Tendencias de ciberseguridad

Tecnología · 2024-2027

Cybersecurity Trend: AI-Driven Threat Detection Is Replacing Signature-Based Systems

Machine learning models trained on behavioral telemetry now detect novel threats that rule-based systems miss. This shift is changing SOC workflows, tool procurement, and the skills cybersecurity analysts need.

Tecnología · 2024-2028

Cybersecurity Trend: Zero Trust Architecture Maturity Moves Beyond Buzzwords

Zero Trust has evolved from a marketing term to a concrete set of implementation patterns. Federal mandates and insurance requirements are forcing organizations past the planning stage into measurable deployments.

Tecnología · 2024-2027

Cybersecurity Trend: Cloud-Native Security Posture Management Becomes Essential

As organizations accelerate cloud-native adoption, Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tools are becoming mandatory components of enterprise security stacks.

Tecnología · 2024-2030

Cybersecurity Trend: Post-Quantum Cryptography Migration Timelines Accelerate

NIST finalized post-quantum cryptographic standards in 2024. Organizations now face concrete migration timelines for public key infrastructure, and the cybersecurity workforce needs professionals who understand both the cryptographic theory and the implementation challenges.

Tecnología · 2024-2028

Cybersecurity Trend: IT/OT Convergence Creates New Security Career Paths

The convergence of Information Technology and Operational Technology environments is creating a distinct career track for security professionals who understand both IT security principles and industrial control systems.

Carreras · 2024-2028

Cybersecurity Skills-Based Hiring in 2026: Google, IBM, Apple, and Federal Agencies Drop Degree Requirements

Major employers and federal agencies are removing four-year degree requirements for cybersecurity roles. Skills-based hiring, validated by certifications and practical assessments, is becoming the dominant model.

Carreras · 2024-2027

Cybersecurity Trend: Sales and Go-to-Market Roles Are the Fastest-Growing Segment

The $200B+ cybersecurity vendor market needs sales professionals who understand both the technology and the buyer. Cybersecurity sales roles offer six-figure OTE at the entry level and often outpace technical role compensation.

Carreras · 2024-2027

Cybersecurity Trend: Remote Work Continues to Reshape Hiring Geography

Approximately 30% of cybersecurity job postings now offer remote work, enabling professionals outside major metro areas to access top-tier positions while creating salary normalization pressures.

Carreras · 2024-2027

Cybersecurity Trend: Burnout and Retention Crisis Forces Workforce Strategy Changes

Studies show 50-65% of cybersecurity professionals report burnout symptoms. Organizations are responding with rotation programs, automation investments, and mental health support to retain skilled staff.

Carreras · 2024-2028

Cybersecurity Trend: Diversity Initiatives Are Expanding the Talent Pipeline

Programs targeting women, veterans, and underrepresented minorities are producing measurable results in diversifying the cybersecurity workforce, with implications for hiring practices, team composition, and career entry points.

Mercado · 2024-2027

Cybersecurity Trend: Vendor Market Consolidation and Its Career Impact

Cybersecurity vendor M&A activity is consolidating point solutions into platform plays. This reshapes which vendor skills are valuable, which products survive, and where new career opportunities emerge.

Mercado · 2024-2027

Cybersecurity Trend: Cyber Insurance Market Is Driving Security Standards

Cyber insurance carriers have become de facto security standard setters. Their underwriting requirements now dictate security controls, creating compliance demand and career opportunities in cybersecurity risk assessment.

Mercado · 2024-2028

Cybersecurity Trend: Managed Security Services Market Growth Reshapes Career Options

The managed security services (MSS) and managed detection and response (MDR) market is growing as mid-market organizations outsource security operations. This creates distinct career paths within service providers.

Mercado · 2024-2027

Cybersecurity Trend: Startup Funding Patterns and Career Opportunities

After a cooling period in 2023, cybersecurity startup funding is recovering with focus on AI security, identity, and cloud security. Early-stage companies offer career growth, equity upside, and exposure to emerging technology areas.

Política · 2024-2027

Cybersecurity Trend: SEC Disclosure Rules Are Reshaping Security Leadership

The SEC's cybersecurity incident disclosure rules (effective December 2023) require material incident reporting within four business days. This regulatory mandate is elevating the CISO role and creating demand for professionals who can bridge security operations and executive communication.

