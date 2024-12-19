The Blurring of State-Sponsored Threats and Waiting on the Quantum Apocalypse

This collection of predictions offers some promising solutions to increasingly complex cyber challenges.

Dec 19, 2024
General Cyberattack

While a great deal of uncertainty hovers around 2025, one thing is clear when it comes to industrial cybersecurity - it won't be simple. As more experts weigh in on the trends most likely to impact the sector in the next 12 months, it's no surprise that the bad guys and their strategies, while cemented in legacy methodology, are leveraging more complex tools and infrastructure to launch attacks. Balancing those concerns are new defensive tools and strategies that offer equal parts comfort and concern, as they encompass new technologies and implementation approaches.

Douglas McKee, SonicWall Executive Director, Threat Research

  • Detecting attack origins will become increasingly difficult. The line between state and criminal operations will continue to blur further, making it increasingly challenging to attribute attacks. This may prompt stronger international collaboration on cybercrime policy, but effective attribution will remain a core challenge. Governments and private organizations must adapt to this evolving threat landscape, focusing more on proactive intelligence sharing and threat-hunting to disrupt collaborative efforts before they impact critical sectors.
  • 2025 will see the rise of quantum-resistant cryptography. While large-scale quantum decryption of algorithms like RSA or AES is unlikely in 2025, targeted attacks on specific or older cryptographic implementations may become more advanced. Despite ongoing "quantum apocalypse" fears being overstated, developing quantum-resistant cryptography will remain a priority for researchers and organizations as part of long-term resilience planning. Governments and private sectors will boost investments in post-quantum solutions, emphasizing broader cybersecurity measures to address potential early threats.
  • AI will augment cybersecurity protection efforts without replacing humans. AI will be a defensive tool and a strategic force multiplier in 2025. It will enable organizations to stay one step ahead of state-sponsored criminals, adapt to quantum threats, and protect critical infrastructure in an increasingly hostile threat landscape. AI’s continuous learning, predictive power, and automation will continue to redefine cybersecurity without replacing the human element, making it essential for both offense and defense to embrace and leverage it as a tool in their tool belt.

Ariel Parnes, Co-Founder and COO, MITIGA 

The lethal combination of AI-powered attacks and SaaS vulnerabilities will redefine the threat landscape. In 2025, two critical trends will converge to create a perfect storm and reshape the threat landscape:

  1. The growing availability of generative AI for cybercriminals.
  2. The rapid adoption of SaaS applications.

Generative AI, with its ability to craft sophisticated, context-aware content, will empower threat actors to automatically scan SaaS environments, find vulnerabilities, and launch precise, rapid attacks. The barriers to creating adaptive phishing campaigns or exploiting SaaS misconfigurations will drop, enabling even less-skilled hackers to conduct highly targeted attacks.

AI will also help attackers evade detection by continually modifying their techniques. Meanwhile, organizations are adopting more SaaS applications, creating sprawling, interconnected environments and introducing new security challenges. Many organizations lack visibility into their SaaS ecosystems, making it difficult to monitor user behavior, detect threats, and enforce security policies consistently across applications.

Traditional security tools are ill-equipped to protect the decentralized and dynamic nature of SaaS platforms. As business functions shift to the cloud, this gap in SaaS visibility and detection will remain a significant weakness for cybercriminals to exploit. Without real-time monitoring and detection, organizations will be at a disadvantage.

To counter these threats, companies must close the SaaS visibility gap by investing in advanced security tools specifically designed for cloud environments. These tools must leverage AI to keep pace with evolving threats, focusing on real-time detection, anomaly identification, and continuous monitoring across all SaaS applications. 

