My answer for calendar year 2024 will no doubt surprise some readers. I believe that Donald J. Trump’s re-election, including the smooth election process, lack of significant hacking, and minimal election fraud or evidence of major cyber threats to voting, is this year’s top cybersecurity story.
Why the surprise?
Despite the reality that President-elect Trump’s re-election was THE top story for 2024 in the USA (and perhaps globally), many will ask: What does Trump’s victory have to do with the cyber industry?
Others might add: “He’s not even the president yet!”
My response: Trump’s re-election, along with subsequent new senior appointments, such as Elon Musk and Vivek Ramaswamy leading the new Department of Government Efficiency (DOGE), will be remembered most in 10 years. While new budgets, laws, executive orders, directives and policies will not take place until after his inauguration in January 2025, the promise of major action with the Cybersecurity and Infrastructure Security Agency (CISA), changes in world wars, approach to government regulation, and even reaction from the stock market are already happening in 2024.
So why is the Trump re-election so significant for cybersecurity? Here are just some of the many reasons:
1) Dramatic changes in leadership for federal government in numerous agencies.
2) As described in detail by Governing,* Trump will take a largely deregulatory approach to tech, while aiming to aggressively pursue foreign cyber threat actors. Expect major tech and cyber policies to change as never before for the feds.
3) Ukraine approach under Trump will be overhauled, including U.S. aid and cyber impacts.
4) Russia and China cyber strategies will change under Trump 2.0.
5) The incoming Trump administration is unlikely to continue some key elements of President Joe Biden’s 2023 National Cybersecurity Strategy, including industry regulation and liability, says Brookings.
6) Data privacy policy will change.
7) Approach to crypto will change.
8) Leadership on AI and other new tech will change with new support.
9) Back to the start, budget cuts from DOGE will make new security priorities clear very quickly.
10) State and local governments, as well as critical infrastructure sectors, will likely be impacted by the Trump approach to cybersecurity, which will be far different than President Biden.
TOP CYBER STORIES FROM THE PAST FIVE YEARS
Before we dive deeper into the other top cybersecurity stories and themes from the past year, let’s recap the cyber reviews for 2019-2023:
2023 Cyber Review: The Year GenAI Stole the Show — This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security.
2022: The Year the Ukraine War Shocked the World — This past year will be remembered as another year of ransomware attacks, data breaches impacting critical infrastructure and, most of all, global cybersecurity impacts from the Russian war with Ukraine.
2021: The Year Ransomware Disrupted Infrastructure — 2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.
2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic — 2020 will be remembered as a uniquely disruptive year — but not just for a global health crisis. Online life was digitally transformed, as exponential change accelerated at home and work via cyberspace.
2019: The Year Ransomware Targeted State and Local Governments — Another eventful year online, with more data breaches, malware battles and identity thefts. But the surge in successful, targeted ransomware attacks against governments and hospitals is the top 2019 cybersecurity story.
OTHER TOP STORIES/THEMES FROM 2024
After the re-election of Donald J. Trump as the 47th president of the United States, and related election cybersecurity coverage, here are some of the other top stories from 2024:
2) AI and GenAI accelerating everywhere — with positive and negative cyber impacts. Government Technology called 2024 the year "AI Impacts All Areas of Gov Tech." And there were numerous stories in every area that came to life as I traveled the country and was a keynote at numerous cyber and digital summits. A few of those stories included:
- What Factors Slow Enterprise AI Implementations? Several recent studies highlight what is happening in the public and private sectors regarding artificial intelligence initiatives, along with detailing barriers and cybersecurity challenges to address.
- As AI Gains Ground, Security Leaders Need to Embrace Saying Yes — Cybersecurity chiefs are often viewed as inhibitors of innovation who are likely to veto new ideas in the interest of keeping systems safe. But as agencies increasingly lean on AI, CISOs must find a way to get to "yes."
- Montgomery County, Md.’s Chatbot Shows GenAI in Action — I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.
- Ransomware Remains a ‘Brutal’ Threat in 2024 — Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.
- Roundup: The top ransomware stories of 2024 — Ransomware payments reach record high. Ransomware attacks affect the health of health care. New ransomware groups emerge despite crackdowns. Ransomware attackers hit U.S. ports. Top examples include Change Healthcare, NHS Scotland ransomware attack and LockBit ransomware takedown.
- For more on the Change Healthcare ransomware incident see this excellent article in Krebs on Security: Change Healthcare Breach Hits 100M Americans.
- National Cyber Director echoes past warnings: Nation-state cyber threats are mounting
- Nation-State Actors Ramp Up Cyberattacks
- For an in-depth look at cyber war in 2024 and beyond, watch this free “CISO Insights” session on BrightTALK.
As reported by the Wall Street Journal, the massive telecom data breach extended to multiple countries. “At least eight U.S. telecommunications firms were compromised in the attack, a senior White House official said.”
I also like this good summary of the "Top 10 Most Devastating Cyber Incidents of 2024 and Lessons for 2025," particularly Nos. 1 and 3:
“1. Microsoft Executive Email Breach
“A Russia-aligned group exploited a legacy account without multifactor authentication (MFA), gaining access to sensitive email communications within Microsoft’s leadership and federal agencies. The attack underscores the importance of enforcing MFA and zero-trust architectures in protecting legacy systems.
“3. MOAB: The Mother of All Breaches
“A monumental leak exposed 26 billion records across platforms such as Dropbox and LinkedIn due to firewall misconfigurations. This incident emphasizes the importance of continuous security audits and proactive configuration management.”
This YouTube video offers another helpful late-year roundup on cybersecurity topics that covers Iranian election interference, the Change Healthcare hack and LockBit ransomware:
FINAL THOUGHTS
So what comes next for cybersecurity in the new year? What will happen with the new Trump administration on cybersecurity?
Next week we will release part 1 of the Top 25 Security Predictions for 2025, with part 2 coming out on Dec. 29.
You can also check out last year’s security prediction report here, to see how accurate the forecasts were for 2024.
*Governing is a sister publication of Government Technology. Their parent company is e.Republic.
