Top 10 Cybersecurity Predictions for 2026: A Framework-Driven Forecast

Posted on January 8, 2026 by Jason Lewis

Introduction: Beyond Speculation

This document presents our Top 10 Cybersecurity Predictions for 2026. It is the culmination of a rigorous analytical process that included a reality check of 2025 forecasts, a comparative analysis of industry predictions, and a critical self-evaluation of our own models. 

Our analysis of 2025 revealed that the industry is excellent at predicting what will happen but consistently underestimates when and how much. This forecast aims to correct that. We have adjusted for timeline optimism, accounted for threat volume underestimation, and replaced low-reliability regulatory speculation with higher-confidence predictions grounded in observable data.

These are not just guesses; they are framework-driven forecasts designed to be actionable, measurable, and reliable. They are organized into three key themes that will define the 2026 landscape: The Autonomous Threat, The Resilient Defense, and The Geopolitical Tech Stack.

Theme 1: The Autonomous Threat

The convergence of mature agentic AI and proven attack vectors will give rise to autonomous threats that operate at machine speed and scale, fundamentally changing the nature of offense.

Prediction 1: The First Autonomous, AI-Orchestrated Supply Chain Campaign Emerges

  • Framework Score: 8.7/10 (High Reliability, High Actionability)
  • The Prediction: An autonomous AI agent will conceive, plan, and execute a multi-stage software supply chain campaign with minimal human oversight, likely emerging in late 2026 or early 2027.
  • What We’ll See: An attack that compromises a widely used open-source library or MSP, then autonomously probes and pivots into downstream targets based on a high-level goal (e.g., “compromise a financial institution”). The speed of lateral movement will outpace human incident response.
  • Why It Matters: This moves beyond AI-assisted attacks to goal-directed, self-propagating campaigns. It represents a step-change in attacker capability, forcing the development of AI-powered defensive agents in response.
  • Data from 2025: GPT-5 achieved 74.9% on the SWE-bench coding benchmark [1], demonstrating the ability to write and debug complex code. This, combined with the doubling of software supply chain attacks in 2025 [2], creates the perfect storm for this convergence.

Prediction 2: Ransomware Evolves into AI-Powered Data Extortion

  • Framework Score: 8.3/10 (High Reliability, High Actionability)
  • The Prediction: Ransomware groups will broadly shift from data encryption to AI-powered data exfiltration and extortion, focusing on maximizing the business impact of stolen data.
  • What We’ll See: Attackers using AI to automatically parse exfiltrated data, identify the most sensitive information (e.g., M&A documents, executive communications, PII of high-net-worth individuals), and craft highly specific, targeted extortion threats. The initial ransom demand will become secondary to the threat of leaking strategically damaging information.
  • Why It Matters: This makes every business a potential target, not just those susceptible to operational downtime. It shifts the defensive focus from data recovery (backups) to data protection and exfiltration prevention (DLP, network segmentation).
  • Data from 2025: Ransomware attacks increased 40% YoY, and the first AI-driven ransomware (PromptLock) appeared. The average dwell time before detection remains over 30 days, giving attackers ample time for data exfiltration.

Prediction 3: Deepfake Attacks Become a Standard Corporate Threat; 80%+ of Organizations Targeted

  • Framework Score: 9.0/10 (High Reliability, High Actionability)
  • The Prediction: At least 80% of large organizations will be targeted by a sophisticated deepfake-based attack in 2026, moving from a novel threat to a standard tool in the social engineering toolkit.
  • What We’ll See: A surge in AI-generated voice and video attacks targeting financial departments for fraudulent wire transfers, HR for sensitive employee data, and executives for public manipulation. The quality of deepfakes will become indistinguishable from reality for the unaided human eye and ear.
  • Why It Matters: This invalidates traditional identity verification methods based on voice or video calls. It requires a shift to device-based and cryptographic identity verification (e.g., FIDO2, hardware tokens) for high-stakes transactions.
  • Data from 2025: 62% of businesses experienced deepfake attacks in 2025, with a 173% increase in voice fraud. The Prediction Reliability Framework indicates that threat volume predictions are consistently underestimated, suggesting the 80% figure is a realistic, if not conservative, forecast.

Theme 2: The Resilient Defense

Defenders will respond to the autonomous threat by adopting AI-powered and structurally resilient security paradigms. The focus will shift from prevention to rapid detection, automated response, and systemic resilience.

