Reflecting on the cybersecurity incidents we’ve seen in 2024, there’s a lot that organizations striving for resilience should take to heart. We’ve witnessed multiple zero-day exploits successfully targeting vulnerabilities across browsers, operating systems, and network devices. It’s a stark reminder that even now, we’re still lacking a serious, repeatable patch and vulnerability management program.
Ransomware attacks have continued to evolve this year. Groups like AlphV, LockBit, Hive, and BlackCat are using newer tactics to infiltrate systems and move laterally within networks. The RansomHub attack on Haliburton, where they probably lost only $35 million compared to their earnings in the billions, showed us that employee awareness of cybersecurity is, at best, a compensating control rather than a foolproof defense.
The Cost of Lacking Basic Protection
We’ve also seen high-profile breaches facilitated by the absence of API gateway protection, encryption, and access control, like the one that hit a popular messaging app. Misconfigured cloud storage buckets and unsecured data repositories are still plaguing leading organizations. They’re diving into digital expansion without an integrated digital resilience program and proper governance of assets, access, and change control. The lack of continuous monitoring just adds fuel to the fire.
Attackers are getting smarter with their evasion techniques too. They’re using methods like code obfuscation, sandbox evasion, and living-off-the-land (LOTL) tactics, making detection more challenging than ever. Many organizations have been affected by both digital and physical supply chain attacks. Remember the attack on OneBlood? It led hospitals to enforce blood conservation protocols, resulting in reduced patient care services.
A common theme we’ve noticed is that organizations often have to shut down their operations to stop the spread of cyberattacks after they’ve learned about them. This reactive approach highlights weaknesses in IT management. Unless we build foundational capabilities, whether for new projects or existing infrastructures, like microsegmentation or physical segregation, digital resilience will remain just a pipe dream.
From Breach Containment to Breach Readiness
These events have definitely influenced how businesses are approaching defense and response. At ColorTokens, we’ve seen an increased interest in incorporating breach ready cyber defenses across multiple sectors—hospitals and healthcare ecosystems, pharmaceuticals and life sciences, energy, transportation ecosystems, and other critical national infrastructure. Many enterprises are realizing that a breach ready cyber defense approach can help them run business as usual in most parts of their operations, even if cyberattacks continue to impact areas of initial compromise. This is thanks to technology that can contain breaches within microperimeters where they occur.
I also believe business continuity paradigms will change. If companies can contain cyberattacks in small microperimeters where attacks happen, the Minimum Viable Business can extend to up to 80% from the current 20%.
However, we haven’t seen widespread recognition that weaknesses in IT service management are often the root cause of breaches. Investments in digital resilience need to facilitate the ability to operate business as usual across most of the organization, rather than resorting to shutting down operations. Each cyberattack serves as a reminder that investing in capabilities requires an integrated approach. With advancements in modern microsegmentation, organizations can progressively reach an acceptable state of breach readiness in 30, 60, and 90 days.
Today, organizations can visualize normal and malicious telemetry, build containment playbooks and cyber defense models, and disrupt attacks after confining them to a small part of the enterprise—whether in traditional datacenters, cloud environments, or digital factories.
The Offensive Threats Looming in 2025
Looking ahead to 2025, the digital business landscape is poised for significant cybersecurity challenges and advancements. On the offensive front, ransomware will continue its destructive path, causing substantial disruptions across both Industry 4.0 and the emerging Industry 5.0 sectors. This persistent threat underscores the evolving tactics of cyber attackers, who will likely increase their focus on breaching hospitals to demonstrate their continued relevance and impact.
We’ll see cyber attackers specializing more in Operational Technology (OT) and Cyber-Physical Systems (CPS). Nation-state actors will try to leverage these specialized attack vectors to target critical national infrastructure in other countries, posing significant risks to national security for the nations under attack. Phishing will remain a dominant method for initiating cyberattacks—a trend that doesn’t seem to be letting up. Cybercrime will also continue to exploit the most vulnerable sections of society, especially in developed countries, highlighting the need for robust protective measures.
Technology is evolving, and 2025 will bring quantum computing, blockchain for various applications beyond cryptocurrencies, augmented and virtual reality in disparate fields such as education and healthcare, and biotechnology breakthroughs, particularly in genetic engineering and personalized medicine. Developments in 5G and beyond will enable more connected devices and smarter cities. Now, more than ever, we need to build globally interconnected innovative businesses that can be immune to cyberattacks even when they scale to meet future demands.
Building Resilience
On the defensive side, ensuring the continuity of digital operations will become a top priority in boardroom discussions. As digital business becomes increasingly integral to organizational success, the ability to continue operations despite cyberattacks will drive investments. Being able to effectively report breaches will become a highly sought-after capability for CISOs, particularly those who can demonstrate transparency and resilience.
Passwordless authentication will become the future benchmark for accessing enterprise assets. By moving away from traditional one-time passwords and enhancing security, newer platforms will eliminate the need to store credentials, reducing breach exposure when providers are attacked. Microsegmentation will transform as well, with AI playing a central role in reducing deployment times from months to minutes and integrating seamlessly with existing cybersecurity investments. This shift will enable more agile and responsive breach containment, ensuring operational resilience during cyberattacks.
The CISO’s New Ally
It’s becoming increasingly clear that fragmented solutions just aren’t cutting it anymore. We can’t just keep adding layers and hoping for the best. Finally, CISOs will gravitate toward integrated cyber defense platforms, seeking cohesive and comprehensive security strategies to address the multifaceted nature of modern cyber threats head-on. What excites me is it can actually make our lives easier. By consolidating our defenses, we’re reducing complexity and can focus more on strategic initiatives rather than getting bogged down in managing disparate systems.
With AI playing a significant role, breach ready capabilities will help CISOs report the materiality of cyberattacks within 24 to 48 hours. AI will also transform breach ready cyber defense, combining the powers of Generative and Agentic AI to swiftly change digital landscapes and harden them. The CISO’s new ally will be the AI that can help anticipate and model cyber defenses, harden digital landscapes, contain and withstand digital operations, and evolve breach readiness through war gaming and exercises. By consolidating our defenses, we will reduce complexity and can focus more on strategic initiatives rather than getting bogged down in managing disparate systems.
If you want to bounce ideas around, I’d love to hear your thoughts and share more about what I’ve learned. Let’s get in touch.
