It's all too clear that the cybersecurity community, once more, is facing elevated challenges as well as opportunities.
The world's reliance on interconnected digital infrastructure continues to deepen, even as the threats facing it grow in sophistication and scope.
The way forward is complex and dynamic -- and fraught with potential pitfalls. As 2024 draws to a close, we're excited to bring you a four-part series, featuring reflections and predictions from leading cybersecurity experts. Each column over the next few days will focus on a distinct theme that encapsulates the core challenges and notable advances in cybersecurity.
In this first of four installments, participating experts reflect on the headline-grabbing incidents of 2024 - and pontificate on the implications for resilience moving into the new year.
Saša Zdjelar, Chief Trust Officer, ReversingLabs
Software supply chain attacks represent a critical threat, but until 2024, the focus was on open-source vulnerabilities. Following breaches at Sisense, JetBrains, Microsoft Exchange, Okta, and CrowdStrike, the focus has shifted to commercial software. Commercial off-the-shelf (COTS) and cloud-based solutions underpin modern enterprises. With threats targeting these systems escalating, enterprises must implement rigorous independent testing and verification -- pre-deployment and for any software updates.
Joe Silva, CEO, Spektion
Reflecting on attacks in 2024, many organizations lacked visibility into their third-party software leaving themselves open to exploitation. Until organizations can shift software risk management left -- beyond reactive patching -- they will remain. Software sprawl continues to expand the attack surface. Without governance and rationalization of their software inventory, organizations will struggle to manage risk effectively, perpetuating a cycle of reactive defenses against an ever-growing threat landscape.
In 2024, the convergence of nation-state APTs and cybercriminals raised global alarms. Revelations linked Chinese intelligence to contractors, Russian GRU officers to data destruction, and Iranian APTs to cybercrime collaboration. Despite Russia's selective crackdowns on ransomware groups, this trend poses escalating risks. If the U.S. treats ransomware as state-sponsored terrorism, countermeasures could become far more aggressive, reshaping the fight against cyber threats.
Justin Endres, CRO, Seclore
The Microsoft-CrowdStrike outage underscores the dangers of uniform digital infrastructure. A lack of diversity amplifies systemic flaws, creating single points of failure. Organizations relying on single-source OS, EDR, or cloud providers risk widespread disruption. Just as with supply chains, homogeneity in ecosystems breeds fragility. Building diverse systems is crucial to reducing risks and preventing potentially catastrophic consequences from future vulnerabilities.
Katie Paxton Fear, Security Researcher, Traceable AI
In 2024, API-powered infrastructure faced increasing attacks, often targeting APIs unknowingly exposed by organizations. These subtle, targeted attacks exploit APIs enabled by default. Defenders must prioritize full API visibility, regularly check for new deployments, and critically evaluate API security tools, including AI integrations. A conservative approach focusing on proven solutions over untested technologies is key to mitigating these evolving threats
Jeremy Ventura, Field CISO, Myriad360
Cybersecurity incidents in 2024 highlighted the rising threat of third-party supply chain attacks, emphasizing the need for vendor visibility and risk assessments. Organizations must monitor vendor activity, enforce strong security contracts, and conduct table-top exercises to test incident response plans. As digital ecosystems grow more complex, proactive supply chain risk management is critical to mitigating breaches and protecting sensitive data.
Identity-based attacks in 2024, like those on Microsoft and Snowflake, are prompting insurers to intensify scrutiny in 2025. Questions will shift from basic MFA implementation to deeper assessments of least privilege, lateral movement prevention, and real-time identity protection. Rising cyber insurance costs will drive organizations to adopt stronger security measures, linking better practices to lower premiums and fostering a proactive approach to identity and risk management.
Caleb Mills, Chief Customer Officer, Mission Cloud
When a widely used security tool faced unexpected issues and impacted numerous organizations, those that stayed ahead did so by leaning on real-time detection tools and agile response strategies. Clear communication is paramount; collaboration with security providers is essential. Cybersecurity incidents can quickly ripple through the entire business. Building a strong culture of security and preparedness helps organizations respond quickly and effectively, keeping operations steady when disruptions happen.
Tim Wade, Deputy CTO, Vectra AI
Attackers continue to leverage AI to streamline attacks, lowering their own operational costs and increasing their net efficacy. The attackers skillfully leveraging AI are better able predict defensive measures and exploit weaknesses. Defensive teams must understand how to integrate AI into the full range of people, process and technology to stop attackers sooner, with more precision and with broad coverage.
Bojan Simic, CEO, HYPR
The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. The growing sophistication of cyber threats demands robust identity assurance solutions that include multifactor authentication, risk monitoring and adaptive verification - collectively forming multi-factor verification (MFV.)