Prediction 4: AI-Powered SOCs Achieve Parity with Human Analysts

  • Framework Score: 8.7/10 (High Reliability, High Actionability)
  • The Prediction: By the end of 2026, leading security vendors will offer AI-powered Security Operations Center (SOC) platforms that can autonomously investigate, triage, and remediate common alerts with a level of accuracy and speed matching or exceeding a Level 1 human analyst.
  • What We’ll See: The first commercially available “AI SOC-in-a-box” solutions. A significant reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) for organizations that adopt them. A shift in human analyst roles from alert triage to AI oversight, threat hunting, and model training.
  • Why It Matters: This is the only viable response to machine-speed attacks. It addresses the chronic cybersecurity skills gap and allows human talent to focus on higher-value strategic tasks. It will bifurcate the industry into organizations with AI-augmented defenses and those without.
  • Data from 2025: 75% of organizations reported being unable to find AI-skilled security staff. The success of AI in coding (GPT-5) and other complex domains provides a clear precedent for its application in the structured, data-rich environment of a SOC.

Prediction 5: Critical Infrastructure Adopts “Zero-Trust + Zero-Knowledge” Architecture

  • Framework Score: 7.3/10 (Moderate-High Reliability, High Actionability)
  • The Prediction: The first large-scale deployments of a new security paradigm—Zero-Trust + Zero-Knowledge—will begin to emerge in critical infrastructure sectors like finance and energy in late 2026 or early 2027.
  • What We’ll See: Financial clearing houses and energy grid operators implementing zero-knowledge proofs to verify transactions and commands without needing access to the underlying sensitive data. This allows for verification even if the core service provider is compromised.
  • Why It Matters: Zero-Trust alone is insufficient when the vendor or infrastructure itself is compromised. Adding Zero-Knowledge provides a mathematical guarantee of integrity, a crucial step in securing systems against nation-state and supply chain threats.
  • Data from 2025: The discovery of backdoors in Chinese-made solar inverters [5] and persistent access by Iranian actors via MFA modification [5] proved that trust in underlying infrastructure is a failed model. Zero-knowledge proofs are a mature technology ready for deployment.

Prediction 6: Open-Source AI Democratizes Both Attack and Defense

  • Framework Score: 8.0/10 (High Reliability, Moderate Actionability)
  • The Prediction: High-performance, open-source AI models (equivalent to 2025-era GPT-4) will become widely available, leading to a rapid democratization of both sophisticated AI attacks and advanced AI defenses.
  • What We’ll See: A proliferation of easy-to-use offensive AI tools for social engineering, malware creation, and vulnerability discovery. Simultaneously, a new wave of open-source defensive tools will emerge, allowing smaller organizations to build their own AI-powered security solutions.
  • Why It Matters: This levels the playing field. It lowers the barrier to entry for sophisticated attacks, but also removes the dependency on expensive commercial security solutions for defense. The advantage will shift to whoever can innovate and adapt with these open models the fastest.
  • Data from 2025: The release of powerful open-source models like Llama 3 and Mistral-Large demonstrated a clear trend toward the commoditization of advanced AI. This pattern will accelerate in 2026.

Theme 3: The Geopolitical Tech Stack

Technology and security will no longer be a global monolith. Geopolitical competition will fracture the tech stack, creating new risks and forcing organizations to navigate a balkanized digital world.

Prediction 7: The “Chief AI Risk Officer” (CAIRO) Becomes an Emerging C-Suite Role

  • Framework Score: 9.0/10 (High Reliability, High Actionability)
  • The Prediction: The Chief AI Risk Officer (CAIRO) will emerge as a common C-suite role in early-adopter Fortune 500 companies, driven by board-level pressure to govern the complex, fast-moving risks of enterprise-wide AI deployment.
  • What We’ll See: Public announcements of CAIRO hires at major financial, healthcare, and technology firms. The development of formal AI risk management frameworks that bridge the gap between technical AI teams, business units, and legal/compliance.
  • Why It Matters: It signals that AI risk has graduated from a technical problem to a strategic business concern. The CISO and CIO are not equipped to handle the unique, holistic risks of AI (bias, hallucinations, ethics, security). A dedicated, accountable executive is required.
  • Data from 2025: Gartner predicted that 50% of all cloud compute will be devoted to AI by 2029 [4]. The reliability of models like GPT-5 makes them suitable for mission-critical business processes, making AI risk a board-level issue.

