Skip to main content
IT Operations

Security experts share their biggest lessons from 2024

Experts tell IT Brew what went wrong in 2024 and what they learned from it.
article cover

михаил руденко/Getty Images

5 min read

This was a year of consequences in cybersecurity—CrowdStrike’s blue screen fiasco, surging cyberattack costs, an increasingly concentrated threat surface leading to vendor risk, and the continuing scourge of ransomware.

IT Brew asked security pros what the biggest lessons they learned in 2024 were. Here’s what they said.

These interviews were conducted via email.

AI is compounding problems

Generative AI is making it easier for attackers by eliminating obstacles like language barriers and allowing mass generation of more convincing lures, as well as giving them new tools in social engineering scams. A recent ESAF survey of 100 Fortune 1000 CISOs, for example, found 72% had seen GenAI used against their companies.

“AI has redefined the cybersecurity landscape by making many long-understood attack strategies virtually undetectable to even the most cautious human eye,” Dror Liwer, co-founder of cloud security firm Coro, wrote to IT Brew. “Bad actors have quickly incorporated cheap tools in their social engineering and deepfake schemes to make them more convincing to easily evade traditional detection methods.”

“I hope to see cybersecurity professionals accept that AI is no longer an optional tool, but rather an essential in modern defense strategies to predict threats and respond quickly when they do happen,” Liwer added.

Open-source & supply chain threats

Ax Sharma, staff security researcher at Sonatype, warned IT Brew the “unfathomable scale” of open-source means registries like npm and PyPi will continue to be targets. He added attackers are leveraging open-source repositories to create crypto stealers and data exfiltration malware, as well as target legitimate libraries like Lottie Player.

“This is partially because new protocols enabling open-source developers and maintainers to be rewarded for their contributions (like the Tea protocol) are targets for those with malicious intent to abuse open-source registries with self-reward mechanisms,” Sharma wrote. “By throttling legitimate users and developers from consuming components from these registries, the mass-publishing activity might induce a denial-of-service attack.”

Chester Wisniewski, director and global field CTO at Sophos, told IT Brew the “most worrying” trend in 2024 was supply-chain attacks. Organizations need to put “much more effort into screening supplies and having plans in place to mitigate risk from outages,” he wrote.

Wisniewski cited several attacks in 2024 that had major impacts beyond the original target, such as breaches at payment processor Change Healthcare, auto dealership cloud provider CDK Global, and supply-chain management company Blue Yonder.

“Organizations are often blind to these single points of failure, and I feel like we are underestimating the importance of business continuity planning and disaster recovery to our own detriment,” Wisniewski added.

The old methods aren’t working

Despite a surge in spending on research and development by vendors and clients on cybersecurity services, “attacks have not gone down in any meaningful way,” Jared M. Smith, distinguished engineer and R&D strategy lead at SecurityScorecard, wrote.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

While the easy things to point out would be the CrowdStrike incident or increase in ransomware year over year, as an industry we need to recognize that what we’re building and deploying to our customer’s networks is not working and something needs to change as we head into 2025,” Smith added.

Andy Wen, the senior director of product at Google Workspace Security, warned in an email via Gillian Battese that businesses are “increasingly frustrated with the same old approach to rapidly shifting security challenges.” He cited a Google poll that showed 71% of IT and security decision makers at mid-market firms feel legacy technology leaves them less prepared for the future.

“Across industries, there’s a real sense that a move away from legacy technology is crucial in the face of an increasingly sophisticated threat landscape,” Wen wrote.

People problems

MK Palmore, director of the office of the CISO at Google Cloud, told IT Brew many attacks in the past year were the “result of neglecting our human capital.”

“My takeaway: While cybersecurity technology plays a crucial role in defense, it’s ultimately the people behind it that make the difference,” Palmore wrote. He said 2024 had “reinforced some tried and true principles” for him on cybersecurity—such as the need for effective leadership, the importance of communications and critical thinking skills, and that diversity makes defenders stronger.

“My hope for 2025 is that we start heavily investing in people-centered development and leadership,” Palmore wrote. “We must recognize that good cyber defense starts with great talent, and that talent sometimes needs to be built from the ground up.”

What out for infiltrators

Rafe Pilling, the director of threat intelligence at SecureWorks Counter Threat Unit, warned efforts by North Korean infiltrators to land remote jobs highlighted how hiring practices pose a cybersecurity risk.

“Hiring these fraudulent workers puts companies at risk of sanctions violation and all the issues that come with allowing an unknown individual access to critical organizational data and systems,” Pilling wrote. He recommended organizations be thorough in their review of application materials for consistency and be on the lookout for suspicious activity during interviews.

They should also watch out for red flags during onboarding, Pilling added, like requesting changes of address or that paychecks be sent to a money transfer service.

“Post-employment monitoring and validation also must ensure that the person who obtained the contract is the same person that is actually performing the work,” Pilling concluded.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.