As 2024 comes to a close, today, I’m reflecting on some of the key events and trends that shaped my offensive security research this year. From publishing my first book to writing regular blogs on some of cybersecurity’s hottest topics, each piece has contributed to a clearer understanding of the evolving digital landscape. By revisiting these posts, I hope we can collectively gain insights to stay ahead of attackers and enter the new year focused on enhancing security and staying ahead of what’s coming next—both the known and unknown.
Cybersecurity: A Collaborative Effort
In today’s digital age, security is a shared responsibility. Antivirus, malware protection, email security, EDR, XDR, next-generation firewalls, AI-enabled analytics—the list of protective controls and vendors appears to go on forever. Each day, bad actors discover new attack vectors that provide them with new roads to create chaos and destruction. News of data leaks, breaches and exposures has reached the point where it leaves most people numb and apathetic.
There are now over 100 digital accounts for every single physical user; for business users, that number can grow exponentially. Every one of those accounts is another opportunity for exposure. Every account adds more and more copies of us online. We continue to act as if the physical and digital worlds exist independently, yet they are already entirely entwined. If a credit card is compromised in the digital world, the effects are felt in the physical. If a crypto wallet is compromised in the physical world, the effects are seen in the digital.
While technology plays a crucial role in safeguarding our digital lives, it is not a standalone solution. The responsibility for security extends beyond the tools and systems we use; it also lies with each individual and organization. Personal responsibility and proactive actions are critical in building a resilient defense. Each employee, business leader and end user has a role in protecting their digital identities and the broader ecosystem. Consistent small actions can significantly increase security posture, such as turning off WiFi when not in use, applying antivirus updates, changing passwords frequently and being cautious with application permission requests.
Defensive highlight: Security must be a shared responsibility, combining advanced technology with personal and organizational accountability to build a more secure and resilient digital world.
AI in Cybersecurity: A Double-Edged Sword
AI has become the talk of the industry—and everyone else, for that matter—for both positive and negative reasons. It is an effective ally for defenders and an equally empowering mentor for attackers. While AI-powered analytics have transformed threat detection and mitigation, they have given defenders greater ability to identify and take quick action on a potential threat than ever before. Machine-learning models analyze mammoth datasets for anomalies in behavior, flagging malicious activities before they become mega-breaches.
If defenders exploit AI to secure their systems, attackers employ identical technology to amplify offensive capabilities artificially. Offensive AI tools, including the large language model (LLM) WhiteRabbitNeo, designed explicitly for red team and adversarial research, are appearing on the landscape, indicating how LLMs can be weaponized for malevolent aims. Those tools allow adversaries to automate and refine cyberattacks, sophisticated malware, phishing campaigns and even ransomware, which can now be manufactured with little effort or expertise.
For example, AI enables the creation of convincing phishing emails that even the most cautious recipients may fall for. Advanced malware written with AI can adapt to escape traditional detection methods, such as antivirus programs or intrusion detection systems. LLMs can generate code for new exploits and bypass current security protocols, considerably lowering the threshold for cybercriminal involvement: attacks are more complex, scalable and devastating than ever.
The implications are straightforward—the same technology that improves our defenses will be turned against us, making arms races in the cyber field more active than ever. In addition to using AI to strengthen their defensive positions, organizations must learn to expect and prepare for future AI-based attacks.
Defensive highlight: In the AI-driven cybersecurity battlefield, defenders must balance building resilient AI-powered systems with countering malicious AI use, emphasizing AI’s dual impact on security.
Lessons from the CrowdStrike Outage
The CrowdStrike outage earlier this year was a wake-up call for cyber professionals, revealing vulnerabilities in even the most robust systems. Affecting over 8.5 million hosts, including those in critical sectors like healthcare and aviation, the disruption was triggered by a minor coding flaw: the null pointer exception. This minor oversight has snowballed into widespread system crashes, reminding us of how fragile the tightly coupled infrastructure can be and how minor errors can lead to enormous problems.
The lesson gleaned from the incident that will remain vivid is that there is a danger when automation is over-relied upon without any human oversight. CrowdStrike’s Content Validator, AI-based software created to sniff out issues with the code, did not identify the issue prior to deployment. With no manual overrides to catch the error, it hit production unchallenged and produced the global outage. The incident marks the need for human judgment in automated processes, especially in high-stakes operations.
The outage exposed the dangers of vendor-driven updates. Many organizations allow software vendors to push changes directly into their environments with little external review. This expedites deployment at the expense of increasing the risk of introducing vulnerabilities; organizations must have a strict change control process and treat vendor updates like any other update when reviewing for risk or impact.
The Zero Trust principle of “never trust, always verify” goes beyond attacks from the external world and touches internal processes. The CrowdStrike outage is a vital lesson in understanding that automation is not without its expert failings, and well-built systems still count on a healthy balance of human supervision and technological advancement.
Defensive highlight: This incident highlights the need for robust verification, human oversight in automation and prioritizing resilience over convenience to avoid minor errors causing major disruptions.
The Expanding Threat Landscape—Into 2025 and Beyond…
As a transhuman, I understand the profound blending of digital and biological worlds—I am, in fact, the living embodiment. This interrelationship has become so significant that every action in one realm directly impacts the other. A compromised credit card in the digital space has immediate physical repercussions, while an on-site security failure can lead to unauthorized data exposures targeting digital assets.
As such, I predict that our identities, both physical and digital, will complete their irrevocable convergence into a single identity in 2025. Actions online—such as spending money and socializing—reflect and morph our physical existence, and vice versa. Security must be holistic to protect these intertwined identities; safeguarding one means safeguarding the other.
Defensive highlight: Cybersecurity must protect the interconnected physical-digital ecosystem through proactive measures like dynamic access permissions and unified identity management to address far-reaching impacts across both realms.
Looking Ahead: Saying Goodbye to 2024 and Hello to 2025
As we look forward, the lessons learned from 2024 are clear. The calls for organizations to be proactive in threat detection, design Zero Trust principles and control access more modernly. Among the keys are removing persistent privilege, using AI responsibly and striking a suitable balance between automation and human oversight.
We can collectively build a safer digital future by focusing on the basics—good cyber hygiene, informed decision-making and layered defenses.
Happy New Year!
-Len
Len Noe is CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman. His first book, “Human Hacked: My Life and Lessons as the World’s First Augmented Ethical Hacker,” was published in 2024.