The Exploration of the Internet Danger Scene: Valuable Insights & What Lies Ahead
During the year 2024, the realm of cybersecurity was characterized by unparalleled hurdles, significant breaches, and evolving regulatory demands that fundamentally transformed the approach of organizations towards safeguarding data.
From extraordinary episodes to stringent novel laws, the year disseminated vital awareness about cybersecurity. It underscored critical priorities for fortifying organizational defenses in an increasingly intricate digital environment. The rising complexity of cyber perils and the broadening vulnerable points resulting from digital transformation undertakings posed unparalleled trials for organizations in all sectors.
Unprecedented breaches shape the year
In 2024, there were numerous catastrophic cyber incidents that highlighted the increasing complexity of threats:
- The year commenced with the enduring repercussions of the MOVEit supply chain breach, impacting over 2,600 organizations and revealing 77 million records. This incident underscored the cascading impacts of vulnerabilities in the supply chain of an interconnected digital realm and triggered a revived emphasis on managing risks from third parties across various sectors.
- The National Public Data breach was exceptionally severe, compromising 2.9 billion records and affecting 1.3 million individuals. The unprecedented scale of this breach sent tremors through the cybersecurity community, prompting many organizations to reassess their strategies for safeguarding data.
- The healthcare industry confronted a significant crisis with the Change Healthcare breach, impacting 110 million Americans and bringing to light the crucial importance of robust measures for safeguarding sensitive medical data. The breach laid bare vulnerabilities in healthcare systems, leading to widespread disturbances in patient care and medical billing operations.
- AT&T encountered cyber incidents exposing 110 million customer records, resulting in approximately $19.69 billion in financial losses. These incidents exemplified the severe repercussions of inadequate cybersecurity practices and their enduring effects on customer trust and the financial well-being of companies. The breaches triggered extensive regulatory scrutiny and calls for heightened security standards in the telecommunications sector.
The financial impact of data breaches continued to surge significantly, with the global average cost reaching $4.88 million — a 10% escalation from 2023. Additionally, 60% of organizations reported spending over $2 million annually solely on legal costs related to data breaches.
These rising costs can be attributed to various factors, including the increasing sophistication of cyber threats, the expanding vulnerable points resulting from remote work setups, and the mounting regulatory repercussions. Companies also encountered substantial indirect expenses, like tarnished reputation, missed business prospects, and diminished customer trust.
SEE: US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack
Proliferation of tools and third-party vulnerabilities as critical issues
The year also unraveled notable vulnerabilities stemming from intricate technological settings and external associations.
Organizations employing seven or more communication tools encountered 3.55 times more breaches than the average, highlighting the risks associated with tool proliferation. Despite facilitating enhanced collaboration and productivity, the surge in communication platforms brought forth new vulnerabilities that cybersecurity professionals grappled with. The challenge of maintaining uniform security measures across various platforms emerged as a pivotal focus for security teams.
The risk scenario was further complicated by companies’ growing dependence on external collaborators, with 66% of firms sharing sensitive content with over 1,000 third parties. This reliance contributed to a 68% surge in software supply chain attacks targeting file transfer systems.
The hurdles of monitoring and overseeing external content sharing emphasized the necessity for comprehensive strategies for safeguarding data that transcend organizational boundaries. Many companies introduced fresh programs for managing vendor risks and strengthened their procedures for assessing the security of third-party entities in response to these challenges.
Complexity of Regulations expands
2024 witnessed significant regulatory advancements that reshaped the landscape of data privacy.
The implementation of the NIS 2 Directive instated personal accountability for violations related to cybersecurity compliance in the European Union, raising the stakes for executives and boards. This shift towards individual liability emphasized the imperative of top-level commitment to data protection and the integration of cybersecurity perspectives into the overarching business strategy. Companies scrambled to revise their governance structures and regulatory frameworks to address these fresh demands.
In the U.S., several states passed comprehensive privacy regulations, creating a convoluted network of requirements for companies to navigate. This expansion in regulatory mandates led to considerable financial ramifications, with fines from GDPR and HIPAA enforcement collectively amounting to $5.6 billion and $5.3 billion, respectively.
The intricate regulatory backdrop particularly impacted organizations in North America, with 63% identifying state privacy laws as a chief concern, underscoring the necessity for consistent and harmonized regulations for data protection. Many companies made substantial investments in systems for managing compliance and enhancements to privacy initiatives to address these evolving requirements.
SEE: Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others
Emergent perils and challenges specific to industries
The proliferation of artificial intelligence and machine learning brought forth fresh security predicaments, with 50% of companies in North America pointing to AI/GenAI data exposure as a primary apprehension. While offering vast potential for innovation, these budding technologies necessitated companies to devise fresh approaches for addressing distinct security dilemmas. Theswift embrace of AI tools led to worries regarding data confidentiality, model protection, and the likelihood of AI-driven cyber threats.
Cloud security surfaced as another crucial hurdle, with cloud-based system breaches spiking by 75% annually, with 33% of breaches linked to setup errors. The debate between exclusive versus shared cloud hosting gained prominence as companies searched for more secure cloud implementation alternatives. Security teams concentrated on integrating advanced cloud security posture management solutions and enhancing their cloud security frameworks.
The threat environment underwent significant changes, with non-malicious attacks accounting for 75% of identified incidents while ransom payments surged by 500% to hit an average of $2 million. Leveraging an AI-fueled algorithm, we evaluated various business sectors from 2018 to 2024, with the hospitality, retail, and manufacturing sectors obtaining the highest risk evaluations for the initial half of 2024. The education and research sector faced the most frequent attacks at 3,086 per week — displaying a 37% annual rise. This underscored the necessity for elevated security protocols in educational institutions.
The federal government encountered substantial third-party vulnerabilities, with 28% of agencies sharing data with over 5,000 counterparts. Conversely, the financial services industry consistently outperformed all sectors in risk evaluations. To address these sector-specific challenges, targeted security frameworks and industry-specific best practices were introduced.
SEE: Leading CSPM Tools 2024: Top Cloud Security Solutions Compared
Heading into the future: constructing cyber robustness
Multiple key focuses have surfaced as organizations aim to bolster their cybersecurity stance. The adoption of zero-trust strategies has become essential, yet 45% of entities still find it challenging to realize zero trust with content protection. Comprehensive data safeguarding strategies, encompassing end-to-end encryption, data loss prevention tools, and robust entry management practices, have become imperative.
The learnings from 2024 stress the necessity for preemptive, adaptable, and holistic approaches to data defense and hazard management. We delved deeper into these aspects in our “2025 Outlook for Managing Private Content Exposure Risk Report.” Prevailing in the changing threat scenery mandates organizations to welcome continuous enhancement, invest in resilient cybersecurity measures, and nurture inter-sector collaborations.
With the advent of 2025, safeguarding sensitive data and preserving customer confidence are not merely vital business requirements but fundamental duties in the digital era.
Tim Freestone, the chief strategy officer at Kiteworks, is a senior executive with over 17 years of experience in marketing leadership, brand strategy, and process and organizational streamlining. Since his appointment at Kiteworks in 2021, he has been instrumental in shaping the global landscape of content supervision, compliance, and safeguarding.
About Author
