Home
Blog
Predictions on Seasonal Cyber Predictions

Predictions on Seasonal Cyber Predictions

Paul Ducklin
Paul Ducklin
12/11/2024
Share this article:

‘Tis the season

‘Tis the season…

…for Threat Reports, Cybersecurity Predictions, State of XYZ Reviews, and all the rest!

Just to be clear, we’re not being cynical, dismissive, or pejorative.

After all, we recently published an article right here on this blog entitled The State of Ransomware 2024, and it’s well worth reading.

Don’t panic!

It’s a digestible article rather than a lengthy report, weighing in at just over 1000 words rather than dozens of printed pages:

Predictions on Seasonal Cyber Predictions - SolCyber

And reviews of the year just gone, or predictions for the year about to come, will almost always appear in last or first few weeks of any calendar year.

That doesn’t mean you can’t have some good-natured fun with Threat Report timings, just as you probably do with festive season shopping, which seems to kick off earlier and earlier every year.

(I am fairly sure I first heard Jingle Bells in October this year, long before any sleigh-based transport would have been possible, no matter how many horses were available.)

A similar thing happens around Black Friday, of course, which is now firmly embedded even in countries that don’t have Thanksgiving Thursday.

This leads to abominable linguistic exaggerations such as ‘Black Friday Week’, and even ‘Black Friday Month’.

But for all the hype around Black Friday, as we pointed out just before this year’s Thanksgiving period, any seasonal warning that encourages people to take cybersecurity more seriously is a positive result

…provided that it doesn’t lead them to think that it’s satisfactory to let their guard down again immediately afterwards.

Predictions on Seasonal Cyber Predictions - SolCyber

As we wrote at the time:

Please treat Black Friday warnings, even if they’re from cybersecurity vendors who really only want to sell you “more tools, more tools,” in the same way that you might treat Cybersecurity Awareness Month or Quit Smoking Day.

Quit Smoking Day, if you have ever seen or attended such a thing, is not meant to be one day on which you give your lungs a break and don’t smoke, or cut down from your usual intake.

It’s meant to be a day to encourage those who would like to give up smoking, which is a known health risk that many people find hard to get out of, to do just that for the rest of their lives.

Simply put, seasonal cybersecurity publications generally work well, provided that:

  • They don’t exist just to frighten you into spending money on yet more tools. Make sure you get the basics right first.
  • They don’t give the impression that cybersecurity is significantly easier at other times of the year. It’s true that you are more likely to shop online or try out new sites in the gift-giving season, which probably increases your risk. But cybercriminals aren’t inactive for the rest of the year.

Predictions on Seasonal Cyber Predictions - SolCyber

Prediction predictions for 2025

As for figuring out the nature of the threat predictions for next year, we can already begin to make our prediction predictions based on reports from vendors who decided to get in early and have published already.

As always, the bad news largely seems to boil down to, “Things will probably get worse before they get better, if they get better at all.”

But the good news, loosely speaking, is that even cyberattacks that will feel brand new, or that will be more dangerous because they use sneakier variants of existing techniques, can almost certainly be defended against by cybersecurity precautions that we already know and understand perfectly well.

All we need to do next year, as we probably should have done this year, last year, and the year before that, and so on, is to get ourselves a proverbial Round Tuit.

(Yes, that’s an old joke: “We are fully committed to this action. You can be sure that it will be done just as soon as we get a Round Tuit.”)

So, please read, enjoy, and learn from the many Threat Reports and Cybersecurity Predictions that are plentiful at this time of year.

Just make sure that you don’t get so distracted by any exciting new claims that you give up on the basics.

Don’t be like the four notorious people in the old meme:

The task required commitment, but in practical terms was sufficiently straightforward that Anybody could have done it. However, Everybody assumed that Somebody would do it. In the end, Nobody did it.

What to do?

Some examples of predictions you are likely to hear, and what you can do about them, include:

  • AI will make attacks faster and more believable, even for cybercriminals with little experience and next to no technical skills. That’s perfectly true, especially for the sort of scammers who have so far been easy to spot due to their poor attention to detail and their limited writing skills. But don’t forget that many scammers succeed not through technical ability but because of their interpersonal “skills” – those intangible, un-automatable, human-to-human behaviors that lure victims into harm’s way despite the suspicions they held right from the start. If it sounds too good to be true, back yourself, and assume that it is.
  • Ransomware attacks will continue, and will probably increase both in number and in severity. That’s very likely, not least because of the huge amounts of money that criminals are making from a crime that boils down not so much to technical ability or programming competence, but to straight-out blackmail and extortion. As SolCyber’s David Emerson put it in a recent Tales From the SOC podcast, “Paying the ransom should be culturally understood to be a poor response; to be the thing that you should not have had to do. […T]he reason that we’re even talking about paying [ransoms] of millions of dollars is the operational unpreparedness of the victims.” Prepare right now, because it’s too late to prepare when an attack has already started.
  • Supply chain attacks will become sneakier and even harder to detect. As true as that might be, the bottom line here is that there are already many different ways for cybercriminals to exploit supply chain vulnerabilities, and the level of risk is higher for software tools that are more complex and rely on more third-party components. Don’t be afraid to follow human-centric precautions that embrace the principle of “less is more.” Aim to use the minimum set of software tools possible to deal with the problem that your business needs to solve, in order to keep what cyber experts refer to as your attack surface area as small as you can. If in doubt, leave it out!


Why not ask how SolCyber can help you do cybersecurity in the most human-friendly way? Don’t get stuck behind an ever-expanding convoy of security tools that leave you at the whim of policies and procedures that are dictated by the tools, even though they don’t suit your IT team, your colleagues, or your customers!

Predictions on Seasonal Cyber Predictions - SolCyber


More About Duck


Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!

Featured image of masked person by Regine Tholen via Unsplash.

Paul Ducklin
Paul Ducklin
12/11/2024
Share this article:

Table of contents:

The world doesn’t need another traditional MSSP 
or MDR or XDR.

What it requires is practicality and reason.

Related articles

Businesses don’t need more security tools; they need transparent, human-managed cybersecurity and a trusted partner who ensures nothing is hidden.

It’s time to move beyond the inadequacies of current managed services and experience true security management.
No more paying for useless bells and whistles.
No more time wasted on endless security alerts.
No more dealing with poor automated services.
No more services that only detect but don’t respond.
No more breaches caused by all of the above.

Follow us!

Subscribe

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.

CONTACT
©
2025
SolCyber. All rights reserved
|
Made with
by
Jason Pittock

I am interested in
SolCyber XDR++™

I am interested in
SolCyber MDR++™

I am interested in
SolCyber Extended Coverage™

I am interested in
SolCyber Foundational Coverage™

I am interested in a
Free Demo

10086