Prediction 8: “Sovereign AI” Initiatives Accelerate, Creating a Balkanized AI Landscape

  • Framework Score: 6.3/10 (Moderate Reliability, Moderate Actionability)
  • The Prediction: Major geopolitical blocs (EU, China, India) will announce multi-billion dollar national initiatives to build sovereign, state-controlled foundational AI models in 2026-2027, prioritizing digital sovereignty over global collaboration.
  • What We’ll See: Government funding announcements for national AI compute centers. The establishment of national AI research institutes. Regulations that favor or mandate the use of domestic AI models for government and critical infrastructure.
  • Why It Matters: This fractures the AI ecosystem. It creates challenges for global safety research, interoperability, and trade. Multinational corporations will be forced to navigate a complex web of competing AI standards and data residency requirements.
  • Data from 2025: Gartner identified “Digital Sovereignty” as a top trend, with over 50% of multinationals expected to have a strategy by 2029 [4]. The pre-positioning of backdoors in critical infrastructure by nation-states [5] shows that control over the digital supply chain is a national security imperative.

Prediction 9: The Rise of the “Splinternet” Accelerates; Security Perimeters Become National Borders

  • Framework Score: 7.7/10 (Moderate-High Reliability, Moderate Actionability)
  • The Prediction: The fragmentation of the internet will accelerate, with nations implementing stricter data localization laws and network-level controls, effectively turning their national digital infrastructure into a walled garden.
  • What We’ll See: More countries mandating that citizen data be stored and processed within national borders. An increase in state-level blocking of foreign services and applications. Multinational companies being forced to build separate, isolated infrastructure for different geopolitical blocs.
  • Why It Matters: This breaks the global operating model of many businesses. It increases compliance costs, fragments security operations, and creates new risks as data is siloed and visibility is lost. The perimeter is no longer the corporate network; it’s the national border.
  • Data from 2025: The trend of digital sovereignty, combined with ongoing geopolitical tensions, provides a strong foundation for this prediction. The actions of Russia and China in controlling their domestic internet provide a clear playbook for other nations.

Prediction 10: Cybersecurity M&A Focuses on “AI-Native” Security Companies

  • Framework Score: 8.0/10 (High Reliability, Moderate Actionability)
  • The Prediction: The cybersecurity M&A market in 2026 will be dominated by large platform vendors (e.g., Palo Alto Networks, CrowdStrike, Microsoft) acquiring smaller, “AI-native” security startups.
  • What We’ll See: A series of high-multiple acquisitions of companies specializing in AI-powered threat detection, autonomous response, and deepfake detection. Legacy vendors will prioritize acquiring AI talent and technology over traditional security tools.
  • Why It Matters: It signals a fundamental market shift. The future of cybersecurity is AI-powered, and legacy vendors who cannot build this capability organically will be forced to buy it. This will consolidate the market around a few large, AI-driven platforms.
  • Data from 2025: The emergence of AI-powered SOCs and the clear demand for AI-skilled security professionals create a powerful incentive for acquisition. The high valuation of AI companies across all sectors will be reflected in cybersecurity M&A.

Conclusion: Preparing for 2026

The world of 2026 will be defined by the collision of autonomous systems and geopolitical realities. The threats will be faster, smarter, and more targeted. The defenses will need to be equally autonomous and resilient. And the digital landscape itself will be fractured along national lines.

These ten predictions, grounded in the lessons of 2025 and filtered through a rigorous reliability framework, provide a clear roadmap for the year ahead. They are not intended to be a source of fear, but a call to action. The organizations that thrive in 2026 will be those that embrace AI in their defenses, build for resilience, and navigate the geopolitical tech stack with strategic foresight.

References

  • [1] OpenAI. (2025, August 7). Introducing GPT-5.
  • [2] Cyble. (2025, September 1). Supply Chain Attacks Surge In 2025: Double The Usual Rate.
  • [3] Electronic Frontier Foundation. (2025, December 17). The Breachies 2025: The Worst, Weirdest, Most Impactful Data Breaches of the Year.
  • [4] Gartner. (2025, May 13). Gartner Identifies the Top Trends Shaping the Future of Cloud.

[5] Lohrmann, D. (2025, May 25). Midyear Roundup: Nation-State Cyber Threats in 2025. GovTech.