Política · 2024-2028

Cybersecurity Trend: AI Governance Regulations Are Creating New Security Roles

The EU AI Act, NIST AI RMF, and emerging state-level AI regulations are creating demand for professionals who can assess, audit, and secure AI systems. This intersection of AI governance and cybersecurity is producing new career paths.

Política · 2024-2028

Cybersecurity Trend: State Privacy Laws Are Expanding Compliance Demand

With 20+ U.S. states enacting privacy legislation and no federal privacy law, cybersecurity professionals with privacy compliance expertise face growing demand across industries.

Salario · 2024-2027

Cybersecurity Salary Growth in 2026: Median Hit $124,910 vs $84,460 General IT (BLS)

BLS data shows cybersecurity salaries growing faster than the broader IT sector. The persistent workforce gap, regulatory pressure, and insurance requirements maintain upward compensation pressure.

Salario · 2024-2027

Cybersecurity Certification ROI in 2026: CISSP, OSCP, and Cloud Security Drive the Highest Salary Lift

Analysis of public salary data and certification costs shows that CISSP, OSCP, and cloud security certifications provide the highest return on investment. Entry-level certifications pay back within months.

Salario · 2024-2027

Cybersecurity Trend: Total Compensation Packages Expand Beyond Base Salary

Cybersecurity employers are competing on total compensation with equity, bonuses, certification reimbursement, training budgets, and retention packages. Base salary alone no longer captures the full compensation picture.

Decipher Files · May-July 2023

Decipher Files: The MOVEit Cl0p Ransomware Cascade and What Cybersecurity Teams Should Have Drilled Beforehand

Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to steal data from approximately 2,500 organizations through a single managed-file-transfer dependency. The breach is the canonical case study for third-party software risk and for how a cybersecurity team should structure detection of zero-day SQL-injection in any managed-file-transfer product, not just MOVEit.

Decipher Files · February-November 2024

Decipher Files: The Change Healthcare ALPHV/BlackCat Breach and the Concentration Risk No US Hospital Could Diversify Away From

ALPHV/BlackCat encrypted Change Healthcare's claims-processing infrastructure on February 21, 2024, halting prescription processing, claims adjudication, and provider payments across roughly one-third of US healthcare. UnitedHealth Group (the parent) eventually disclosed approximately 100 million affected individuals, the largest healthcare breach in US history at the time of disclosure.

Decipher Files · April-July 2024

Decipher Files: The Snowflake Credential-Stuffing Campaign and Why MFA-Optional Was the Real Vulnerability

ShinyHunters and affiliated actors exfiltrated data from approximately 165 Snowflake customer tenants by reusing credentials harvested from prior infostealer-malware infections against accounts that had MFA disabled. The campaign disclosed AT&T, Ticketmaster, Santander, Advance Auto Parts, LendingTree, Neiman Marcus, and at least 159 others. The cybersecurity lesson is structural: a SaaS platform that defaults MFA to opt-in inherits the entire credential-hygiene state of every customer it serves.

Decipher Files · November 2023-April 2024

Decipher Files: Microsoft, Midnight Blizzard, and the Test Tenant That Became a Pivot Point

APT29 (Russian Foreign Intelligence Service, tracked by Microsoft as Midnight Blizzard) compromised a Microsoft non-production legacy tenant in November 2023 via password spray against an account without MFA, then leveraged a test OAuth application to access Microsoft corporate email accounts. The case study exists primarily because Microsoft published the post-mortem with unusual transparency, making it the cleanest available worked example of how a low-value initial foothold turns into senior-leadership email access through misconfigured cross-tenant trust.

Decipher Files · March-July 2024

Decipher Files: AT&T's 2024 Dual-Disclosure Year and What Telecom Cybersecurity Looks Like at the Aggregation Layer

AT&T disclosed two distinct cybersecurity incidents in 2024 within four months of each other. The March 2024 disclosure covered approximately 73 million current and former customer records released on the dark web in March 2024 and traced back to data that had been exfiltrated as early as 2019. The July 2024 disclosure covered approximately 109 million wireless customers' call and text metadata exfiltrated from a Snowflake-hosted database in April 2024. The pair is the canonical 2024 case study for how telecom carriers aggregate sensitive metadata at a scale and concentration that the rest of the cybersecurity industry has not yet adapted to defend.

