2025 Predictions - Greg Day VP & Field CISO, Cybereason
- Deepfakes become the norm as another tool in the cyber attackers arsenal. Whilst deepfakes have been visible within limited circles, such as the political sphere for a number of years, the innovation is moving this capability into the mainstream arsenal of cybercriminals. Some industries such as finance have used voice recognition as part of their verification processes, so we should assume these and others will be challenged by the innovation coming from Deepfakes going mainstream.
- Mobile threats grow in the Apple sphere - as side loading opens up the opportunity. Whilst today Apple has a much smaller share of the market than it once had, for too long its users have had to deal with very limited cyber attacks, this now changes as side loading into the app store goes mainstream. We must expect to see a new focus on iOS attacks.
- APT (advanced persistent threat) resurgence - linked to growth in wars occurring around the world. This phenomenon, that started with Operation Aurora and the likes of Stuxnet in the early turn of the century has started to and will continue to make a resurgence. Ransomware has proved the value of data, APTs persistence enables the longer term access to this most valuable commodity in each compromised business.
- Generative AI (Artificial Intelligence) will be tested to a far greater scale both from an offensive and defensive capability. Whilst we are still very much at the immature phases we should expect the evolution and innovation to evolve at speed. Today most businesses are just starting to define their own clear governance models for GenAI, yet already we see richer training for GenAI models including in cybersecurity, which is empowering greater capabilities from cyber security vendors. Yet as we continue to build out and mature the use cases for generative AI, so do we empower new methods for the adversaries to take advantage. This is an evolution happening at pace. The question is who will be better empowered to take advantage of it, the adversary or the genuine businesses including cyber security vendors?
- Cyber security will embrace big data science expertise. Most organizations are already drowning in cyber security telemetry overload. The shift needs to move from gathering more data to using what we have in better ways, which can and will enable the use of capabilities such as generative AI. But first we need to re-architect how we gather and contextualize data to be easily machine readable.
- IR capabilities will be tested as new regulations come into enforcement - NIS v2, DORA, US NYDFR cyber regulation 2023. Over the last few years we have started to see more and more stringent regulations coming into force around the world for cyber security, typically with three main requirements, accountability, auditable capabilities and the ability to identify and respond at pace. Whilst its still often taking months to identify and respond to a breach the expectations from regulatory authorities is that it should just be a matter of days. Many organizations simply don’t have the skills or capacity to achieve this today and as such regulations will be questioned. Businesses should now be testing at least twice a year, if not quarterly, their capabilities in preparation for an incident.
- Attackers will continue to evolve from traditional tactics and techniques. As we see ransomware continue to saturate significant parts of the world, we can expect to see more focus on other techniques of attack, be that growth in non malware based attacks or traditional attack techniques used in less well protected spaces. For example, cloud security is still far from mature, and at the same time the growth of IP addressable medical devices (an industry that has been heavily targeted in recent years by ransomware) just to flag a few potential targets.
- Threat innovations driven by Cyberwar. With sadly more wars occurring around the world than ever, we must expect to see new innovations coming from this space. Whilst initially targeting the military, we should expect them to also move into the supply chain and soon after be adopted by more traditional cyber crime groups.
- Critical National Infrastructure (CNI) digital targets grow. As more of most national critical systems continue to be digitized we must expect to see increased focus both from cybercriminals targeting such systems for ransom, but equally nation state attacks on these systems as part of their offensive warfare capabilities.
- Mental health in Cyber Security gets ever closer to crisis levels. Over the last few years the expectations on cyber security teams have grown exponentially with ever increasing complexity and technology to secure, more threats and greater demands from the business on the time to find and remediate cyber incidents. Ask most cyber security experts and they’ll tell you today it's more than a job, it's a lifestyle, one that rarely sleeps, indeed adversaries target outside of office hours for their attacks. All of which is challenging the mental health of cyber security experts, no human can continuously function at this level of often high cortisol and associated adrenaline. Leaders will have to learn how to help manage cyber stress if they want the best from and for their teams.