Posted in AI, Predictions | Tagged , , , | Comments Off on Top 10 Cybersecurity Predictions for 2026: A Framework-Driven Forecast

Critical Review: The Top 10 Cybersecurity Predictions of 2025 vs. Reality

Posted on January 4, 2026 by Jason Lewis

Introduction: The Prediction Accountability Report

Every year, the cybersecurity industry produces a deluge of predictions that shape strategy, influence budgets, and set market expectations. But how accurate are they? This report conducts a forensic analysis of the top 10 cybersecurity predictions made for 2025, comparing the forecasts from late 2024 against the documented reality of what transpired.

By critically evaluating where the industry was right, where it was wrong, and—most importantly—why, we can identify the systemic biases in our forecasting and build a more reliable model for the future. This is not just an academic exercise; it is a crucial accountability report that provides actionable lessons for leaders, strategists, and practitioners.

The Top 10 Predictions of 2025: A Critical Review

These ten predictions represent the most prominent and recurring themes from industry leaders and aggregators like Dan Lohrmann (GovTech), IBM, Google/Mandiant, and Trend Micro, as forecasted in late 2024.

Prediction 1: “Agentic AI” Emerges as a Hot New Threat

  • Source: Industry Consensus, led by Dan Lohrmann’s aggregation [3].
  • The Prediction: Autonomous AI systems, capable of independently planning and executing multi-step attacks, would move from theory to reality.
  • What Actually Happened: In his 2025 year-end review, Lohrmann confirmed this as the “Agentic Code Tipping Point,” a defining theme of the year. While a fully autonomous end-to-end campaign was not publicly documented, the underlying capabilities (reasoning, planning, tool use) in models like GPT-5 matured significantly, and attackers began leveraging these agentic capabilities for sophisticated reconnaissance and exploit development.
  • Accuracy: 8.5/10 – ✅ Highly Accurate & On Schedule
  • Critical Analysis: This prediction was spot-on. It was realistic because the rapid evolution of LLMs in 2024 made agentic capabilities the logical next step. The prediction was not for a full Skynet scenario but for the emergence of the threat, which is exactly what happened. It came true because the technology matured as expected, and the economic incentive for attackers to automate complex tasks is immense.

Prediction 2: AI-Driven Scams and Deepfakes Will Surge

  • Source: Universal Consensus (Lohrmann #2, MES Computing #1, etc.) [1, 3].
  • The Prediction: Generative AI would lead to an epidemic of highly realistic deepfakes, voice scams, and personalized phishing at an unprecedented scale.
  • What Actually Happened: This prediction was not only accurate but dramatically underestimated. A Gartner report in September 2025 found that 62% of businesses had experienced a deepfake attack, and Pindrop reported a 173% increase in synthetic voice fraud [1].
  • Accuracy: 10/10 – ✅ Accurate & Underestimated
  • Critical Analysis: This was the most realistic and easily foreseeable prediction of 2025. The technology was already accessible in 2024, and the barrier to entry for creating convincing fakes was rapidly falling. It came true because the tools became commoditized, making it trivial for even low-skilled attackers to launch sophisticated social engineering campaigns. The lesson here is that when a threat is tied to the democratization of technology, its scale will almost always exceed expectations.

Prediction 3: Ransomware Evolves With Automation and AI

  • Source: Industry Consensus (Lohrmann #3, MES Computing #2) [1, 3].
  • The Prediction: Ransomware groups would integrate AI to create polymorphic malware, automate lateral movement, and enhance extortion tactics.
  • What Actually Happened: ESET discovered “PromptLock” in December 2025, the first known AI-driven ransomware capable of generating malicious scripts on the fly. Overall ransomware attacks increased by an estimated 40% YoY [1]. The primary evolution was the widespread adoption of double extortion (data exfiltration), which AI was used to parse for more effective psychological targeting.
  • Accuracy: 9.0/10 – ✅ Highly Accurate
  • Critical Analysis: This was a highly realistic prediction. Ransomware is a mature, profitable criminal enterprise, and its operators are rational economic actors who will always adopt efficiency-boosting technology. The prediction came true precisely because AI offered a clear ROI for attackers in terms of speed, scale, and evasion.