Scott Kannry, Co-Founder and CEO, AXIO 

  • The need for cyber risk quantification is rapidly moving beyond security teams, making usability the #1 requirement for CRQ solutions. Cybersecurity management has expanded beyond the sole domain of security teams and is increasingly influenced by business leaders and non-technical stakeholders, both inside and outside the org. To be effective, CRQ solutions must be user-friendly, business-focused tools that inform decisions by internal leaders across all departments while facilitating collaboration with external partners through shared, business-oriented risk language.
  • Robust risk quantification will drive tech stack decisions. Risk quantification will play an increasingly critical role in guiding decisions around the adoption of new technologies and the cost and benefits of maintaining legacy systems. This CRQ-centered approach ensures that companies’ tech stacks more precisely align with their risk tolerance and resilience strategies.
  • The traditional CISO role will continue to evolve (and even split into two roles in some orgs). As enterprises navigate an evolving global patchwork of regulations, the scope of the CISO has expanded beyond the traditional purview of overseeing data and information security to new areas like compliance management and boardroom disclosure. Some CISOs will have adapted to—and thrived within—this expanded role. Many companies, however, will opt to split security leadership duties between a technically focused lead and a business/regulatory-focused one.

 

Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
December 10, 2024
Cps (cyber Physical Systems) Concept Abstract Image 612622938 2124x1416
IoT Security is MIA
December 19, 2024
Industrial Cyber
Five Manufacturers That Overcame Industry 4.0 Security Challenges
December 19, 2024
Protection Background Technology Security 524882074 701x502 (1)
Report Validates Visibility Concerns, Talent Shortage
December 19, 2024
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Report Validates Visibility Concerns, Talent Shortage
Soc
Cybersecurity
Universal SASE Platform
Hacking Alarm
Cybersecurity
AI Agents Expand, Automate Security Operations
Industrial Media Unboxing Video
Sponsor Content
Industrial Media Unboxing Video
More in Cybersecurity
Industrial Media Unboxing Video
Sponsored
Industrial Media Unboxing Video
IEN Unboxed is a new show in which our editors unbox new tools on the market and discuss their features.
December 10, 2024
Cps (cyber Physical Systems) Concept Abstract Image 612622938 2124x1416
Cybersecurity
IoT Security is MIA
Federal agencies' inability to understand cybersecurity priorities is impacting the industrial sector.
December 19, 2024
Industrial Cyber
Cybersecurity
Five Manufacturers That Overcame Industry 4.0 Security Challenges
The evolution of SASE is playing a key role.
December 19, 2024
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Report Validates Visibility Concerns, Talent Shortage
Secure global connectivity and cost challenges were also examined.
December 19, 2024
Soc
Cybersecurity
Universal SASE Platform
The platform looks to reduce risk, improve resilience, and lower complexity and cost at all data edges.
December 19, 2024
Hacking Alarm
Cybersecurity
AI Agents Expand, Automate Security Operations
The platforms looks to elevate SOC, threat hunting, and GRC functions.
December 19, 2024
Peach Istock Ai Cyber
Cybersecurity
How AI is Improving Popular Hacking Scams
A look at how these attacks are evolving and the best responses to them.
December 19, 2024
Cybersecurity In A Bubble
Cybersecurity
AI, Regulation Will Strengthen Supply Chain Security
Our final collection of predictions brings in regulatory pressures and, of course, artificial intelligence.
December 19, 2024
Ep125
Cybersecurity
Security Breach: The Biggest Hacks of 2024
In looking to learn from history before repeating it, here are the biggest hacks and vital takeaways.
December 19, 2024
Industrial Cyber
Cybersecurity
Basic Strategies Will Have to Evolve
The latest batch of cybersecurity predictions point to DBOMs, mandated MFA and, or course, new AI challenges.
December 12, 2024
Encryption
Cybersecurity
Combatting the Quantum Threat of Harvest Now, Decrypt Later Attacks
Quantum computers will significantly threaten current security by easily breaking current encryption algorithms.
December 12, 2024
Water Treatment Plant Tuachanwatthana
Cybersecurity
Drowning in Danger: The Vulnerability of Water Treatment Facilities
Despite investments in areas like endpoint and perimeter security, breaches continue to occur.
December 12, 2024
Ep122
Cybersecurity
Security Breach: Looking Back to Move Forward
As we begin to close out 2024 and look ahead to 2025, some favorite guests are revisited.
December 12, 2024
Sb 120 Thumb
Video
Security Breach: AI Is Making Data Your Most Vulnerable Attack Surface
The more operational, intellectual and personal data you have, the easier you are to attack.
December 5, 2024
Hacking Alarm
Cybersecurity
More Complex Ransomware, AI and 'Mission-Impossible' Style Hacks
Experts weigh in on how the threat landscape will continue to evolve in 2025.
December 5, 2024