Now that we’re midway through 2024 and organizations are beginning their 2025 preparations, cybersecurity experts are reviewing the last six months to anticipate what security trends will dominate for the remainder of the year.
These developments and trends will also likely affect tech professionals and their careers, whether applying for a new position or looking to move up from a current job.
To date, 2024 has lacked a signature breach or attack such as SolarWinds or Colonial Pipeline. The past several months, however, have included several cyber incidents that have raised significant security concerns over vulnerabilities and preparedness. Of recent note, these include:
- A February ransomware attack targeting UnitedHealth Group’s Change Healthcare subsidiary, which processes about 15 billion healthcare transactions annually. The company only recently began notifying patients whose data may have been exposed and the possible costs related to the incident could surpass $1 billion.
- An apparent ransomware attack hit CDK Global in June, which affected thousands of car dealerships throughout North America that rely on the company’s software products that process auto sales and repair service requests.
- In July, AT&T disclosed a massive data breach. While still under investigation, it appears that someone accessed 2022 data on nearly all of the company's 90 million wireless subscribers. A few days later, Disney started an investigation of leaked internal data.
While these incidents made headlines, growing interest in generative artificial intelligence (A.I.) continues to affect the cybersecurity market and the careers of tech professionals working in the field.
This technology is not only changing how cybersecurity works, but is also altering how cybercriminals and nation-state actors operate: Consider the recent FBI and Department of Justice operation that disrupted a Russian-financed bot farm that used A.I. to create content aimed at U.S. citizens as part of a disinformation campaign.
Hiring enough cybersecurity talent also remains a significant challenge for many organizations, with one survey noting that an estimated 3.5 million security positions remain open worldwide. This trend will continue through 2025. While large tech firms continue to shed workers, other industries such as healthcare are scrambling to onboard talent, especially those with the skills to understand issues ranging from cloud security to A.I.
Here is a look at how three trends—continued ransomware attacks and data breaches, generative A.I. and cyber talent hiring—are affecting the industry and tech professionals through the rest of 2024 and into 2025.
Ransomware and Data Breaches Continue to Haunt Organizations
Ransomware continues to haunt large and small organizations, although the overall impact of these attacks is still being calculated for 2024. Some recent reports offered a mixed picture. A study released by Panda Security noted that there were 4,611 ransomware incidents reported in 2023—a 73 percent jump from the 2,662 cases reported in 2022—with no let-up coming anytime soon.
A Sophos report finds the number of organizations targeted by ransomware is dropping in 2024, but recovery costs are steadily rising from $1.82 million in 2023 to $2.73 million this year.
Combining ransomware with ongoing massive data breaches, such as the one reported by AT&T and Disney, means that tech professionals will remain busy either responding to incidents or trying to head off potential threats throughout the rest of 2024, said Stephen Kowski, field CTO security firm SlashNext.
"We expect breaches and ransomware attacks to continue increasing in the second half of 2024, especially targeting healthcare, critical infrastructure and supply chains,” Kowski told Dice. “Recent high-profile incidents, such as the healthcare and car dealership vendor hacks, highlight the ongoing vulnerabilities. To combat this, organizations need to focus on strengthening email security, implementing zero trust architectures and improving threat detection and response capabilities.”
Other experts also see vulnerabilities in critical infrastructure areas, such as healthcare, which makes studying and understanding the ransomware attack against Change Healthcare critical.
“Looking ahead to the second half of 2024, I expect we'll continue to see an uptick in data breaches, infostealers and ransomware attacks,” Omri Weinberg, co-founder and chief revenue officer at DoControl, told Dice. “The recent high-profile incidents in healthcare and the automotive industry underscore the evolving sophistication of threat actors and their ability to target critical infrastructure and supply chains."
Generative AI Use Continues to Ramp Up
For all of 2023 and through the first of this year, organizations continue to evaluate and experiment with generative A.I. to determine how it might best serve their interests.
Attackers, whether cybercriminals or nation-state groups, are also refining their use of A.I.
A recent report from Darktrace found that 74 percent of security professionals report that A.I.-powered threats are now a significant issue, and 89 percent agreed that A.I.-powered threats will remain a major challenge in the foreseeable future.
These developments will only fuel the need to invest in A.I. to bolster defenses and counter threat actors who are also deploying the technology, said Nicole Carignan, vice president of strategic cyber A.I., at Darktrace.
“As adversaries double down on the use and optimization of autonomous agents for attacks, human defenders will become increasingly reliant on and trusting of autonomous agents for defense,” Carignan told Dice. “Specific types of A.I. can perform thousands of calculations in real-time to detect suspicious behavior and perform the micro decision-making necessary to respond to and contain malicious behavior in seconds. Transparency and explainability in the A.I. outcomes are critical to fostering a productive human-A.I. partnership.”
In the second half of 2024 and into 2025, tech professionals should watch for the rise of A.I.-powered networks that can better self-detect threats in real-time, said Agnidipta Sarkar, vice president for CISO advisory at ColorTokens.
“The second half of 2024 and early 2025 will see the rise of A.I.-fueled, self-learning just-in-time network allocation to applications to try to reduce the possibility of cyberattacks,” Sarkar told Dice. “I believe that the future is self-learning, autonomous breach-ready enterprises.”
Cyber Hiring Challenges Remain
While the overall unemployment rate in tech is low compared to other sectors, closing the so-called talent gap in cybersecurity remains an ongoing problem for many organizations. Even with the U.S. government making it easier to recruit security and tech pros, thousands of positions remain unfilled.
While tech and security pros need to stay current with their skills, organizations also need to create training programs that help recruit talented workers into the cybersecurity field, said Hugh Carroll, vice president of corporate and government affairs at Fortinet.
“As we move into the second half of 2024, the cybersecurity skills gap continues to be a global challenge requiring strong collaboration and training to build a stronger cyber workforce pipeline to fill today's roles, as well as those needed in the future,” Carroll told Dice. “Building cyber awareness from a young age provides fundamental skills and helps develop an interest in cyber as a career early on, laying the groundwork for future technical or non-technical cyber-related roles. Cybersecurity training and certification programs currently available should be more strongly leveraged by the government to complement the skills-based approach to growing the federal cyber workforce.”
Experts are also waiting to see if cybersecurity budgets will remain under pressure or if there is room for expansion to address issues such as cloud and A.I. security.
“Despite economic uncertainties, cybersecurity hiring and budgets are expected to grow as threats escalate,” SlashNext’s Kowski said. “Many organizations will prioritize investments in AI-powered security tools, cloud security, and managed security services. There will likely be a high demand for professionals skilled in A.I. security, cloud security architecture and threat hunting.”