Prediction 4: Supply Chain Attacks Will Be on the Rise

  • Source: Industry Consensus (Lohrmann #4, MES Computing #4) [1, 3].
  • The Prediction: Attacks targeting open-source dependencies, software vendors, and MSPs would increase in frequency and impact.
  • What Actually Happened: This prediction was 100% accurate. Research from Cyble showed that the rate of software supply chain attacks exactly doubled in 2025, jumping from an average of 13 per month to 26 per month starting in April [2]. High-profile incidents like the Change Healthcare and Sisense breaches underscored the systemic risk.
  • Accuracy: 10/10 – ✅ Accurate & Quantitatively Confirmed
  • Critical Analysis: This was a safe but important prediction. The trend was already well-established, and the increasing complexity of software made it an inevitability. It came true because the attack surface is enormous and defending the entire software supply chain is an intractable problem for any single organization.

Prediction 5: The Cybersecurity Skills Gap Will Widen, Especially in AI

  • Source: MES Computing, IBM, and others [1, 4].
  • The Prediction: Organizations would struggle to find and retain cybersecurity professionals with the necessary AI skills to combat new threats.
  • What Actually Happened: This was fully validated. A 2025 survey confirmed that 75% of organizations could not find IT staff skilled in AI. Talent advisory firms noted that employees who proactively upskilled in AI were being promoted, while those who didn’t were being left behind.
  • Accuracy: 9.5/10 – ✅ Highly Accurate
  • Critical Analysis: This was another highly realistic prediction, bordering on an observation of an existing trend. The explosion of AI in 2024 created an immediate and massive demand for skills that the labor market had not had time to produce. It was a simple case of demand vastly outstripping supply.

Prediction 6: Geopolitical Cyber Warfare Will Intensify

  • Source: Dan Lohrmann’s aggregation (Trend #6) [3].
  • The Prediction: Nation-state activity from the “Big Four” (Russia, China, Iran, North Korea) and their proxies would increase, targeting critical infrastructure and pre-positioning for future conflicts.
  • What Actually Happened: This was confirmed throughout 2025. Reports detailed Russia’s multi-year campaigns against Ukrainian logistics, China’s embedding of backdoors in solar inverters, North Korea’s creation of fake US companies to target crypto, and Iran’s modification of MFA registrations for persistent access.
  • Accuracy: 9.0/10 – ✅ Highly Accurate
  • Critical Analysis: This was a continuation of a long-running trend, making it a high-probability forecast. It came true because the underlying geopolitical tensions did not de-escalate, and cyberspace remains a primary domain for espionage, sabotage, and power projection below the threshold of conventional warfare.

Prediction 7: Post-Quantum Threats Will Accelerate

  • Source: Dan Lohrmann’s aggregation (Trend #7), IBM [3, 4].
  • The Prediction: The transition to post-quantum cryptography (PQC) would become urgent as “harvest now, decrypt later” attacks become a major concern.
  • What Actually Happened: The prediction was directionally correct but overstated the urgency and speed of adoption. NIST finalized the first PQC standards in August 2024, and major vendors like Cloudflare made significant progress, with over 50% of their traffic using PQC by October 2025. However, broad protocol integration was slower than predicted, and government deadlines were set for 2030-2035, not 2025.
  • Accuracy: 6.5/10 – ⚠️ Directionally Correct, but Timeline Optimistic
  • Critical Analysis: This prediction fell into the classic Emerging Technology Timeline Trap. While the threat is real, the prediction underestimated the inertia of global standards bodies, the complexity of enterprise-wide crypto-agility, and the long timelines of government mandates. It was realistic to predict progress, but unrealistic to predict widespread acceleration and urgency in a single year. It will come true, but on the 2028-2035 timeline set by regulators.

Prediction 8: IoT and Edge Devices as Growing Attack Vectors

  • Source: Dan Lohrmann’s aggregation (Trend #8) [3].
  • The Prediction: The billions of poorly secured IoT and edge devices would become a primary target for large-scale attacks.
  • What Actually Happened: While attacks on IoT devices certainly occurred (e.g., the Chinese solar inverter incident), they did not materialize into the massive, landscape-defining threat that was predicted. As one year-end report noted, IoT “gotten off relatively easy” in 2025 compared to the surge in AI-driven and supply chain attacks.
  • Accuracy: 5.0/10 – ⚠️ Partially True, but Overstated
  • Critical Analysis: This prediction has been made for nearly a decade, and while it remains a real risk, it consistently fails to become the dominant threat. It was realistic in theory but failed to account for the economics of attack. Attackers in 2025 found a higher ROI in targeting scalable vectors like software supply chains and social engineering rather than fragmented and diverse IoT ecosystems. This threat remains latent and will likely materialize when other avenues become better defended.

