scip Cybersecurity Forecast - Predictions for 2025

scip Cybersecurity Forecast

Predictions for 2025

Marc Ruef
by Marc Ruef
on December 18, 2024
time to read: 6 minutes

As we do every year, we would like to make a forecast for the coming year 2025 at the end of 2024. The following are the topics that we believe will manifest themselves or even develop further. Regardless of this, stay healthy!

Ransomware is the New Normal

In recent years, the internet has been put through its paces by an increase in ransomware activities. Many organizations that have not taken cybersecurity seriously for years have been overwhelmed by the lucrative business model of cybercriminals. However, the risk of such attacks has recently decreased again in the public perception. This is mainly because the media no longer reports on such cases in any great detail, except for particularly large and curious incidents. However, it is a fallacy to believe that the danger has actually decreased. Targeted and professional attacks that can severely impact companies are still to be expected.


Sharp Increase in Published Vulnerabilities

Every year, more vulnerabilities are published. From 2021 to 2024, the number of published vulnerabilities has almost doubled. Currently, around 110 new vulnerabilities are made public every day, which will result in around 40,000 vulnerabilities by the end of the year. For the year 2025, a further increase and a total of around 45,000 vulnerabilities must be expected. On the one hand, this is due to the increasing prevalence of computer systems and software, including in everyday life. On the other hand, for several years, security vulnerabilities have been searched for, published and cataloged much more consistently. This trend will continue for the time being.


Modular Patching Simplifies Security Updates

For the sake of simplicity, patches were distributed sequentially and in their entirety for decades. This meant that the update process often took a relatively long time and usually meant that a device was no longer usable in the meantime. By optimizing this procedure, incremental patches that are small and flexible are increasingly possible. In particular, traditional operating systems and cell phones can be kept up to date in an uncomplicated and almost casual manner. This will lead to greater user acceptance, whereby the security of corresponding systems in operation can be consistently increased with the improvement of the patch level.


Artificial Intelligence is Becoming Part of Everyday Life

Artificial intelligence (AI) will increasingly find its way into our daily lives. On the one hand, through new technical means, such as Microsoft Copilot, which has recently become part of Office 365. On the other hand, however, these new possibilities are also being used in concrete actions. Search queries are shifting from Google to ChatGPT, emails are being optimized with the help of stylization tools, and support request responses are being prepared with a generative AI, to name just a few changes. This technological and social disruption will put a lot of pressure on well-known companies, especially in the field of classic search engines. And it will give new companies the opportunity to present themselves innovatively and grow as a result.


Young Professionals Under Pressure from Artificial Intelligence

Artificial intelligence is putting young professionals with no experience under massive pressure. Today, generative AI can already carry out a security check of a software’s source code, for example. This enables it to identify specific vulnerabilities with a quality that would require at least about two years of professional experience. As a result, hiring and training people in this sector only pays off after a relatively long time. Other areas will be affected in the same way. As the relevant AI solutions improve, this challenge for employees will become even more pronounced and, above all, will pose a very real problem for the younger generation.


Hangover After the Hype Surrounding Artificial Intelligence

Generative AI solutions, such as ChatGPT, are now reaching their limits. The training material has been used up and further increasing the complexity of the models will not result in the quantum leaps we have become accustomed to. After the euphoric high, a hangover is setting in in some cases, putting a damper on unbridled optimism. Sooner or later, this will also be felt on the stock market and, in the medium to long term, counteract the hyped bubble formation with inhibited growth in profits or even a price correction.


Low-Energy Components are Becoming More Relevant

The availability of electricity is not always guaranteed. In recent years, Europe has had to deal with energy shortages, especially in winter. On the one hand, this is due to the energy transition, which has led to the shutdown of proven power generation plants. The alternative energy production cannot yet guarantee the desired stability and reliability. On the other hand, geopolitical crises exacerbate such bottlenecks. Customers are therefore becoming increasingly cost-sensitive and are consciously looking for products with low-energy components. The market has recognized this trend, which can be seen in the reduced power consumption of modern devices. This effect will continue consistently in the following years.


Upscaling Outside of Video Games

Upscaling mechanisms such as AMD FSR, Nvidia DLSS and Sony PSSR help to generate a considerable increase in resolution, frame rates and details in computer games with relatively little computing effort. Comparable mechanisms are also used to a certain extent in some television sets, which are able to provide a sharper viewing experience by upscaling the image material. These mechanisms will become more widespread and are also conceivable, for example, on mobile devices such as smartphones. The establishment of 8k will probably only be able to be driven forward in a first step by upscaling in order to keep costs and power consumption as low as possible.


About the Author

Marc Ruef

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several faculties, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)

Links

You want to evaluate or develop an AI?

Our experts will get in contact with you!

×
Specific Criticism of CVSS4

Specific Criticism of CVSS4

Marc Ruef

scip Cybersecurity Forecast

scip Cybersecurity Forecast

Marc Ruef

Voice Authentication

Voice Authentication

Marc Ruef

Bug Bounty

Bug Bounty

Marc Ruef

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here