Lessons Learned in Cybersecurity in 2024 – to Help Build a Better 2025

Introduction

As we wrap up another year, what lessons have we learned in Cybersecurity that will help us build a better 2025?

One thing is certain, we saw progress in 2024. But, this is on both sides of the fence. While technological advancements delivered better cybertools, cybercriminals also grew more sophisticated and reminded us that cybercrime is a Booming Business (roughly 1.5 Trillion in revenue). High-profile breaches like the CDK and Change Healthcare attacks brought entire industries to a stand-still. According to experts, we will see more attempts at this kind of total disruption, not just one-off cyber attacks.

2024 was a year of transformation – both good and bad. With growing threats and sophisticated attack methods, we also saw the push for modernized defense systems, strategies, as well as tightened regulations. The year opened eyes to the persistence of attackers and the inability of legacy defense systems to keep up with modern attack methods. Government and big players like Microsoft are now putting pressure on organizations to adapt to stronger, modern security, such as phishing-resistant Multi-Factor Authentication (MFA). The rise in cyber threat also means demands on and requirements from cyber insurance providers. Big challenges have also brought valuable lessons and breakthroughs that we hope will spark positive change in cybersecurity.

Key Cybersecurity Shifts of 2024

From Security to Resilience

This past year marked a shift in how businesses are approaching cybersecurity. Traditional strategies have focused on building defenses to prevent breaches. However, the increasing complexity and frequency of cyber attacks have shown us the limitations of a prevention-only approach. In 2024, organizations embraced resilience as a critical priority – not only anticipating and withstanding attacks but also recovering more quickly and learning from each incident.

The World Economic Forum defines cyber resilience as an organization’s ability to maintain its core functions during and after a cyber incident. This proactive mindset reflects the recognition that breaches are inevitable and that businesses must adopt a more comprehensive risk management approach.

Cyber resilience is built on five key pillars:

• Preparedness: Planning and training to ensure systems and teams are ready for potential threats.
• Detection: Rapidly identifying malicious activity before it causes irrevocable damage.
• Response: Implementing effective measures to mitigate the impact of a cyber-incident.
• Recovery: Quickly restoring systems and operations to minimize disruption.
• Adaptation: Learning from each attack to refine strategies and strengthen future defenses.

This shift has helped spark stricter standards and regulations like the Digital Operational Resilience Act (DORA) and the NIS2 Directive*, which placed resilience at the heart of compliance for businesses in critical and regulated sectors. *Both of these, like GDPR, will affect US companies doing business with EU organizations.

In the News – the Impact of Downtime due to Cyberattack 

Ransomware attacks in 2024 highlighted weaknesses in our supply chains and business continuity. Ransomware attackers are now targeting service providers and supply chain networks. A cyberattack on Ahold Delhaize, for example, the parent company of US supermarket chains such as Stop & Shop, Hannaford, Food Lion, and Giant Food, disrupted services across its network in November, impacting more than 2,000 stores. For several days, customers had issues with online grocery delivery, offline websites, and limited pharmacy services.

Disruptions such as these can be crippling. Businesses are increasingly seeing the need to Improve business continuity strategies to include modern segmentation tools to help minimize operational disruption. When one part of the supply chain is disrupted, it can negatively impact any or all other parts

The CrowdStrike outage in July also illustrates the impact of downtime.The company released a faulty software update which affected approximately 8.5 million devices that were running the Windows operating system. The glitch triggered widespread system crashes that resulted in multiple disruptions, particularly in the travel industry. Delta Air Lines was forced to cancel thousands of flights due to system disruptions. 

Critical Infrastructure: a Growing Target

Attacks on critical infrastructure reached new heights in 2024. In September, the Cybersecurity and Infrastructure Security Agency (CISA) issued a notice that government-run water systems were at risk of attack by nation-states after officials reported a cybersecurity issue at a facility in Arkansas City, Kansas, which was forced to switch to manual operations while the situation was resolved.

