The Cyber Recession That Is About To Happen In 2025

 

In the past few weeks, I have written a lot about Generative AI, so today, I am going to break from it and talk about something else that is also equal, if not more important in Cybersecurity.  To start off with, we all know that the United States economy is starting to slow down. 

A lot of this can be attributed to the massive number of layoffs that have occurred within the Federal Government, and because of the uncertainty of the tariffs, which have wreaked havoc on our own financial markets. 

To make matters even worse, the overall job growth is also starting to slow down, something that we have not seen in quite some time.

But despite all of this, there is still a silver lining:  The demand and creation for jobs in Cybersecurity still remains strong, however, there are more jobs available than what people can fill.   Consider some of these key statistics:

*According to the ISC2 in their report entitled the “2024 Cybersecurity Workforce Study”, there will be need to 3.4 million Cyber professionals to keep up with the demand. 

*According to Cyber Seek, there were  457,433 cybersecurity job openings from August 2023 to September 2024, but barely any of them were filled.

Yes, this gap is very alarming.  Here are some reasons cited for this trend:

*The Cyber Threat Landscape is constantly changing, in fact even by the minute.  Thus, trying to find the right workers with the exact skillset that is needed is very difficult to do.  In fact, according to a recent report from IBM, over 60% of businesses have failed to find the candidate that they were looking for, simply because they did not have the skills needed.

*A lot of the focus on Cyber jobs has been on offensive roles, such as being a Penetration Tester.  But the way that technology is evolving today, many companies are now resorting  to automated Penetration Testing, versus doing it the traditional ways.  So the demand now are for those candidates that have defensive oriented skills sets, such as being a part of the IT Security team.  But many of the people that have had these roles tend to burn out very quickly, because they are completely inundated with tasks, or the simply are suffering from what is known as “Alert Fatigue”.

*The dawn of the data privacy laws has now created a new demand for Cyber professionals that also have a legal background.  Unfortunately, there are very few people who have this precise skillet.  But, there is a new trend that is also emerging, and that is the need .  what is known as a “Chief Data Privacy Officer”.  Personally, I do not know of anybody who has filled this kind of role, but they seem to be out there.

Compounding the last one even more, is that many companies hiring for that skillset also require an in-depth knowledge of the GDPR, CCPA, the NIST frameworks, and even the ISO standards.  Anybody who can do this will truly be a specialist in the core.

But it is not the hiring managers that are too solely to blame in this regard.  Evern the recruiters have played their fair share of misleading candidates to apply, and they never hear back from them again.  These are technically referred to as “Ghost Jobs”, as these are used to only create a pool of candidates for the recruiting agencies. 

Another complaint that candidates have about the recruiters is that the job postings that they apply to have extremely broad requirements.  But if they have the interview, they are completely shocked when the hiring manager lays out extremely specific requirements for the job. 

My Thoughts on This:

So now, you may very well be asking yourselves:  How can this situation be turned around?  It comes down to both the job candidate and the hiring manager.  Let’s start first with the former.  Assuming that this person will be getting some kind of degree, they should be encouraged to network with their instructors to find an internship of some sort. 

This is what I did when I was in college.  I met with a professor, and he connected me with The Andersons, a large grain company based in the Midwest.

Further, the students should also be asking their instructors about what kinds of specific courses they should be  taking.  For example, if they want to become a Malware Analyst, then they will have to take more quantitative oriented courses to build an analytical mindset. 

Also, the instructors need to take a more active role in encouraging their students to take entry level certs, such as the Certified in Cybersecurity from ISC2 or the Security+ from CompTIA.

Now, on the side of the employer.  In order to end this cat and mouse game of finding the right candidate (which they most likely will never find), they need to take the risk and try to hire somebody that has just entry level skills and train them up for the job. 

True, this could cost a little bit of money in the beginning, but these kinds of candidates will have a tendency to stay longer with the company, versus hiring somebody with the right skill set (and of course at a much higher salary), who probably will not stay around for very long, because they know that they are in demand.

In  the end, there will always be a need for Cyber workers, as threat variants will not fail to exist, and the Cyberattackers will only keep getting stealthier and more deadly in their attacks. If this jobs gap remains the way it is, there will be many more victims because of security breaches occurring in the end. 

Therefore, all three parties must make this happen:

Ø  The student wants a job in Cyber.

Ø  The recruiter in Cyber

Ø  The hiring manager that is trying to fill a Cyber position

Let us make this happen!!!