Decipher Files · August 2022-March 2023

Decipher Files: LastPass and the 2022 Vault Leak That Tested What Encrypted Means

LastPass disclosed two separate intrusions across August and December 2022. The second exfiltrated encrypted customer vaults plus unencrypted metadata. Subsequent crypto-currency theft losses traced back to the leaked vaults exceeded $35 million by early 2024. The case study is canonical for how user-facing encryption only works when the iteration count, the password strength, and the metadata exposure are all defended together.

Decipher Files · May-July 2023

Decipher Files: Storm-0558 and the Microsoft Signing Key That Forged 25 Email Tenants

Storm-0558 (Chinese state-aligned, tracked by Microsoft) used a stolen Microsoft consumer signing key to forge Azure AD authentication tokens against approximately 25 Microsoft 365 customer email tenants, including the US Department of State and Department of Commerce. The Cyber Safety Review Board's 2024 report on the incident is the definitive public account of how a single key compromise cascaded into cross-tenant access through a flaw in Microsoft's identity validation.

Decipher Files · September 2023

Decipher Files: MGM Resorts and the Vishing Call That Stopped a $7 Billion Casino

ALPHV/BlackCat affiliate Scattered Spider used a 10-minute vishing call against MGM Resorts' IT help desk to obtain credentials for a privileged Okta account, then encrypted the casino operator's infrastructure. The shutdown lasted 10 days, cost MGM approximately $100 million in direct revenue, and produced the canonical 2023 case study for help-desk security controls.

Decipher Files · September-November 2023

Decipher Files: Okta's Support-System Breach and the Vendor of Vendors Blast Radius

Okta disclosed in October 2023 that an attacker had used a stolen credential to access its customer support case-management system, then read HAR files uploaded by customers that contained valid session tokens for those customers' Okta tenants. The downstream blast radius reached BeyondTrust, 1Password, Cloudflare, and at least one unnamed Okta customer. The case is the canonical worked example of how an identity-provider's customer-facing operational systems carry the same trust weight as the identity-provider's authentication infrastructure.

Decipher Files · May 2023-Present

Decipher Files: Volt Typhoon and the State Actor That Was Already Inside

CISA, NSA, FBI, and Five Eyes partners disclosed in May 2023 (and re-disclosed with materially expanded scope in February 2024) that the People's Republic of China state-sponsored cyber actor tracked as Volt Typhoon had been pre-positioned in US critical infrastructure for at least five years. The campaign is structurally distinct from financially-motivated cybersecurity incidents: the operational objective was not data exfiltration or ransom but rather the establishment of disruptive capability against US critical infrastructure for use during a future geopolitical contingency.

Decipher Files · September 2019-December 2020

Decipher Files: SolarWinds Sunburst and the Build-System Compromise That Reframed Supply Chain Security

APT29 (Russian SVR-aligned, tracked as Cozy Bear / NOBELIUM) compromised SolarWinds's Orion build system and shipped malicious updates to roughly 18,000 customer organizations. The campaign reset the cybersecurity industry's understanding of what a supply-chain attack looks like and motivated NIST SP 800-218, CISA's Secure-by-Design pledge, and the SBOM movement.

Decipher Files · Disclosed October 2024-Present

Decipher Files: Salt Typhoon and the Telecom Backbone Compromise the US Government Said Was the Worst in History

PRC state-sponsored actor Salt Typhoon (also tracked as Earth Estries, GhostEmperor) compromised at least nine major US telecommunications carriers including AT&T, Verizon, T-Mobile, Lumen, and Charter, accessing wiretap-court-order metadata, call records, and in some cases real-time call audio for senior US officials including President-elect Donald Trump and Vice-President-elect JD Vance. Senate Intelligence Committee Chairman Mark Warner described the campaign in November 2024 as 'the worst telecom hack in our nation's history.'

Decipher Files · 2021-March 2024

Decipher Files: The xz-utils Backdoor and the Three-Year Social-Engineering Campaign That Almost Compromised Half the Internet

A multi-year social-engineering campaign by an actor operating as 'Jia Tan' (jiatXX-aliased GitHub identities) inserted a sophisticated backdoor (CVE-2024-3094) into xz-utils, a foundational Linux compression library. Microsoft engineer Andres Freund discovered the backdoor on March 29, 2024 by chance while investigating a 500ms SSH login slowdown. The near-miss is the canonical 2024 case study for how patient adversaries weaponize open-source maintainer trust.

