Security professionals have more than had their hands full in 2024. Healthcare breaches were a frequent headline, critical vulnerabilities were discovered across industrial control systems and security software updates, and the fate of the giant social media platform TikTok remains uncertain in the US after being referred to as a “national-security threat of immense depth and scale” by Congress in April.
Looking ahead, the security landscape shows no signs of slowing down. We spoke with experts across Censys – including leaders from product, sales, data, and strategic alliances – to ask about what they saw as key challenges in 2024 and get their take on what’s next in cybersecurity in 2025.
What We Saw in 2024
Complex Cybersecurity Landscape
Despite advancements in AI, automation, and tools, cybersecurity systems and operations are becoming more intricate, straining resources and requiring targeted solutions to reduce risk.
“Despite all of the new tools with new software, automation and AI, things are continuing to become more complex in almost every dimension. And even with Security budget increases (which are not a given) the same resource limitations remain. So tools, programs and processes that can really move the needle from a risk reduction standpoint will continue to be a focus.” – Tom Atkins, Censys Sales AVP – East
The Role of Artificial Intelligence
AI holds tremendous promise for enhancing detection, response, and operational efficiency. However, it is not yet autonomous or foolproof, requiring human expertise for interpretation, accuracy, and ethical implementation. Additionally, attackers can exploit AI infrastructure and tools (e.g., prompt injections, manipulations), scale their operations, and launch more sophisticated phishing or disinformation campaigns.
“The use and application of AI is widespread. There is an incredible opportunity to uplevel our existing workforce and processes using AI. We need to both embrace and manage AI so that we use it in responsible ways. Relying on AI to do all of the work is flawed. Today, AI can help us get 80% of the way there. We need humans, with real expertise to help us complete the last mile and spot hallucinations. Everyone will benefit from AI, even threat actors.” – David SooHoo, Censys Head of Product, ASM
The Cybersecurity Skills Gap
There is a basic mischaracterization around the cybersecurity skills gap. The issue lies not in the lack of interest or potential candidates but in the barriers to entry, including inaccessible tools, unclear standards, and overemphasis on expensive certifications.
“The cybersecurity profession could not be more popular to new recruits and could not be more in need by employers. However, we keep hearing of the “cybersecurity skills gap” which is a hodge podge of chicken/egg scenarios where newcomers need experience to get jobs, but can’t get a job to gain the experience, on top of unrealistic expectations around expensive certifications.” – Matt Lembright, Censys Global Lead Data/Search
Healthcare Cybersecurity Challenges are Lessons for Everyone
If the healthcare cybersecurity learnings proved anything this year, it’s that every organization is a target. No sector or organization is immune, necessitating stronger cross-industry collaboration and support to adapt to evolving threat landscapes.
“While the majority of that security burden lies on the cybersecurity teams within your healthcare organization, patients can take a few proactive steps to take some control. If you use online services – like patient portals or telemedicine – use a strong, unique password and enable any optional multi-factor authentication (MFA) options. For healthcare workers top priority is patient care, so the more we partner with healthcare workers to prioritize patient care and clinical workflows, the better. But also, there’s always opportunity for education and enablement about how to spot phishing attempts or unsecured medical devices to ensure we collectively protect patient safety.” – Celestine Jahren, Censys Director, Strategic Alliances
These lessons are not bespoke to healthcare organizations. While the UnitedHealth data breach was linked to a lack of multifactor authentication, Microsoft research shows that 99.9% of all compromised accounts don’t have MFA enabled. All industries need to take the threat of a breach seriously, enact cybersecurity table stakes (like following CISA-developed frameworks), and partner with both customers and employees for better security outcomes.
Predictions for 2025 and Beyond
AI as a Double-Edged Sword
Prediction: The ubiquity of AI will amplify its misuse by attackers, requiring defenders to accelerate adoption while maintaining ethical standards.