Patrick Spencer, VP of Marketing and Research, Kiteworks
Reflecting on 2024, supply chain breaches, like the MOVEit attack and the National Public Data breach, and the massive scale of data exposures, as seen in cases like AT&T's breach affecting over 180 million customer records, highlights the need for integrated systems to consolidate communication, streamline oversight and reduce vulnerabilities. These events point to an increased reliance on AI-driven threat detection and automated compliance tools.
Josh Lemon, Director, Managed Detection and Response, Uptycs
Attackers now exploit software vulnerabilities in rapid deployments to gain early access and persistence, while evading EDR tools and shifting to overlooked targets like firewalls and VPNs. MFA attacks, leveraging phishing and session hijacking, are set to rise. Nation-states will escalate supply chain disruptions, prioritizing political objectives. Organizations must adapt with proactive, multi-layered defenses to navigate an era of increasingly complex and politically charged cyber threats.
Rakesh Shah, VP of Product Management, LevelBlue
The introduction of AI in 2024 sparked excitement but overinflated expectations. In cybersecurity, AI struggles to fully adapt to complex threats, remaining reliant on traditional tools and human oversight. In 2025, as customers notice the gap between AI promises and delivery, security teams will refocus on fundamentals. AI will enhance outcomes, but people and processes will remain pivotal in addressing escalating cyber threats.
Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata
The attack on American Water, the largest U.S. water utility, highlights the escalating threat to critical infrastructure. Such incidents disrupt essential services, causing economic damage and public safety risks. Prioritizing cybersecurity, particularly in supply chain and third-party systems, is imperative. A holistic approach, combining robust measures, public awareness, and government-private collaboration, is vital to mitigate risks and protect public safety against evolving cyber threats.
Camellia Chan, CEO, Flexxon
The 2024 CrowdStrike outage was a wake-up call, exposing the risks of overreliance on software-based cybersecurity. It underscored the need to decouple security from operations by embedding hardware-based protections that operate independently of software. This hybrid approach ensures resilience through layered defenses, safeguarding continuity even amid disruptions. The lesson is clear: diversification and strategic separation are key to true cyber resilience.
Eric Schwake, Director of Cybersecurity Strategy, Salt Security
The Dell API breach and other 2024 incidents show APIs as prime targets. APIs need comprehensive security strategies: full visibility into all APIs, strong posture governance, continuous monitoring using AI/ML, and leveraging API security platforms for IT system enrichment. Proactive defenses reduce vulnerabilities, improve compliance, and protect assets. By securing APIs throughout their lifecycle, organizations strengthen resilience against evolving threats.
Karsten Chearis, US Security Sales Engineer - Team Lead, XM Cyber
Cybersecurity incidents in 2024 highlighted the need for resiliency and streamlined operations to avoid tool fatigue. Attackers see one attack surface, so security teams must adopt integrated platforms. Leveraging CTEM frameworks with EDR and SIEM tools allows CISOs to map attack paths, detect threats, and reduce fatigue. Integrated solutions improve efficiency, demonstrate ROI, simplify budget requests, and minimize unnecessary spending while enhancing overall defense capabilities.
Agnidipta Sarkar, CxO Advisor, ColorTokens
In 2024, zero-day exploits targeted browsers, OSs, and network devices, exposing gaps in patch management. Ransomware groups like AlphV, LockBit, and BlackCat used advanced tactics, while misconfigured cloud storage and unsecured data led to major breaches. Many businesses were forced to shut down operations post-attack. As a result, sectors like healthcare and energy are adopting breach-ready defenses, emphasizing microsegmentation to contain impacts and ensure resilience.
Jake Williams, faculty, IANS Research; VP of R&D, Hunter Strategy
In 2025, nation-state actors will increasingly target network devices like routers and firewalls, exploiting the lack of endpoint detection and response (EDR) software on these devices. Many organizations lack the tools and expertise to detect such threats, creating a significant blind spot. This gap enables attackers to gain network access, disrupt operations, or exploit lawful intercept capabilities, as seen with Salt Typhoon in 2024 -- a precursor to future threats.
Ajay Amlani, President & Head of the Americas, iProov
Remember KnowBe4's 2024 deepfake hiring scam? In 2025, a larger operation will weaponize synthetic identities, using deepfakes and fake credentials to create convincing personas. These will bypass security, infiltrate payroll systems, steal data, and disrupt operations. This crisis, exploiting remote onboarding vulnerabilities, will force organizations to overhaul identity verification and cybersecurity, underscoring the escalating threat of sophisticated synthetic identity schemes.