Decipher Files · February-June 2024

Decipher Files: Polyfill.io and the JavaScript Supply Chain Compromise That Reached 100,000 Sites

A Chinese-owned domain operator acquired polyfill.io in February 2024 and silently injected malicious JavaScript into the polyfill.js script, which approximately 100,000 websites loaded directly into their pages. Sansec disclosed the compromise on June 25, 2024, and within 48 hours Cloudflare, Google Search, and Namecheap had blocked the domain. The case is the canonical 2024 worked example of how a third-party-script supply chain becomes a content-injection attack at scale.

Decipher Files · February 2024-Present

Decipher Files: ConnectWise ScreenConnect and How an Authentication Bypass Cascaded Through MSP Customers

ConnectWise disclosed two critical vulnerabilities in ScreenConnect (CVE-2024-1709 authentication bypass, CVSS 10.0; CVE-2024-1708 path traversal, CVSS 8.4) on February 19, 2024. Within 24 hours of disclosure, multiple ransomware groups (Black Basta, BlackCat, LockBit) began mass-exploitation against unpatched ScreenConnect instances, cascading attacks through Managed Service Provider customers. The case is the canonical worked example of how Remote Monitoring and Management software amplifies the blast radius of a single CVE across hundreds of downstream small-business victims.

Decipher Files · July 19, 2024

Decipher Files: CrowdStrike Falcon and the Kernel-Mode Update That Bricked 8.5 Million Windows Machines on a Single Friday

On July 19, 2024 at 04:09 UTC CrowdStrike pushed a Falcon Sensor channel-file update that triggered a kernel-mode null-pointer dereference on Windows hosts running the affected sensor version. The result was a worldwide BSOD-and-reboot loop. Microsoft estimated 8.5 million Windows devices affected. The outage grounded over 5,000 commercial flights, halted hospital systems including emergency departments, and made the case the canonical worked example of vendor-stability risk in the EDR and kernel-driver class.

Decipher Files · April 2024-August 2024 (disclosure August 2024)

Decipher Files: National Public Data and the 2.9 Billion-Record Background-Check Database Leak That Reframed Data-Broker Risk

On August 6, 2024, a class-action complaint disclosed that data-broker Jerico Pictures Inc. doing business as National Public Data had been the source of a 2.9 billion-record dataset containing Social Security Numbers, names, addresses, and date-of-birth fields. The dataset, posted on the dark-web forum BreachForums in April 2024, covered most US adults and a substantial number of UK and Canadian residents. The case is the canonical worked example of the systemic risk concentrated in unregulated data brokers.

Decipher Files · June 19, 2024-July 4, 2024

Decipher Files: CDK Global and the Ransomware Attack That Took 15,000 US Auto Dealers Offline for Three Weeks

On June 19, 2024, automotive dealer-management-software vendor CDK Global was hit with ransomware that took its dealer-management platform offline. Approximately 15,000 US and Canadian auto dealerships rely on CDK for sales, service, parts, and financing operations. The outage extended through early July, costing the automotive retail industry an estimated $1.02 billion in lost revenue per Anderson Economic Group analysis. CDK reportedly paid approximately $25 million in ransom to BlackSuit, an established ransomware affiliate.

Decipher Files · October 9, 2024-October 21, 2024

Decipher Files: Internet Archive and the 31-Million-User Credential Breach That Tested What Public-Interest Service Security Means

On October 9, 2024, attackers compromised the Internet Archive's user-authentication database containing approximately 31 million email and bcrypt-hashed-password records. The same threat actor defaced the Internet Archive's front page with a JavaScript notification announcing the breach. The Internet Archive subsequently faced multi-day distributed denial of service attacks. The case is the canonical worked example of cybersecurity-program adequacy at a public-interest, donation-funded service.

Decipher Files · May 8, 2024-June 2024

Decipher Files: Ascension Health and the May 2024 Ransomware That Stopped Care Delivery Across 140 Hospitals

On May 8, 2024, Ascension Health, one of the largest US nonprofit hospital systems, disclosed a ransomware incident that took its electronic-health-record systems and clinical-decision-support tools offline across approximately 140 hospitals in 19 states. Care was diverted to manual paper processes for weeks. Black Basta ransomware affiliate took credit. The case is the canonical worked example of clinical-care risk from healthcare-cybersecurity failure and pairs with the Change Healthcare incident as the dominant 2024 healthcare-cybersecurity reference.