The Price of Poor Cybersecurity in 2024: US$3.1 Billion

Perhaps no industry felt the impact of cyberthreats more acutely than healthcare. The sector claimed the top spot for breach volume in 2024, with attacks on organizations like Synnovis, MediSecure, and Ascension causing devastating real-world consequences.

When Ascension's network of more than 100 U.S. hospitals was hit by ransomware, the results went far beyond data theft — electronic health records went offline, ambulances were diverted, medical procedures were rescheduled, and pharmacies temporarily closed.

This is the harsh reality of modern cyberattacks: They don't just compromise data, they can also endanger lives.

One of the most concerning trends from 2024 was how access controls for third-party relationships became attack vectors and allowed unauthorized access. The Snowflake breach exemplifies this perfectly — attackers compromised customer accounts across more than 100 organizations, including household names like Ticketmaster and AT&T, simply because multi-factor authentication (MFA) wasn't enabled by default.

Similarly, vulnerabilities in Fortinet's network management tools led to compromises at more than 50 companies, while a BeyondTrust breach enabled Chinese nation-state actors to infiltrate the U.S. Treasury Department. These incidents highlight a critical truth: Your security controls are only as strong as your weakest third-party connection.

APIs have become the backbone of modern digital infrastructure, but 2024's breaches revealed a troubling pattern of API mismanagement that dramatically increased the attack surface of any business that neglected essential API security measures.

Twilio's unauthenticated API exposed 33 million phone numbers, while a similar flaw at Trello leaked details of 15 million users. Perhaps most concerning, Dell suffered a mass scraping attack that affected 49 million customers through a partner portal API that had no rate limit controls in place.

According to the 2024 Anatomy of an API report by API development platform Treblle, 52% of APIs are unauthenticated — meaning organizations are essentially leaving their digital front doors wide open.

These breaches share common characteristics that reveal the limitations of traditional security approaches, including:

• Perimeter-focused thinking: Once attackers breach the outer defenses, they can move laterally with minimal resistance.

• Implicit trust: Internal network traffic is often trusted by default, allowing attackers to escalate privileges and access sensitive systems and critical applications. 

• Poor visibility: Organizations lack granular insight into east-west traffic patterns and can't quickly identify anomalous behavior.

• Inadequate network segmentation: Critical systems and data that rely on firewalls aren't properly isolated from less-sensitive resources.

The solution isn't just about adding more security tools — it's about fundamentally rethinking how we architect security. This is where microsegmentation becomes critical, particularly for organizations that deal with the complex, interconnected environments that characterized 2024's major breaches.

Akamai Guardicore Segmentation addresses these challenges head-on by implementing Zero Trust principles at the workload level for data center and cloud environments. Rather than trusting traffic once it's inside the network perimeter, Akamai Guardicore Segmentation creates granular security policies that govern every connection among applications, services, and users.

The key benefits of microsegmentation include breach containment, third-party risk mitigation, API protection, and compliance support.

• Breach containment: Implementing microsegmentation prevents the lateral movement of attackers when they inevitably gain initial access (as they did in the Change Healthcare ransomware attack). Each workload operates in its own secure enclave with granular control, dramatically limiting the blast radius of any compromise.

• Third-party risk mitigation: By segmenting third-party access and implementing least-privilege principles, organizations can continue to work with vendors like Snowflake or Fortinet while minimizing exposure if those relationships are compromised.

• API protection: Akamai Guardicore Segmentation's application-aware policies ensure that API communications follow predefined security rules, preventing the kind of unrestricted access that led to the Twilio and Dell breaches.

• Compliance support: With General Data Protection Regulation (GDPR) fines reaching US$1.3 billion for Meta alone in 2024, the ability to demonstrate granular data protection controls becomes essential to help meet compliance and regulatory requirements.

Based on the lessons we’ve learned from the breaches in 2024, security leaders should prioritize the following five practical techniques in 2025:

1. Implementing Zero Trust security architecture: Move beyond perimeter-based security to a model where every transaction is verified and authorized

2. Deploying microsegmentation: Use tools like Akamai Guardicore Segmentation to create granular policies that limit lateral movement and protect critical assets

3. Securing APIs by default: Implement proper authentication, rate limiting, and monitoring for all API endpoints

4. Enhancing third-party risk management: Evaluate vendors not just for functionality, but for their security posture and your ability to monitor their access

5. Enabling MFA everywhere: The Snowflake breach could have been prevented with proper MFA implementation — make MFA non-negotiable

The 2024 breach landscape sends a clear message: Traditional network security approaches are insufficient for protecting modern, interconnected organizations. The healthcare sector's struggles, the third-party supply chain attacks, and the API security failures all point to the same conclusion — we need security that's designed for a world where the perimeter has dissolved.

Microsegmentation isn't just another security technology; it's a fundamental shift toward a more resilient security architecture. By implementing Zero Trust principles at the workload level, organizations can protect themselves not just from the attack vectors we saw in 2024, but also from the unknown threats that 2025 will inevitably bring.

The question isn't whether your organization will face a sophisticated attack — it's whether you'll have the security architecture in place to contain it when it happens. Last year’s 5.4 billion compromised records serve as a sobering reminder that in cybersecurity, preparation isn't just about preventing data breaches — it's about ensuring they don't become catastrophes.