EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality

Guest:

• Andrew Kopcienski, Principal Intelligence Analyst, Google Threat Intelligence Group

Questions:

• You have this new Cybersecurity Forecast 2025 report, what’s up with that?
• We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this?
• The report discusses the threat of compromised identities in hybrid environments (aka “no matter what you do, and where, you are hacked via AD”). What steps can organizations take to mitigate the risk of a single compromised identity leading to a significant security breach? Is this expected to continue?
• Is zero-day actually growing? The report seems to imply that, but aren’t “oh-days” getting more expensive every day?
• Many organizations still lag with detection, in your expertise, what approaches to detection actually work today? It is OK to say ”hire Managed Defense”, BTW :-)
• We read the risk posed by the "Big Four" sections and they (to us) read like “hackers hack” and “APTs APT.” What is genuinely new and interesting here?

 Resources:

• Cybersecurity Forecast 2025 report
• Google Cloud Cybersecurity Forecast 2025 webinar
• EP147 Special: 2024 Security Forecast Report
• EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side
• EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All
• Staying a Step Ahead: Mitigating the DPRK IT Worker Threat