3 Top Trends To Emerge From Generative AI Poisoning Attacks

 

It seems like that all the news headlines today in Cyber are all about Generative AI and its many different subsets, such as Large Language Models (also known as “LLMs”).  I have covered this topic very extensively in the four books that I have written about it, as well as in the white papers, articles and blogs that I have written for other people. 

But there is one area in which, unbelievably, I have touched upon, and that is the area of what is known as “AI Data Poisoning”. 

You may be wondering what it is, so here is a technical definition of it:

“Data poisoning is a type of cyberattack where threat actors manipulate or corrupt the training data used to develop artificial intelligence (AI) and machine learning (ML) models.”

(SOURCE:  What Is Data Poisoning? | IBM)

Remember, as I have written about in the past, what drives a Generative AI model is the data that is fed into it.  It can be easily compared to a car which needs gasoline to make it run and go places.  Likewise, it is the data that fuels the model and gives the momentum that it needs to produce an answer, or an output to the query that has been submitted to it.

But keep in mind that not just any output will do.  It must meet what the end user is looking for.  In order to make sure that this happens, whoever  is in charge of the model must make sure that the datasets that are fed into the model are cleansed and robust, as well as free from having any statistical outliers. 

Using our car for example again, you need to give the right kind of fuel so that the engine will not get damaged (for instance, you do not pump diesel fuel into a Honda).  The same is true of the Generative AI model.  It needs the right data to make its algorithms (which is its engine) work equally smoothly.

But Generative AI is a field that is changing on an almost daily basis.  Thus trying to deploy the latest Cybersecurity controls can be an almost. impossible task to accomplish.  The Cyberattacker is fully aware of this and knows the vulnerabilities that are present.  Thus, they launch what are known as Poisoning Attacks to insert fake data into the model. 

But it does not stop here.  They can also quite easily insert a malicious payload to serve two key purposes:

Ø  Launch another Supply Chain Attack (just as we saw with Solar Winds and Crowd Strike) that could have huge, cascading effects.

Ø  Launch a Data Exfiltration Attack to not only steal the legitimate datasets that are being used in the model itself, but also those datasets which reside in the IT and Network Infrastructure of a business entity.

So given all of this, there are now three trends that are expected to happen, at some point in time down the road, which are as follows:

1)     Back To Solar Winds:

Yes, I know I just mentioned this, but the kind of attack that can happen here to a Generative AI Model will be magnified by at least ten times because of a Poisoning Attack.  To put it another perspective, when the Solar Winds hack took place, there were about 1,000 victims.  Now, there could be at least 10,000 victims or even more, all over the world.  In this regard, the main point of insertion for a malicious payload would be LLM, if there is one that is present.

2)     The Role of the CDO:

This is an acronym that stands for the “Chief Data Officer”.  This job title can be compared to that of the CISO, but their focus is on the datasets that their company has and is currently using.  Up until now, their main tasks were to simply write the Security Policies that would help fortify the lines of defenses around a Generative AI model.  But with the advent of Data Poisoning, their role will now shift into hiring and managing a team of employees whose sole mission is the cleansing and optimization of the datasets before they are fed into the model.  Another key role for them here also is to make sure that whatever datasets they are using come into compliance with the data privacy laws, such as those of the GDPR and the CCPA.

3)     It is Going to Happen:

If Phishing has been around, so will Poisoning Attacks.  They will start to evolve this year and pick up steam later on.  But as companies keep using Generative AI, this will be a highly favored threat variant for the Cyberattacker.  In fact, according to a recent market survey that was conducted by McKinsey, over 65% of businesses today use Generative AI on a daily basis.  To see the full report, access the link below:

http://cyberresources.solutions/Blogs/Gen_AI_Report.pdf

My Thoughts on This:

I am far from being an actual Generative AI practitioner, but I would like to offer my opinion as to how you can mitigate the threat of a Poisoning Attack from impacting your business:

Ø  Generative AI models are not just one thing.  The model or models that it uses are connected to many other resources in the external world.  There are a lot of interconnectivities here, so I would recommend keeping a map or visual to keep track of all this and keep updating on a real-time basis as more connections are being made into it.  This will also give a clever idea as to where you need to exactly deploy your Cybersecurity controls in the Generative AI Ecosystem.

 

Ø  If you can, hire a CDO as quickly as you can.  You do not have to hire them as full-time employees, you can also hire them on a contract basis, to keep them affordable.  But you will need them ASAP if you are going to make use of Generative AI based models.

Poisoning Attacks are going to be around for a long time.  So, now is the time to get prepared!!!