. Special attention is being paid to the water utility setups that are small, vulnerable, and do not have intricate security mechanisms. The major roadblock is the security expenses that these small water utilities are unable to bear. Having no **IT support **and the lack of cyber knowledge also compounds up.

Government-recommended state-of-the-art security monitoring systems are completely out of reach of these small water utilities.

The good news is that there are certain free resources that these small water utility systems can use for meeting security needs, the most popular one being the Water ISAC’s 12 security fundamentals and the American Waterworks Association (AWWA)’s free-of-cost security assessment tool. A cyber volunteer program is also being run to secure rural water utilities.

Experts recommend using multifactor authentication, having offline backups, and developing a **response plan as crucial measures to tackle such threat attacks on the water utility sector.

AI security trends you can’t afford to miss out on in 2025!

AI is here to stay. AI-driven security trends in 2025 are going to enhance efficiency and productivity. Experts believe that more and more organizations will **leverage generative AI and LLMs (Large Language Models) this year across multiple departments, including fraud detection, content creation, customer support, knowledge management, software development , and data analytics. While companies are happy because of the result-oriented approach of AI, experts are already worried about privacy concerns, security risks, and governance-related problems.

As per the ongoing trends, AI-based coding assistants such as OpenAI Codex, GitHub Copilot, and **Amazon CodeWhisperer will soon surpass their experimental, early adopter status and go mainstream in 2025. This will lead to some amazing benefits such as error reduction, automation of repetitive tasks, enhanced productivity, and swifter development times. However, there are certain shortcomings as well, such as insecure coding practices, unwanted data exposure, and so on.

Easy accessibility of GenAI tools and unauthorized usage of **modern technologies can be extremely dangerous for organizations. For instance, excessive use of AI chatbots is gradually becoming a cause of concern. There’s always a looming risk of unintentional data exposure by unhinged AI chatbots.

At the same time, AI also comes laden with multiple advantages. Its ability to process and evaluate humongous volumes of threat data and then identify malicious patterns can be used significantly to trace any kind of illegitimate attempts by threat actors. 2025 is going to be the year when human expertise will be backed up by **AI’s expertise to combat malicious threat attempts.

Major cybersecurity shifts in Trump-led USA

Ever since its return, the Trump administration has been keen on making significant changes to strengthen the cybersecurity mechanism in the USA. However, this is leading to potential tension between the Trump administration and the **federal government in terms of handling cybersecurity issues.

As Trump is back, experts believe that there will be a gradual shift towards deregulation. Trump will also focus on building public-private partnerships. As per expert predictions, the federal government may step back from stringent cybersecurity setups . More and more private companies will be able to tap into the opportunity and play a key role in setting up security systems.

Another major expectation is that cybersecurity rules will be made a little less strict when it comes to chief information security officers and businesses, allowing them to perform conveniently. During the Trump administration, major cybersecurity shifts emphasized strengthening email security protocols like DMARC, DKIM, and SPF to combat phishing and enhance trust in digital communication infrastructure.

Cyber experts hope for a balanced approach whereby **cybersecurity policies get strengthened and organizations get to operate seamlessly without many intricacies.

Sources

• CISA Binding Operational Directive 18-01
• Microsoft Outlook DMARC Enforcement May 2025 (2025)
• PCI DSS v4.0 - DMARC Requirement (2025)