Cybersecurity Predictions for 2025 and Insights from Microsoft Ignite and AWS re:Invent

Summary

Jason Kikta discusses his experiences at Microsoft Ignite and AWS re:Invent, highlighting the chaotic scheduling of events and the significant attendance at re:Invent. He observes a growing seriousness among vendors regarding realistic AI use cases and shares insights on cybersecurity vulnerabilities, particularly the rise of zero-day exploits. Jason predicts that in 2025, organizations will need to enhance their patching and mitigation strategies, emphasizing the importance of collaboration between security and IT teams.

Transcript

Hello and welcome to the CISO IT podcast from Automox. I'm your host, Jason Kikta, and, you know, welcome to, to December. I just got back. it's been a bit of a marathon for me. I did a week at Microsoft Ignite, went right into Thanksgiving and then right into, AWS re:Invent And so today we're going to talk a little bit about those events.

as well as my personal prediction for 2025. So thanks for joining us today. yeah, Ignite, will say, it was a pretty good event. Although my biggest bone to pick is that, well, I'd say first, any Microsoft event, the scheduling is always a little bit chaotic.

things tend to come out last minute. then also, I think that doing an event in Chicago, Chicago's a great city, but do an event in Chicago in November, I would qualify as cruel and unusual because it was about, I think like 63, 64 degrees the day we got there. And then the day we left, we got a few inches of snow. It was down in the twenties and everyone's flights out were delayed. So,

that part wasn't as much fun, but had a lot of really great discussions there, met a lot of really cool people and saw some pretty innovative things, a few new things from a variety of vendors there on the floor and then some of the talks. then re:Invent, feel was, re:Invent's hard to beat, re:Invent is huge, right? When you talk about

Ignite you're talking I think it's like 40,000 ish people I'm not really sure but but re:Invent is big re: invent's like 75,000 people it's it's bigger than our saying a lot of other events. So you know, it's it's massive, it spans multiple casino convention centers out in Las Vegas, which is quite nice in early December. And you know, the

you know, saw some really great innovations from AWS. I'm especially excited about some of their new database technology. And then very interesting dynamics going on on the floor. Where, you know, there was a lot of, I would say the biggest trend I observed at re:Invent was I, I feel like people are finally starting to get serious about finding good solid

realistic use cases for AI in their products, right? It's not, it is not the majority of vendors yet. I think there's a lot of people slapping in AI just to have AI. And I think there's still too much overemphasis on large language models, but definitely an improvement from the past couple of years where people are starting to focus down and there's starting to be some, you know, more work done around.

identifying use cases where we can't have model hallucinations. And so if the model is uncertain or doesn't know the answer, then it needs to state as such. And also, renewed interest that got kind of run down by the LLM craze in machine learning. So positive trends, I think. But my prediction for 2025.

As you know, I talk a lot about how most people when they get exploited by a malicious, cyber actor, whether they be criminal or state that they usually get, hit on something that is, is a known vulnerability, right? It's rarely a zero-days. Zero-days are, exciting. They make a lot of news, but they're not the majority of problems that people actually have.

but a CISA report was just came out a few weeks back and it found that in 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as zero-day, which is an increase from 2022 when less than half of the top exploited vulnerabilities were exploited as zero-day. So they went back and looked at the data for 2023 and found that. You know, over half were involved in zero-day.

Now let's break that down a little bit because that's by volume. And so it can be a little bit misleading there. The sorts of zero-days that they're talking about there, the ones that are really moving the numbers and causing that statistic to go up, are tied to another phenomenon that we've talked about at length, which is that

Mass exploitation has gotten drastically easier, right? You now have actors who they maintain their own continuous scans and databases of the internet. They know where a lot of those internet facing appliances and holes in your firewall are. And that's just maintained as a matter of course, almost as a business process for criminal actors, let alone again, intelligence agencies. But as part of that,

when they have a zero-day in a public facing appliance, something like a Fortinet, they're able to then cue that up to then hit all of those Fortinet devices simultaneously. And the proliferation of sort of good guy awareness tools like Gray Noise, who can watch for those scans and catch that stuff early and alert.

security teams is paired with, you know, there's also a lot of honeypotting out there by other malicious actors looking to catch those exploits and then use them themselves. So like there's immediate reuse and it becomes a little bit of an arms race. And so you'll have some of those devices getting exploited three, four times. And the one little bit of a bright spot in there is unless the exploitation path is automated, right, if you have something that like, it contains data,

that can be taken directly from that server. Then yeah, it'll immediately go into, know, that initial access will result in a material breach, but not all of these exploitation events in mass result in material breaches because you'll have these actors to get in there and determine, I can't really get to where I want to from here, or actually this is a low value network and I'm just going to disregard it. So the numbers are a little bit skewed.

in that sense towards, you know, zero-days and not, you know, what would actually cause a material breach in your network. But that being said, you know, they are on the rise and, those things remain dangerous. So what I think in 2025, we're going to start seeing is that, you know, you're still going to need those aggressive patching strategies, right? That never goes away, but now there's, that's going to be, paired in with an increasingly, demanding mitigation strategies, right?

automate those configuration changes at scale to identify this exploitation campaign to figure out, what changes do I need to make to protect my network? Do I need to maybe take it offline? What do I need to do until the vendor can catch up and produce a patch? So that's going to require, I think, even more cross collaboration between security and IT teams to develop and deploy those mitigations because I think patching has become a

well rehearsed, well exercised muscle and kind of conversely, you know, the mitigation strategies are a little more ad hoc because you never quite know like what's that mitigation going to be? Is it just a configuration file change in a restart? Is there something more? Do we need to like modify files, remove files, know, turn off functionality? Like what is it? And it might end up being a multi-step process.

Those are not as straightforward and easy as patching, but critical nonetheless. And my prediction for 2025 is that that criticality will increase. So there's your brief update for December. And look forward to seeing you all in January. Everyone, please have a happy holidays and stay safe out there. Thanks.