October marks the annual return of Cyber Security Awareness Month, Security Awareness Month, an international campaign aimed at raising awareness about the importance of cybersecurity and the need to protect systems from malicious actors, ransomware, and other cyber threats.¹
However, Cyber Security Awareness Month 2024 feels different.
Recent high-profile cyberattacks on Fortune 500 companies and government agencies worldwide have underscored the growing sophistication of hackers and the vulnerabilities they exploit. Demand for cybersecurity solutions is surging as businesses scramble to defend their digital borders. With the global cost of cybercrime estimated at $9.5 trillion USD for 2024, the sector has become a critical focal point for investors and corporate boards alike.² Meanwhile, technological advancements in artificial intelligence and machine learning are reshaping the landscape, promising both heightened defences and new threats.
So, let’s look at the state of cybersecurity so far in 2024, focusing on some recent cyberattacks and the demand for security they’ve highlighted across industries, and see what trends will be shaping cybersecurity into 2025.
Most Significant Cyberattacks and Breaches in 2024
Cybercrime has been big news throughout 2024. Some highlights (or perhaps lowlights would be a better description) include:
- Snowflake Customers Targeted: In June, Snowflake Inc., a prominent cloud storage firm, disclosed a cyberattack that could become one of the largest data breaches ever. Hackers exploited stolen login credentials, obtained via info-stealing malware, to access customer accounts. Major companies, including Ticketmaster and Santander, were reportedly impacted. While hundreds of Snowflake customer passwords have already surfaced online, the hackers claim to possess 560 million records from Ticketmaster and 30 million from Santander. However, the companies have yet to confirm the extent of the breaches.⁵
- Microsoft Executive Accounts Breach: In January, Microsoft revealed that a Russia-linked hacker group breached emails belonging to senior Microsoft leadership, as well as its cybersecurity and legal teams. The attack was attributed to the same group that orchestrated the 2020 SolarWinds breach. Multiple U.S. federal agencies were affected as part of this breach, with the hackers siphoning communications between Microsoft and federal agencies through the compromised Microsoft corporate email accounts. The breach, traced back to November 2023, occurred after hackers exploited a legacy account lacking multifactor authentication.³
- CDK Global Attack: In June, CDK Global, a key software provider for North American car dealerships, was hit by a ransomware attack orchestrated by an Eastern European cybercrime group. The hackers demanded tens of millions in ransom, severely disrupting operations at roughly 15,000 dealerships across the U.S. and Canada. The timing, coinciding with the end-of-quarter sales push, crippled sales, repairs, and vehicle deliveries in an industry worth $1.2 trillion annually. The attack forced a complete shutdown of CDK’s core dealership management system (DMS), a critical tool for dealership operations. The incident exposed the sector’s reliance on a small number of DMS providers, an issue worsened by consolidation in the industry.⁴
- AT&T Breach: In March, AT&T launched an investigation into a potential data breach after personal information from over 70 million current and former customers appeared on the dark web. The telecom giant confirmed that AT&T-specific data fields were included in a set released online. Initial analysis suggested the data, which includes social security numbers, likely dates back to 2019 or earlier and affects around 7.6 million active accounts and 65.4 million former customers.⁶
- CrowdStrike Update Error: Not a cyberattack per se, but certainly deserving a mention here, nonetheless. In July, a software glitch during a routine update from cybersecurity firm CrowdStrike caused a major IT outage, impacting businesses worldwide. The update, which affected Windows systems, led to the “blue screen of death” for many Microsoft users. Airlines, hospitals, financial services, and media outlets were among the most affected.⁷ Approximately 25% of all Fortune 500 companies faced disruptions, with estimated financial losses for these companies (excluding Microsoft) amounting to $5.4 billion.⁸ Experts called the outage’s scale unprecedented, emphasizing the complexity of managing critical security software.
Surging Demand for Cybersecurity
As just this small sample of incidents shows, there is an urgent and growing need for more robust cybersecurity initiatives across industries. In Canada alone, cybercrime costs the economy more than $3 billion annually.⁹ Combating this begins, in large part, with people.
Despite millions of open cybersecurity positions worldwide, companies are struggling to fill them, contributing to a global shortfall of nearly 4 million cybersecurity professionals. This shortage—driven by factors like outdated training, lack of clear career paths, and high levels of job-related job stress—is creating a widening gap between cyber-resilient organizations and those vulnerable to attacks, according to the World Economic Forum (WEF).