Prediction 9: AI-Powered SOCs Will Redefine Defenses

  • Source: Dan Lohrmann’s aggregation (Trend #9) [3].
  • The Prediction: Security “co-pilots” and AI-driven SOCs would become central to defense, improving threat detection and response.
  • What Actually Happened: This was highly accurate. The emergence of sophisticated AI threats created a massive market demand for AI-powered defenses. Major security vendors heavily invested in and marketed their AI SOC capabilities, and adoption began in earnest. It became clear that the only way to fight AI-driven attacks was with AI-driven defense.
  • Accuracy: 9.0/10 – ✅ Highly Accurate
  • Critical Analysis: This was a logical and realistic prediction. It followed the simple action-reaction principle of cybersecurity: new offensive capabilities inevitably drive the development of corresponding defensive capabilities. It came true because the market demanded it as a direct response to the threats outlined in predictions #1, #2, and #3.

Prediction 10: Identity Becomes the New Security Perimeter

  • Source: IBM and others [4].
  • The Prediction: The focus of security would continue its shift from network-based perimeters to identity-based controls (Zero Trust, Identity-First strategies).
  • What Actually Happened: This trend continued its steady march toward becoming the default security paradigm. The surge in credential-based attacks and the rise of remote work solidified the business case for Zero Trust architectures. While not a dramatic “2025 event,” it was a correct and important strategic forecast.
  • Accuracy: 8.5/10 – ✅ Highly Accurate (as a continuing trend)
  • Critical Analysis: This was a very safe prediction, as it was an observation of a multi-year trend. It was realistic and came true because the underlying drivers (cloud adoption, remote work, credential theft) all remained strong. It highlights that some of the most valuable predictions are not about novel threats but about the continued momentum of critical strategic shifts.

Key Patterns & Lessons Learned

Our review of the 2025 predictions reveals three critical patterns that form the basis of the Prediction Reliability Framework:

PatternDescriptionLesson for 2026 Forecasting
1. AI & Mature Threats Are ReliablePredictions about AI enhancing existing, profitable attack vectors (phishing, ransomware) were 90-100% accurate.Trust these predictions. When AI is applied to a known, working attack method, it will happen as forecast.
2. Threat Volume Is Always UnderestimatedPredictions of a “surge” or “increase” in deepfakes and supply chain attacks were directionally correct but failed to capture the true scale (62% of businesses, 100% increase).Apply a multiplier. When forecasters say “increase,” mentally adjust the scale by 1.5x to 2.0x for a more realistic picture.
3. Emerging Tech Timelines Are Overly OptimisticPredictions about Post-Quantum and, to a lesser extent, IoT threats were directionally right but years too early. They underestimated institutional inertia and complexity.Add a time buffer. For any prediction involving a fundamental shift in technology or standards (like PQC), add 2-3 years to the timeline for a more accurate forecast.

Conclusion: The Anatomy of an Accurate Prediction

The most accurate predictions for 2025 were not wild guesses about novel threats. They were grounded extrapolations of existing trends, driven by clear economic and technological incentives. The industry was right about the what (AI, supply chain) but often wrong about the when (PQC) and how much (deepfake volume).

This review demonstrates that the future is, to some extent, knowable. By understanding the patterns of past forecasts, we can critically evaluate new ones, adjust for their inherent biases, and ultimately make better, more resilient strategic decisions.

References

[1] MES Computing. (2025, December 22). Cybersecurity Predictions: 5 That Came True In 2025, and 5 More For 2026. https://www.mescomputing.com/news/security/cybersecurity-predictions-5-that-came-true-in-2025-and-5-more-for-2026

[2] Cyble. (2025, September). Supply Chain Attacks Double in 2025. https://cyble.com/blog/supply-chain-attacks-double-in-2025/

[3] Lohrmann, D. (2024, December 20). The Top 25 Security Predictions for 2025 (Part 1). GovTech. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-25-security-predictions-for-2025-part-1

[4] Poremba, S. (Late 2024). Cybersecurity trends and predictions for 2025. IBM Think. https://www.ibm.com/think/insights/cybersecurity-trends-ibm-predictions-2025

[5] Lohrmann, D. (2025, December 14). 2025: The Year Cybersecurity Crossed the AI Rubicon. GovTech. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2025-the-year-cybersecurity-crossed-the-ai-rubicon

