December 04, 2024 3 Minute Read

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Over the next several weeks their thoughts will be posted here, so please read on and stay tuned!

As artificial intelligence (AI) continues to advance, its applications in cybersecurity will become more prominent and will spark conversations around its potential and its risks. While the recent excitement around AI's capabilities has led some to call it a bubble, the reality is that AI, when applied effectively, has powerful practical uses in security. Here, we explore both the optimistic and concerning aspects of AI’s role in cybersecurity.

AI's recent popularity has set high expectations. Its power to automate, predict, and analyze has led to a rush of adoption across industries, including cybersecurity, where companies aim to harness AI for advanced threat detection and prevention. For cybersecurity firms like Trustwave, AI has been a focus for years, allowing us to build mature, reliable systems that catch hundreds of thousands of threats daily. This experience highlights a significant reality: AI is far more than a trend—it’s a valuable tool that, when properly integrated, provides substantial defensive capabilities.

However, AI in cybersecurity is not without its challenges. Crafting an effective enterprise-ready AI model is complex, requiring robust data, skilled data scientists, and extensive training. While AI offers great potential, building effective, reliable algorithms is a slow, careful process. Some experts feel that industry expectations might be too high, and that we may need a more balanced perspective on the actual capabilities and development timelines of AI-based solutions.

The Growing Threat of AI-Driven Attacks

The concern around AI’s misuse is real. While AI can bolster defenses, it also empowers attackers to craft more sophisticated attacks. Large language models (LLMs) enable hackers to produce highly convincing social engineering attacks, regardless of language barriers. Whereas phishing emails and fraudulent messages were once plagued by poor grammar and syntax, attackers now have tools to create polished, professional content, making it much harder for recipients to detect deception. Beyond social engineering, malicious actors could potentially leverage AI to streamline the development of malware, posing an even greater threat.

However, defenders can combine expert rules with AI-enhanced detection, cybersecurity systems can now detect even more subtle patterns, strengthening organizational defenses. AI also plays a critical role in predicting potential threats, allowing companies to preemptively defend against certain types of cyberattacks.

Third-Party Vulnerabilities and the Supply Chain Challenge

Today’s highly connected technological environment means that companies must rely on external vendors for various software solutions. Even with strong internal cybersecurity practices, organizations are vulnerable to third-party risks when they depend on external code or updates. Companies can mitigate some of this risk by vetting their vendors carefully, inquiring into their security practices, and implementing thorough access controls. But these steps only go so far; there are inherent limitations to the confidence an organization can have in another’s cybersecurity protocols.

Looking Ahead: AI in Cybersecurity

The integration of AI into cybersecurity is not just a passing phase; it's a powerful evolution with significant implications for the future. While AI continues to aid in defense, attackers will likely find new ways to exploit these technologies for crafting social engineering attacks. As a result, cybersecurity teams must remain vigilant, innovating, and adapting to counter new, AI-driven threats. By embracing AI’s capabilities and acknowledging its limitations, we can better position ourselves to navigate the complex cybersecurity landscape ahead.

Ransomware: The Story Remains the Same

Ransomware continues to be a top concern of C-Suite and Boards across all industry sectors. It’s safe to predict that ransomware attacks will continue and likely intensify with more groups getting involved.

These attacks are on the rise and the average ransom fee is increasing.

In 2024, ransomware attacks on average cost victims about $5 million, with a mean time to identify an issue of 211 days and a mean time to contain of 73 days. US-based targets received 48% of all ransomware attacks, followed by the EU, 19%, the UK, 12%, and Australia, 2%.

These costs equate to attackers generating about $3.75 billion in profit over the last five years with $1.1 billion being taken in 2023 alone.

The leading ransomware groups overall for the last 24 months have been CLOP, LockBit, and Conti.

Please check out Trustwave’s other 2025 predictions:

Trustwave’s 2025 Cybersecurity Predictions: AI as Powerful Ally for Cyber Defenders and Law Enforcement