The new year has revealed interesting new trends in the cybersecurity and data handling space – some positive, some less so. Let’s take a quick look at some of the most notable:
Ransomware payments fall
As discussed by several sources, though ransomware attacks continue to happen at an accelerating rate, actual payments to criminal gangs are falling. In some cases, this is due to successful recovery, in other cases companies simply eat the loss and refuse to pay.
A new report from Chainalysis finds that year-over-year payments to ransomware hackers fell 35 percent in 2024 despite a 13 percent increase in the estimated number of attacks as well as a growth in identifiable ransomware gangs. While the numbers are disputable – tracking successful ransomware attacks in largely a matter of distilling claims from various sites as well as admitted attacks – the trends themselves are convincing.
There’s some hope that if the trend continues, ransomware incidence rates will begin falling as well if they pay out less reliably. However, the issue remains that even an unsuccessful ransomware attack – one that does not manage to draw out a ransom payment – can still badly financially affect the targeted organization. It’s worth continuing to watch developments as the year continues.
Pressure for more data regulation
Data regulation has been a huge topic for the last two years, with government action trying to address known issues. EU-level regulatory acts like the GDPR and DORA have been written about previously at some length.
AI is now driving the conversation to continue. While the EU already has some AI specific regulations in place, the intersection of AI development and data security (especially where regarding sensitive data entering AI data sets, or potential GDPR violation stemming from AI data access) is a topic that promises to see future development.
Uncertainty in international spaces
Last year saw national and international level regulations slowly beginning to align. This year, the uncertainty around continued development of cybersecurity regulation in the United States may open gaps between previously aligned acts.
This is primarily an issue for larger international organizations that may find certain systems and software meet legal requirements only in some countries or regions, and fail to comply in others. Solutions to this – whether it is to have separate branches or to try and align entire organizations with multiple frameworks – are likely to be complex and potentially expensive.
Your Data In Your Hands – With TECH-ARROW
