The year 2024 was full of cybersecurity news. It was a year of data breaches, ransomware, the rise of quantum computing, and much more. The only constant was change.
As ransomware continued to wreak havoc, according to Security Intelligence, ransomware payments reached record highs in 2024, with victims paying approximately $459.8 million in the first half of the year. The largest single ransom payment disclosed was $75 million to the Dark Angels ransomware group by an undisclosed Fortune 50 company.
There was the increasing adoption of zero trust in 2024 and the continued explosive growth of IoT devices. According to IoT Analytics, as of 2024, the number of connected Internet of Things (IoT) devices worldwide is estimated to be approximately 18.8 billion, marking a 13 percent increase from 16.6 billion in 2023. This growth is expected to continue, with projections indicating that the number of IoT devices will reach around 40 billion by 2030.
Major data breaches hit everything from healthcare giants to Krispy Kreme and nearly everything in between.
Some cybersecurity highlights of 2024
We checked in with five cybersecurity experts to hear their thoughts on the most memorable moments of 2024. Here are their insights on the year’s key cybersecurity events:
Simon Wijckmans, CEO of c/side: The biggest issue of 2024 was browser-side supply chain attacks. Vulnerable third-party website scripts, used for everything from payment portals to analytics to chatbots, became a major cybersecurity story. The mid-year, high-profile Polyfill attack affected half a million websites. It demonstrated just how big of a deal unmonitored third-party scripts have become. The scope of these attacks ranged from redirecting users to malicious sites to capturing sensitive payment information.
“For managed service providers (MSPs), these attacks represent a new frontier of security concerns. They must now protect their clients not just from traditional network threats but also from compromised third-party scripts that could breach multiple clients simultaneously,” Wijckman explains. He adds that with PCI DSS v4.0.1 requirements coming into effect in March 2025, the pressure is mounting for organizations. They must have sufficient monitoring and detection strategies for third-party scripts, particularly on payment pages.
Joe Robinson, Communications Coordinator at QR Code Developer: “The most alarming thing I heard this year was that bad actors can now use AI to clone a person’s voice from just three seconds of audio,” Robinson says, adding that It’s worrying to put this into the context of imposter scams, which have increased rapidly over the past few years. “The elderly are at especially high risk from sophisticated distressed grandchild scams using what appears to be their relative’s actual voice, and I’m sure we’ll start hearing about whale phishing using these techniques.”
Experts reflect on key moments and emerging threats
Denis Vyazovoy, Chief Product Officer at AdGuard VPN: “Some may have forgotten, as it happened back in January, but hackers stole 26 billion records in the largest data breach — not just of 2024, but of all time — known as the “Mother of All Breaches”. Its impact will resonate for years to come, especially considering the advent of quantum computing and its potential to facilitate data decryption in the future.”
Tom Leahy, SVP, Sales and Marketing at SureShield: The Change Healthcare data breach was one of the most significant cybersecurity incidents. Its scale and impact affected millions of individuals and their sensitive information. The breach led to the sending of approximately 100 million individual notices. This exposed the personal and medical records of a large number of Americans. The group responsible is BlackCat/ALPHV. They infiltrated Change Healthcare’s network and operated for 9 days, navigating to exfiltrate data. Then, they deployed ransomware to encrypt files, causing further damage to the network.
AJ Thompson, CCO Northdoor: The biggest cybersecurity story of 2024 is the continued escalation of data breach costs. This trend is highlighted in the IBM 2024 Cost of a Data Breach Report. The global average data breach cost has reached $4.88 million. This marks a staggering 10 percent surge, the largest increase since the pandemic. Critically, 35 percent of these breaches involve shadow data, and public cloud breaches now top the cost chart at $5.17 million. This alarming trend underscores the growing complexity of cyber risks. Organizations must address these with enhanced cybersecurity measures and heightened awareness.”
Wrapping up 2024
As 2024 comes to an end, cybersecurity saw record ransomware payments and the rise of zero trust. The year also witnessed the explosive growth of IoT devices. MSPs faced increasing threats, with major data breaches affecting industries from healthcare to retail. The landscape is rapidly evolving, presenting both challenges and opportunities for managed service providers.
Photo: jamesteohart / Shutterstock