2024 was a landmark year in the SecureTech industry, categorized by many key events spanning from continued geopolitical tensions across Europe and the Middle East, rising cyber attacks, the summer Olympics in Paris, advancements in AI, and more than 84 elections globally.
NightDragon’s companies have been on the front lines of these incidents, helping their customers navigate risk around national security, supply chain, application security, critical infrastructure, and more. As part of our year-end content series, we also asked the CEOs of NightDragon’s portfolio to share reflections on 2024 and predictions and insights on what’s to come in 2025.
Take a look at what they have to say about what trends they are watching:
Capella Space CEO, Frank Backes — The explosion of AI capabilities through 2024 has touched all our lives, and I don’t expect that to slow for the Earth observation and satellite industries. We should expect even faster and more accurate object and feature detection, in addition to more reliable change monitoring. The acceleration of AI adoption is feeding the need for automation, and companies looking for a successful year will have to start maturing that capability across their platform. Already Capella has a fully automated Tasking platform and near-fully automated satellite commissioning, taking humans almost fully out of the loop.
We can also expect to see the results of growing momentum in the regulatory community to loosen export controls to enable US industry to maintain competitiveness abroad. Capella Space and our other industry partners are looking forward to working with officials through 2025 to develop a more flexible regulatory framework.
Onapsis Co-Founder and CEO, Mariano Nunez — More organizations will need to accelerate their critical SP cloud transformation projects in 2025. With the 2027 migration deadline looming, many companies are already behind and will face increasing pressure to rush these critical initiatives. Given the heightened exposure and risks associated with moving SAP to the cloud, it will be imperative that CISOs and CIOs collaborate to prioritize compliance and secure-by-design controls to avoid delivering transformations exposed to significant risk. We’re enabling more organizations to do this through our newly released Onapsis Secure RISE Accelerator, designed to help organizations achieve these goals while embedding security from day zero. Those who decide to go down this path will be able to accelerate and de-risk their transformations projects and go-lives, without sacrificing security and compliance.
Interos CEO, Ted Krantz — Cybersecurity threats, alongside geopolitical tensions, natural disasters, global pandemic and endless other factors have made managing supply chains increasingly difficult. As the world’s supply chains continue to evolve at a rapid rate, organizations will increasingly rely on AI to ensure the security posture of their supply chain. The average organization in the S&P 500 has 1,700 direct suppliers and 1.5 million supply chain relationships through its third tier of suppliers, an 882-fold increase in relationships beyond the first tier. AI’s ability to provide real-time risk monitoring and actionable insights will empower businesses to stay ahead of disruptions in 2025.
From assessing geolocation-specific cyber risks to real-time event monitoring of cyberattacks, integrating AI into supply chain security strategies will enable leaders to shift from the reactive management to proactive threat prevention, solidifying AI’s role as a cornerstone of business continuity in the upcoming year.
Claroty, Chief Strategy Officer, Grant Geyer —
U.S. Water Sector and U.S. Government Continue Murder-Suicide Pact in Cybersecurity: Despite the clear understanding that U.S. adversaries are targeting the water sector to project power and create gaps in confidence in the U.S. Government’s ability to safeguard the public, we predict that the water sector and government will continue the current path of inaction. While the water sector asks Congress for a NERC-like regulatory regime, efforts by the EPA to enforce cybersecurity standards in a questionable manner have sparked intense backlash. Meanwhile, the threat landscape is growing more dangerous, with cyberattacks from Russia, China, and Iran exposing critical vulnerabilities in our water systems. Recent government reports are sounding the alarm, yet federal oversight is further complicated by the Supreme Court’s reversal of the Chevron Doctrine. In 2025 we expect cyberattacks targeting water utilities to increase in both frequency and sophistication, facilitated by aging infrastructure and inadequate cybersecurity investment. Unless the current deadlock is broken, the consequences could be severe – from gaps in public confidence, to disrupted water supplies, to public safety risks.
The First Volley of Legal Cases Will Test the Ability of Cybersecurity Regulation to Survive the Reversal of Chevron Deference: While the whole of government has made substantive progress in regulations and legislation, the U.S. Supreme Court reversal of the Chevron Doctrine in 2024 and articulation of the Major Questions Doctrine in 2022 threaten to slow down much of this progress. Based on a Supreme Court ruling over 40 years ago, the experts in the executive branch were given deference in interpreting vague Congressional language. The recent SCOTUS ruling reversed that decision, which provides an opening for legal challenges where legislation is insufficiently clear, or executive branch agencies are perceived to be taking too much leeway in implementation decisions. While there are a myriad of implications for how the U.S. Government operates, this specific ruling may have a significant impact on existing cybersecurity legislation and regulation, with specific risk to important policy and rulemaking such as CIRCIA, breach notification rule-making, TSA regulations, and water sector regulations. While this process will be messy, as the stakes for national security are critical, Congress needs to quickly develop cyber security expertise – or leverage it more effectively from industry – to ensure that we are building hardened and uncontestable legislation.
This blog is the first in our series of year-end content. Keep an eye out for more upcoming articles from our portfolio leaders.