Experts say that attackers are moving their sites from better-protected facilities, to more vulnerable systems that, once breached, can lead to widespread access and disruption.

One of the most important and challenges with critical infrastructure is that they tend to rely on legacy infrastructure and old security measures, which have been proven vulnerable in the face of modern attack methods. Threat detection is also difficult when there is a lack of visibility into connected devices. Once again, this points to the critical need to modernize systems. While the task may seem daunting, the cost of staying behind may be colossal. 

Telecoms are also being targeted. In recent news, cyber-espionage group Salt Typhoon has infiltrated telecommunications networks in multiple countries – eight in the US alone, according to FBI officials. This is potentially dangerous because if one company is compromised, sensitive government communications could also be at risk.

It’s Mostly About Human Error

According to The 2024 Verizon DBIR, 68% of breaches involved a non-malicious human element, such as falling victim to a social engineering attack or making an error. Social engineering tactics became exponentially sophisticated in 2024. AI-generated phishing emails and voice phishing (vishing) attacks are increasingly difficult to distinguish from legitimate communication. Using advanced AI technology, attackers can create convincing fake voices that mimic trusted individuals, making vishing a popular tool for obtaining sensitive information, such as usernames and passwords. 

It is clear that ongoing employee training is critical, but this also highlights the necessity to employ modern cybersecurity technology that reduces risk of human error. We can mitigate risk by eliminating the number one threat vector (the password). Passwordless, phishing-resistant MFA is the future for digital access, and will not only remove any “knowledge factor” but also dramatically improve the user experience by removing steps. 

You can’t Phish what isn’t there.

Top CyberTips: Lessons Learned – And How We Can Do Better in 2025

There is no doubt that 2024 has been a pivotal point for cybersecurity for the enterprise. The hope is that the lessons we’ve learned will stick and improve how well organizations view and manage cybersecurity. From adapting to evolving threats to embracing stronger cutting-edge technologies, the potential for positive change is clear. As we step into the New Year, a few lessons to consider. 

1. Prioritize Passwordless Security
   • Mistake: Employing outdated MFA that relies on a password, a shareable secret, or “something you know.”
   • Lesson: Adopt passwordless, phishing-resistant authentication to counter evolving threats like Adversary in the Middle (AiTM) and Phishing as a Service (PhaaS) attacks.
2. Stay Proactive, Not Reactive
   • Mistake: Reacting to breaches rather than preventing them.
   • Lesson: Invest in predictive threat intelligence and adaptive security measures.
3. Improve Security Awareness
   • Mistake: Neglecting user education, widening the doors to user error.
   • Lesson: Foster a security-first culture with ongoing training on emerging threats.
4. Integrate and Simplify Systems
   • Mistake: Maintaining siloed authentication platforms or Legacy MFA that adds steps and therefore friction.
   • Lesson: Use unified solutions like TraitWare to streamline access and reduce complexity. Reducing complexity from enrollment to login increases the likelihood of the adoption of strong security measures like MFA.
5. Adapt to Hybrid and Remote Work
   • Mistake: Overlooking offline access needs.
   • Lesson: Ensure secure authentication options that support both online and offline environments. 
6. Compliance as a Business Imperative: 
   • Mistake: Ignoring Regulatory Requirements
   • Lesson: The evolving regulatory landscape in 2024 reinforced that compliance is no longer just a legal obligation but a strategic priority. Stricter frameworks like the NIS2 Directive, the FTC Safeguards Rule, DORA, and updated privacy laws pushed organizations to enhance their security measures. Businesses that embraced compliance as an opportunity to strengthen their overall security posture reaped benefits in customer trust, operational efficiency, and competitive advantage. 

BONUS: Compliance will also cut costs in the end – not only likely preventing significant damage due to a breach, but also reducing IT support costs and lowering insurance premiums.

If you’d like to learn more about how Phishing-Resistant Passwordless MFA can work to simplify and secure your enterprise, please don’t hesitate to get in touch.

With that, here’s wishing you a wonderful 2025!