We want to wish you a Happy New Year!
If you're like us, the arrival of a new year is always an exciting and reflective time. As the calendar turns, it brings with it a natural opportunity to reflect on key learnings from the prior year and how to turn those into advantages and strategies moving forward into the new year.
For us at Tidal Cyber, we look back at the key developments of 2024, we’re not only celebrating our wins but also learning from the hurdles we encountered along the way.
We’ve gathered insights from the Tidal Cyber Founders to share their observations over 2024 and their outlooks for 2025 and the strategies that we believe will help organizations stay ahead of the curve in an increasingly complex digital landscape.
One of the most encouraging trends we've noticed is that security teams now have more tools, technologies, and processes at their disposal than ever before. While the cyber threat landscape continues to evolve, security professionals are no longer fighting with a limited arsenal and teams have the ability to better defend, respond, and recover faster and more efficiently in the face of emerging risks.
Rick Gordon
Where are organizations missing the mark when it comes to defense?
Security teams and their budgets have become overweighted on factors that are related to Initial Access. Security leaders erroneously believe that if they focus their activities and investments to the left of the attack chain, they won’t have to worry about defending the behaviors to the right. While vulnerability management is an important vector, the probability of successful initial access scales exponentially with the number of assets and accounts available as attack surface and with the number of different techniques that an adversary can employ to gain initial access. Back of the envelope math reveals that, for most large organizations, the probability of success of initial access approaches 100%.
Threat-informed organizations realize that to restore their advantage they need to invest in controls that defend against the dozens of other adversary tactics post exploit and increase the number of lateral moves required for the adversary to succeed. For example, MFA and micro segmentation both offer outsized impacts to mitigate the risk of critical adversary behaviors.
What is your cybersecurity ‘hot take’?
Understanding complex cyber risk management is now table stakes for a CISO. CISOs have to be able to justify budgets based on reducing risk to the business as there are no more blank checks being written. If a CISO can’t justify the risk impact of previous or future investments, they will be looking for new employment. For these reasons, Threat-Informed Defense will continue to grow in importance.
Frank Duff
Reflecting on this year, what can security professionals take away from 2024?
There will be an AI awakening – that is, products can’t just have AI for AI-sake. All reports suggest that many of the in-security-product AI solutions are not working well enough. For example, providing recommendations that are no more than a flip of the coin. Organizations are not going to accept the risk for nothing, so we can expect AI to be leveraged much more purposefully – using AI in applications where AI is going to provide clear value and accuracy. This is reflected in Tidal Cyber's use of AI to extract technique information from CTI and make sense of defenses from an ATT&CK perspective.
What is the industry not talking about that it should?
The industry is not talking about the fact there are haves and have nots. That is, the vocal infosec online community loves to point out procedures and the need for detection engineering, but many organizations have such a small team that they can’t reasonably take advantage of this content, as it would take them too long to figure out what should be investigated and done. We have to realize that Threat-Informed Defense doesn’t require sophistication, but we have to place reasonable expectations on teams and level them up as much as possible – making Threat- Informed Defense more easily obtained.
Richard Struse
What are the top cybersecurity trends you think we will see in 2025?
As we discussed in a recent blog post, 2025 will continue the trend of rapid evolution of TTP use by adversaries. This means that security teams will face a continuously evolving landscape of adversary activity and will need to make sense of that day in and day out. Without automation, security professionals will be increasingly challenged to answer some of the most basic questions that organizations need to answer, starting with “How effective are our defenses against these changing threats?” and “How can we improve our defenses – today?”
Where should organizations focus to stay ahead of evolving or emerging threats in 2025?
We continue to see talented CTI teams struggle to deliver the insights that they know are most important to their organizations and then have those insights turned into action across security as a whole. Here at Tidal, we’re focused on ensuring that the work that CTI teams do is translated into actionable insights that are usable across security functions, including the SOC, security engineering, detection, hunt and red/purple teams. Ultimately, it’s about doing everything we can to help ensure that defenders have as many advantages as possible against an ever-evolving threat landscape through a combination of technology and processes.