[6] Westerbaan, B. (2025, October 28). State of the post-quantum Internet in 2025. Cloudflare Blog. https://blog.cloudflare.com/pq-2025/

Posted in Opinion, Predictions | Tagged , , | Comments Off on Critical Review: The Top 10 Cybersecurity Predictions of 2025 vs. Reality

Threat Intelligence Platforms as a razor

Posted on January 16, 2017 by Jason Lewis

I’ve been thinking about Threat Intelligence (TI) and Threat Intel Platforms (TIP) lately. What makes a platform useful? What role should Threat Intel play? Does TI even matter? Just so we’re on the same page, Threat Intel is not just Indicators of Compromise (IOC). It includes IOCs, but it’s also the knowledge, context and evaluation of those elements that inform decisions and action.
Continue reading

Posted in Threat Intel | Tagged | Comments Off on Threat Intelligence Platforms as a razor

APT meet PFT and AOA

Posted on March 28, 2011 by Jason Lewis

Just to clarify, this post is about APT and I’m not trying to sell you something.

Advanced Persistent Threat (APT) is the all the buzz these days. It’s become an all-encompassing term to describe just about any covert intrusion in the news. Guess what? APT is espionage. It’s not spammers, it’s not opportunistic hackers, it’s not criminals trying to get credit card information. Wikipedia has a good entry: http://en.wikipedia.org/wiki/Advanced_Persistent_Threat
Continue reading

Posted in Opinion | Tagged , , , , , , , , , , , , , , , | Leave a comment

Open letter to Sprint

Posted on March 21, 2011 by Jason Lewis

I’m a T-Mobile customer. I’m distraught that ATT is on track to purchase the company. In a word, ATT sucks. If the deal happens, I will be leaving T-Mobile. There is no question, I will be looking for another carrier. So, Sprint, here’s your chance. I’m not the only T-mobile customer that feels this way. You have an opportunity to grab some customers, but there are some things you need to do.
Continue reading

Posted in Opinion | Tagged , , , , | Leave a comment

How to install DJB’s dnscache on Ubuntu 10.10

Posted on December 27, 2010 by Jason Lewis

I recently attempted to install DJB’s dnscache from packages on Ubuntu 10.10. It seemed to be a bit broken and I wasn’t interested in installing from source. This is a quick set of steps to get it running.
Continue reading

Posted in Configs, HowTo | Tagged , , , , , | Leave a comment

Cybertage

Posted on December 13, 2010 by Jason Lewis

To Sabotage by the Beastie Boys. Apologies all around. haha

Inspiration: http://twitter.com/WeldPond/statuses/14499873948700673

Continue reading

Posted in Opinion | Tagged , , , | 1 Comment

Create a bootable usb stick from an ISO with OSX

Posted on December 6, 2010 by Jason Lewis

It’s pretty easy to create a bootable usb stick with Snow Leopard. For example, I’m creating a bootable Ubuntu 10.10 server usb stick.

Plug your usb stick in and use diskutil to list your disks:
$ diskutil list

Continue reading

Posted in HowTo | Tagged , , , , , | Leave a comment

Wikileaks wack-a-mole, cyberwar first steps

Posted on December 3, 2010 by Jason Lewis

I read that the Pentagon was looking into ways to take down Wikileaks, but ultimately decided to do nothing. There was talk of Cyber Command getting involved and this got me wondering if those in charge realize what they are trying to do. Several politicians have spoken out, but it’s clear they don’t grasp the concepts involved. It isn’t as simple as finding one server and turning off the power. Without even exploring the legal issues with active attacks, lots of research has to be done to determine what exactly needs to be accomplished to shutdown a website. I’ve found the more you understand the intricacies of the operation the more complicated the task becomes. When you want to take down a website like Wikileaks, there is more involved than flipping a switch. Here’s a high level operations plan for a scenario like shutting down Wikileaks.
Continue reading

Posted in Opinion | Tagged , , , , , , , , | Leave a comment

CarMax can’t fix my car, sends me to another dealership. FAIL

Posted on September 17, 2010 by Jason Lewis

This is a letter I’ve mailed to CarMax Corporate Headquarters.

To whom it may concern,

I have purchase and sold four cars through CarMax. Up until recently I have been happy with my CarMax experience and have recommended them to friends. Unfortunately, I won’t be recommending CarMax in the future and I will be taking my business elsewhere.
Continue reading

Posted in Opinion | Tagged , , , , | Leave a comment