With each extra hop on three oracles’ executive desks, the magical globes cast four-dimensional visions to guide leaders’ cybersecurity planning…
In penning their collective predictions for 2025, three ExtraHop senior executives have chosen to use their specialized crystal balls for gazing into the future of cyber resilience, generative AI (GenAI), security patching and ransomware.
Starting off with predictions on the cyber resilience landscape, Chief Information Security and Risk Officer Mark Bowling looked up from the crystal ball and pronounced:
There will be “increased focus from private industry on bolstering cyber defense measures. With more aggressive state-sponsored hacking, advanced persistent threats, and coordinated infrastructure attacks, it is clear that cyberattacks are more often disrupting our economy, and more industries are recognizing that they have targets on their backs.”
In 2025, we will see the private sector “start to continually work to get involved in efforts to boost information sharing to help industries get ahead of attacks amid rising geopolitical tensions. With more industry participation in Information Sharing and Analysis Systems (ISACs), we will see a bigger effort in fostering a proactive cybersecurity culture, further enabling organizations to share information, resources and ultimately stronger defenses,” Bowling announced as the crystal ball hopped off into thin air.
Generative AI in the near future
Moving on to another crystal ball, Bowling predicted: GenAI will lead to a rise in traditional fraud schemes. A new wave of traditional fraud is coming at us full steam ahead.
“With GenAI easily accessible to hackers, we are going to see more impersonation tactics posing a huge threat to our society. Hackers are quickly becoming more proficient in identifying vulnerable attack surfaces, and the human element is one of the biggest. For example, we can expect there to be more impersonations of police officers or high ranking C-suite executives from Fortune 500 firms being generated by GenAI in efforts to gain access to login credentials, personal data and more,” Bowling explained.
“As we enter 2025, there will be a bigger emphasis on identity protection measures as we learn to contend with impersonation issues. This means having stronger authentication methods such as multifactor authentication and identity access management tools that check for abnormalities for where and when credentials are being used, and what they are trying to access. Leaning into these tools will be critical in combating this new wave of traditional fraud we will likely see ahead,” concluded the CISRO.
Security patching perils in 2025
When it was Vice President (Asia Pacific) Kenneth Chen’s turn to divine 2025 trends linked to security patching, here is what has been foretold:
“Patching/update fatigue will lead to more breaches. Security patching is hard to keep up with. As cyberattackers continue to find new ways to evade existing controls and infiltrate organizations, there seems to be a never-ending stream of updates and patches that must be deployed. With no end to that in sight, security leaders must accept that there will always be vulnerabilities/exploits, and focus on building up their post-compromise strategy with solutions that can catch an attack in real-time.”
What about ransomware predictions?
Area Vice President (ANZ) Simon Howe managed to peer into the future with his specialized crystal ball to reveal:
“Geopolitical tensions are escalating globally, and as a result cyber warfare experts are predicting intensifying ransomware attacks in the near-term. Further exacerbated by a business climate in which most organizations are paying up ransoms, there is no indication these attacks will slow down.”
Continuing, the crystal ball commanded Howe to utter in a thundering, prophetic voice: “The cybercrime gang Scattered Spider had proved to be a sophisticated threat this past year, using modern techniques such as auto-generation of phishing pages to target financial institutions for lucrative ransom payouts. The group and other ransomware threat actors are considered experts in social engineering, finding success in using techniques like phishing, push bombing, and subscriber identity module swap attacks to obtain credentials and gain access to an organization’s network. These social engineering attacks will only grow more complex in 2025 as adversaries leverage AI and ML to be more convincing and to evade existing controls. It is up to organizations to improve their security posture and build resilience against these increasingly complex threats.”
And with that final pronouncement, the four crystal balls shimmered with an ethereal glow, each one leaping gracefully into the air via extraordinary hops back into their own augury multiverses…