[ad_1]
In Brief:
- Cybercrime losses surged to $16 billion in 2024, a one-third jump from the previous year, according to the FBI.
- AI-driven phishing, deepfakes, and voice cloning are fueling new waves of cyberattacks against businesses.
- Experts warn supply-chain vulnerabilities and the rise of quantum computing pose long-term cybersecurity challenges.
- Organizations are urged to adopt stronger governance, MFA, vendor oversight, and event logging for proactive defense.
October is Cybersecurity Awareness Month. Established in 2004 by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month aims to educate the public and businesses about cyber threats and equip them with the knowledge and tools needed to stay secure.
The 21st Annual Cybersecurity Awareness Month comes at a particularly crucial time. First and foremost, cybercrime is on the rise. In fact, the Federal Bureau of Investigation (FBI) reported that cybercrime costs rose to $16 billion in 2024—a one-third increase from 2023.
Furthermore, the Cybersecurity and Infrastructure Security Agency recently furloughed the majority of its already-downsized staff at the start of the ongoing government shutdown. Many fear this will leave Americans more vulnerable to escalating cyber threats. Additionally, the 2015 Cybersecurity Information Sharing Act expired at the start of the month, raising concerns about diminished collaboration between the public and private sectors.
As a result, the need for organizations to remain vigilant and informed about cybersecurity risks is greater than ever. Among the top threats businesses should be aware of are:
AI-driven attacks
While artificial intelligence (AI) has improved efficiency and productivity for many, it has also introduced new risks related to privacy and information security. However, businesses aren’t the only ones using AI. Cybercriminals are, too.
According to a 2025 KnowBe4 report, more than 80% of phishing emails analyzed showed evidence of AI usage. AI is also behind increasingly convincing deepfakes, which led to one company losing $25 million after an employee was tricked into sending funds to fraudsters posing as the CFO. Similarly, AI-powered voice cloning is on the rise, forcing 91% of surveyed banks to reconsider their voice authentication systems.
These attacks exploit vulnerabilities in third-party vendors to gain access to sensitive customer data. Research from the Ponemon Institute and Mastercard’s RiskRecon found that more than half of breaches in the past 12 months were caused by third-party vendors.
Alarmingly, the research also stated that only 34% of organizations are confident their suppliers would notify them of a breach of their sensitive information. Yet, less than half of the organizations regularly review the security and privacy controls of their suppliers.
Quantum computing
Quantum computing leverages quantum mechanics to solve complex problems far beyond the capabilities of traditional computers. The concern is that adversaries may steal encrypted data today with the intent to decrypt it later using advanced quantum technologies.
The National Institute of Standards and Technology (NIST) has already released encryption algorithms resistant to quantum attacks, however, transitioning to post-quantum cryptography could take years and prove especially challenging for smaller institutions.
In light of these and other emerging threats, businesses should adopt the following cybersecurity best practices:
Governance and board oversight
Escalating cyber threats demand informed and active involvement at the board level. Boards and executives should take an active role in cybersecurity oversight by requiring regular updates, ensuring incident response plans exist and treating cybersecurity as a core business risk rather than just a technical issue.
Most regulations require the use of multi-factor authentication for any user accessing an information system. However, not all types of MFA are created equal. Organizations should implement strong, phishing-resistant MFA (such as FIDO/WebAuthn or Public Key Infrastructure) for all users accessing sensitive information and phase out weaker methods like SMS or voice codes.
End of operating life
Unsupported and legacy systems continue to pose significant risk, especially for smaller organizations. Companies should maintain an inventory of systems, track vendor support timelines and proactively plan upgrades or replacements before software and hardware reach EOL to avoid exploitable vulnerabilities.
Vendor management
As aforementioned, third-party vendors pose a significant threat. As a result, organizations should maintain a documented vendor risk management program and regularly conduct due diligence audits.
Event logging and threat detection
Organizations should deploy comprehensive cybersecurity event logging solutions. This can help provide visibility into system performance and security, detect incidents and support response efforts, and enable forensic investigations and threat attributions.
As cyber threats grow in scale and sophistication, Cybersecurity Awareness Month serves as a timely reminder that proactive defense is no longer optional—it’s essential. With rising risks from AI-driven attacks, supply-chain vulnerabilities and the looming impact of quantum computing, organizations must prioritize cybersecurity as a strategic imperative. By embracing strong governance, modern authentication, lifecycle management, vendor oversight, and robust event logging, businesses can better-safeguard their systems, data and stakeholders.
Charlie Wood is a partner and practice lead with the FoxPointe Solutions Information Risk Management Division of The Bonadio Group.
[ad_2]
LIBN Staff
Source link