“The longer any tech is around, generally, the more democratized it becomes – in other words, the more accessible it is to less technical people. I’m concerned that the more ubiquitous it becomes, the easier it will be for lesser-resourced attackers to scale their unsophisticated operations and wreak more havoc. I also combine this concern with the careful, yet slow adoption of AI in the security world – security vendors and practitioners are more cautious and deliberate in instituting AI in their operations because they have organizational and ethical standards to uphold. These same constraints do not exist for their adversaries – I believe that the cybersecurity community needs to establish playbooks, guidelines, and timelines for the greatest benefit of AI in the shortest amount of time. These tactics may include discrete datasets (and a process to make them discreet, if not already) that will prove more fruitful and trackable for those relying on the results of AI implementation, behavioral baselining of assets (e.g. established normals for assets over certain time periods), the follow on of anomaly detection/alerting, and finally profile similarity matching for different threat actors (infrastructure is never as random as threats would like).” – Matt Lembright, Censys Global Lead Data/Search
Prediction: AI will continue to change network infrastructure, which may bring with it additional security concerns. Commercial models for AI will shift to account for runtime and operational costs, with new budgeting strategies needed.
“As AI applications rise, infrastructure to support new AI and LLM models will be required to process and host services to power them. This infrastructure will be liable to become an exposure for an attack to exploit and inject code or responses back to end-users to facilitate disinformation and/or nefarious actions. On the other end, organizations need to secure AI from prompt-injections and manipulations to trick and bypass guardrails and leak sensitive information. From a commercial perspective, we will see a shift from subscription-based models to work-based models to account for AI runtime. Enterprises and vendors alike will need to figure out how to best budget on both ends.” – David SooHoo, Censys Head of Product, ASM
Security Tool Evolution and Innovation
Prediction: Tools will become more intuitive, enabling newcomers to contribute effectively while meeting the rising demands of the cybersecurity workforce. A greater focus on contextualizing data for task-specific defense will emerge.
“We can greatly lower the barriers to entry and get more cyber defenders working NOW by making cyber tools more intuitive for newer users. This doesn’t necessarily mean making them less technical, but being able to contextualize relevant data based on the task at hand.” – Matt Lembright, Censys Global Lead Data/Search
Prediction: Consolidation will continue as larger companies acquire innovative, agile startups to address evolving threats. The need for constant innovation is critical in cybersecurity, given its adversarial nature.
“With cyber, we have human adversaries that are trying to attack their targets for whatever their mission is, so new solutions must continually be developed to address the human adversary. A simple analogy is that bank robbers have been around for as long as banks have existed. Even though technology to stop bank robbers has dramatically advanced, banks still get robbed because robbers are motivated, creative humans. It’s the same with cyber. So more rapid innovation is needed in cyber than any other area of IT, which means that larger companies will always need to acquire smaller, more nimble ones that can innovate faster.” – Tom Atkins, Censys Sales AVP – East
Policy and Regulation
Prediction: Government programs and regulatory initiatives under the new U.S. administration will influence cybersecurity strategies, emphasizing collaboration between private and public sectors. Guidelines for AI implementation, data handling, and threat response will become critical for standardizing practices.
“Going into 2025, I think the biggest thing we can keep our eyes on will be how US government cyber programs as well as regulatory guidance/assistance continue or evolve with the new administration in January 2025. It will be important for private industry leaders who work often with government agencies for threat info sharing and cyber defense, to be very vocal about initiatives they see as critical to defend against rapidly evolving adversaries.” – Matt Lembright, Censys Global Lead Data/Search
Increased Focus on Predictive Threat Hunting and Threat Profiling
Prediction: Behavioral baselining, anomaly detection, and disposition profiling will gain traction as critical techniques for preempting attacks. Threat actor infrastructure profiling will be key to identifying and neutralizing sophisticated campaigns.
“Threat profiling leveraging the importance of dispositions over time. We just saw how important establishing a timeline of events as well as the disposition (clothing, accessories, routines) of a fugitive can be over the course of the CEO murder suspect’s chase and capture. What is different in cyber is that threat actors almost never use only one computer to launch an attack – they almost always have hosts that were set up with similar dispositions for consistency in operations and speed of setup/takedown. For example, we’ve uncovered several threat actor hosts by simply taking one known threat actor IP and searching for hosts in the same area, using the same network, leveraging near-identical ports, protocols, and software and mimicking changes on a daily basis. While adversaries can swap out details, the patterns of their hosts mimic those of the humans behind them and therein lies the key to predictive threat hunting.” – Matt Lembright, Censys Global Lead Data/Search
Takeaway for Security Professionals
The future of cybersecurity requires balancing rapid technological adoption with human expertise, breaking down systemic barriers to talent, and fostering collaboration across industries and government. Addressing these challenges proactively will be essential to stay ahead of evolving adversaries.
Keep an eye on the blog and follow our social media channels (here on X) and (here on LinkedIn) for more updates and insights from our team in the new year.
