Five of the most important cyber trends and events in 2024

Do not index

Cyber threats continued to grow in frequency and ferocity throughout 2024, with attackers leveraging new and sophisticated techniques to target businesses, institutions, and critical national infrastructure. 2024 saw a drastic increase in ransomware, supply chain attacks, and AI-driven cyber threats, underpinning the importance of ensuring your business complies with industry regulations and cyber security frameworks such as ISO 27001, SOC 2, GDPR etc.

In order to make sure your business is prepared to face the growing threat of cyber attack, we’ve created a list of the five most notable events and trends that took place in 2024, their significance, and key lessons to take away.

1. Ticketmaster Data Breach – 560 Million Records Exposed

In May 2024, Ticketmaster suffered one of the largest data breaches of the year, with over 560 million customer records leaked onto the dark web. The breach included:

Payment details and credit card numbers.

Email addresses and login credentials.

Purchase history and personal information.

Security researchers believe the attackers exploited an unpatched vulnerability in their customer service portal, which allowed the attackers access, and exfiltrate, large amounts of customer data stored on a third-party database.

Ticketmaster initially tried to downplay the severity of the breach, only notifying customers about the breach around a month later, leaving them uninformed of the risks to their personal information, and unable to take any action to remedy the situation.

Key Takeaways:

This breach demonstrated the importance of having a secure vendor supply chain. A vulnerability in a third-party can result in significant financial and reputational damage to all businesses involved, even if they themselves are secure.

Swift and effective communication between the business and any affected parties is one of the most critical aspects of managing a breach. Insufficient communication can cause even more damage then the initial incident, and could lead to even harsher repercussions later down the line.

2. Ransomware decreased in 2024

While ransomware remained one of the most prominent cyber threats in 2024, the overall number of payments dropped drastically. A report by Chainalysis suggested that around 35% less payments took place in 2024, when compared to 2023. This drop suggests that businesses are becoming:

More resistant to ransomware through better backup strategies.

Less willing to pay, due to improved incident response planning.

More aware of the impact of ransomware, and implement appropriate measures to mitigate the threat.

Key Takeaways:

Businesses with effective staff training, incident management, and awareness campaigns suffered fewer ransomware attacks compared to those with less comprehensive processes.

3. Healthcare Industry Under Siege – A 32% Surge in Weekly Attacks

Businesses within the healthcare sector faced relentless cyber threats, with NordLayer reporting a 32% increase in weekly attacks on hospitals, clinics, medical suppliers, and other providers. Organisations such as the NHS, MediSecure, and Change Healthcare all suffered a breach of some kind in 2024, jeopardising the sensitive personal information of their patients and employees.

Attackers targeted:

Patient records, threatening to leak sensitive data.

Operational systems, crippling hospital IT networks.

Medical devices, exploiting vulnerabilities in IoT-connected equipment.

These events proved that any business, regardless of size or sector, requires comprehensive security measures in place in order to protect against threats. While standards such as SOC 2, ISO 27001, and Cyber Essentials were likely implemented within these businesses, dropping the ball at any point can be a death sentence when it comes to compliance and business security.

Key Takeaways:

The data stored by healthcare providers and other associated businesses, is highly targeted and requires stringent security measures to protect.

Compliance with security standards such as SOC 2 and Cyber Essentials are essential for data protection, and ensuring best practices are followed.

4. AI-Powered Cyber Attacks and the IoT Malware Surge

Artificial intelligence is now being weaponised by cybercriminals. According to the Cyber Management Alliance, IoT (Internet of Things) malware increased by 107% in 2024, targeting smart home devices, industrial systems, and enterprise IoT networks.

Additionally, AI-driven cyber attacks enabled hackers to conduct more advanced phishing and social engineering scams. Mobile providers also reported an increase in AI-powered cyber threats are becoming increasingly difficult to detect.

Key Takeaways:

AI is being used to enhance and automate cyber attacks, making phishing and scams more convincing.

IoT security remains a weak point. Businesses should consider implementing standards such as ISO 27001 to determine the number and severity of risks associated with their daily operations.

5. Supply Chain Attacks Surge – The Year of Third-Party Breaches

One of the most alarming cybersecurity trends in 2024 has been the rise in supply chain attacks, where cybercriminals exploit vulnerabilities in third-party vendors to infiltrate multiple businesses at once.

According to Verizon’s 2024 Data Breach Investigations Report, nearly 62% of security incidents this year involved third-party suppliers. This highlights how organisation’s often underestimate the security risks posed by their vendors and partners. Many of the previously mentioned attacks were successful due to a vulnerability with a third-party vendor associated with the business, rather than the business itself.

Key Takeaways:

Third-party security risks are rising—businesses must continuously monitor and audit their supply chain.

Compliance with standards such as ISO 27001 and SOC 2 can help businesses implement stricter vendor security requirements.

Companies should enforce least privilege access policies, ensuring vendors only have access to necessary systems.

Regular penetration testing and security audits of suppliers are essential in preventing supply chain vulnerabilities.

How Can Businesses Stay Secure?

Cybersecurity is no longer optional. It has quickly moved from a ‘nice to have’, to an urgent priority. Implementing a continuous compliance approach using tools like OneClickComply ensures that businesses can:

Detect and fix security vulnerabilities automatically.

Maintain compliance with standards such as SOC 2, ISO 27001, and Cyber Essentials.

Protect against ransomware, data breaches, and AI-driven cybercrime.

The trend from 2024 should serve as a wake-up-call to business who may have taken a less than proactive approach to their cyber security, and signal the need for comprehensive security measures and processes to defend again these growing threats.