Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Cyber risk remains top of mind for business leaders

A regular January fixture, the World Economic Forum’s Global Risk Report 2025 features two technology-related threats among the top five risks for the year ahead and beyond. The report ranks risks by severity over two-year and 10-year timeframes. In the short term, misinformation and disinformation came top, with cyber espionage and warfare ranked fifth. In the longer term, those risks were fifth and ninth respectively. The report was launched days after Meta, the owner of Facebook and Instagram, announced it was removing a system that would identify hoaxes and fake news, and protect against the spread of hate speech.

Computer Weekly said the 2025 edition “paints a gloomy picture of countries becoming more isolated, growing risks of armed conflict, and worsening environmental problems over the next two years”. Other risks featured in the report’s top 10 included extreme weather events, state-based armed conflict and societal polarisation.

The WEF also published related material to accompany the Global Risks Report, delving more deeply into cyber risk specifically. The Global Cybersecurity Outlook identified increasing complexity of supply chains and a lack of visibility into suppliers’ security levels. The WEF said this is contributing to wider skills gaps and cyber inequity. That’s interesting given last year’s report noted a growing gap between resilient organisations that could withstand security incidents and those that couldn’t. The WEF also spoke with security leaders to gauge their concerns and understand how they’re managing risks.

2024’s top attacks: a look back

“Vast quantities of personal data”, stolen and sold to malicious actors or extortionists, characterised many cyber attacks in 2024. Infosecurity Magazine measured its top 10 incidents, weighing factors like data loss, recovery costs, real-world impacts and wider geopolitical implications. Big themes from the year included rising attacks against healthcare providers and incidents reflecting geopolitical tensions.

The roundup lists the incidents in chronological order, starting with last January’s ransomware incident against LoanDept, one of America’s largest retail mortgage lenders. The subsequent recovery costs exceeded $26 million. February’s Change Healthcare ransomware attack led to 100 million data breach notices being sent. The Snowflake compromise, first discovered in June, was believed to have been the cause of many other high-profile breaches including Ticketmaster and Santander. Another major breach on telecoms providers led to the Salt Typhoon threat actor compromising US Government officials’ data.

Data protection and privacy roundup: where in the world and who in the EU

Millions of users of popular apps like Tinder, Spotify, Candy Crush and others may have had their locations leaked. The breach was traced to Gravy Analytics, a US data broker that collects information about people’s real-time locations. The hackers’ haul is reportedly more than 10TB of information from across thousands of apps, with samples appearing on a hacking forum. Vividly illustrating this, the French security researcher Baptiste Robert posted a map showing the locations of UK Tinder users. The Electronic Frontier Federation has a good explainer of the surveillance mechanism behind the world of online ads.

The EU Court of Justice has ruled that data protection authorities (DPAs) can’t reject GDPR complaints due to their frequency. Euractiv described the ruling as “good news for advocates of the right to freedom of information”. Austria’s supervisory authority had previously set data subjects a limit of two complaints per month. One advocacy group, noyb, said “unfortunately, DPAs trying to get rid of complaints isn’t just an Austrian problem”, claiming the issue is continent-wide. Separately, the EU’s highest court also fined the European Commission for breaching the GDPR. An individual in Germany had used the ‘sign in with Facebook’ option to access the EC’s website.

A freedom of information request uncovered that Ireland’s Department of Justice had over 480 data breaches over three years. The information included the loss of sensitive papers, encrypted devices, and unauthorised access to social media.

Links we liked

Changing cybersecurity roles in 2025? Here’s how to ace the job interview. MORE

A look back at MacOS malware that appeared during 2024. MORE

“Panopticons on wheels.” Connected cars drive roughshod over data privacy. MORE

The Dutch Central Bank warned people to keep cash at home due to cyber risk. MORE

Last orders: vodka maker files for bankruptcy after ransomware incident. MORE

eBay’s CISO shares his thoughts on planning and security ROI. MORE

In this podcast, Pfizer reveals how it’s using AI to spot insider risk. MORE

Cyber Cert Labs’ list of product types in scope for the Cyber Resilience Act. MORE

New UK Government proposals to curb ransomware include a payment ban. MORE

High-level insights from a survey into CISO leadership and organisations. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*

First Last

Company Name*

Phone

Email address*

Service interested in*

Comments

This field is for validation purposes and should be left unchanged.

Security Roundup January 2025