In WEF’s Global Cybersecurity Outlook 2024 report, 90% of surveyed executives emphasized the urgent need to address this growing cyber inequity. Emerging technologies like generative AI are expected to exacerbate existing challenges. The report highlighted that the expanding talent and skills gap is the primary obstacle to strengthening cybersecurity defences, with 71% of organizations currently facing vacant roles in the field.10
Innovative Trends in the Cybersecurity Industry
If there aren’t enough people to keep up with the demands of cutting-edge cybersecurity, how can companies and organizations effectively manage their digital security? The answer lies in advanced technologies like artificial intelligence (AI) and machine learning (ML), which cybersecurity providers are already leveraging to stay ahead of the threat actors. These algorithms are poised to play an increasingly critical role in cybersecurity in 2025 and beyond.
AI’s advanced data analysis capabilities are being harnessed to identify and predict cyber threats, boosting early detection systems. ML algorithms are becoming more sophisticated, enabling them to recognize and adapt to new threats, enhancing cybersecurity defences over time. Real-time AI threat analysis is expected to improve response speed and accuracy, while ML advancements may lead to autonomous updates, reducing the need for manual intervention and allowing companies to do more with less by leveraging their human cybersecurity experts and their experience for the most complex situations.11
As part of this, AI-driven security bots are likely to emerge, programmed to detect and neutralize threats proactively, marking a shift towards more self-sufficient cybersecurity systems. Key improvements include AI-powered threat detection that can swiftly identify patterns and anomalies, behavioural analysis to track user activity and flag suspicious deviations, and predictive analytics to forecast vulnerabilities and prioritize security measures. These advancements will enable organizations to move from reactive to proactive defence strategies even if additional human threat hunters can’t be found.12
October’s Cyber Security Awareness Month serves as a crucial reminder for all stakeholders to prioritize digital security, reinforce their efforts in protecting sensitive data, and help them stay ahead of potential attacks.
CYBR ETF: Diversified Investing in Cybersecurity
A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.
Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/.
Sources
- “October is Cyber Security Awareness Month in Canada,” Government of Canada, July 22, 2024; https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month
- “The Biggest Data Breaches of the Year (2024),” Bluefin, July 10, 2024; https://www.bluefin.com/bluefin-news/biggest-data-breaches-year-2024/
- Alspach, K., “10 Major Cyberattacks And Data Breaches In 2024 (So Far),” CRN, July 1, 2024; https://www.crn.com/news/security/2024/10-major-cyberattacks-and-data-breaches-in-2024-so-far?page=3
- Trudell, C., “CDK Hackers Want Millions in Ransom to End Car Dealership Outage,” Bloomberg, June 21, 2024; https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage
- Gorrivan, C., Murphy, M. & Ford, B., “Hackers Demand as Much as $5 Million From Snowflake Clients,” Bloomberg, June 17, 2024; https://www.bloomberg.com/news/articles/2024-06-17/hackers-demanding-as-much-as-5-million-from-snowflake-clients
- Alspach, K., “10 Major Cyberattacks And Data Breaches In 2024 (So Far),” CRN, July 1, 2024; https://www.crn.com/news/security/2024/10-major-cyberattacks-and-data-breaches-in-2024-so-far?page=8
- Bishop, K. & Kharpal, A., “CrowdStrike issue causes major outage affecting businesses around the world,” CNBC, July 19, 2024; https://www.cnbc.com/2024/07/19/crowdstrike-suffers-major-outage-affecting-businesses-around-the-world.html
- “Crowdstrike’s Impact on the Fortune 500: An Impact Analysis,” Parametrix, July 25, 2024; https://cdn.prod.website-files.com/64b69422439318309c9f1e44/66a24d5478783782964c1f6f_CrowdStrikes%20Impact%20on%20the%20Fortune%20500_%202024%20_Parametrix%20Analysis.pdf
- Mondou, A. & Magee, K., “All Hands On Deck: The Skyrocketing Demand for Canadian Cybersecurity Skills,” Innovating Canada, n.d.; https://www.innovatingcanada.ca/technology/technology-innovation-archive/all-hands-on-deck-the-skyrocketing-demand-for-canadian-cybersecurity-skills/
- “Bridging the Cyber Skills Gap,” World Economic Forum, 2024; https://initiatives.weforum.org/bridging-the-cyber-skills-gap/home
- Cooper, V., “Top 10 Cyber Security Trends and Predictions For 2024,” Splashtop, August 26, 2024; https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024
- “What is the future of cybersecurity?,” Field Effect, May 28, 2024; https://fieldeffect.com/blog/what-is-the-future-of-cyber-security
Source: Getty Images Credit: krisanapong detraphiphat