The cybersecurity landscape is constantly changing and even with new advanced safeguards, it has only grown increasingly perilous. As we saw in 2024, criminals use sophisticated cyberattacks to target organizations worldwide and the need to protect against such threats is only growing.

The CrowdStrike 2025 Global Threat Report), alongside high-profile incidents like the Ticketmaster data breach via Snowflake and attacks on major UK retailers such as Co-op, Harrods, and M&S, underscores the urgent need for robust cybersecurity measures.

CrowdStrike’s report paints a stark picture of the current cyber threat landscape%5b%5d(), highlighting a 75% year-over-year increase in cloud intrusions and a 76% rise in victims named on eCrime leak sites. The report tracks over 257 adversaries, including 26 new threat groups identified in 2024, with a notable surge in China-linked espionage attacks, up 150% across all sectors and 200-300% in critical industries like financial services and manufacturing.

One of the most significant data breaches of 2024 was the compromise of Ticketmaster’s data through Snowflake, a cloud-based data platform. Between April 2 and May 18, 2024, hackers associated with the Scattered Spider group exploited compromised credentials to access Snowflake accounts lacking Multi-Factor Authentication (MFA). The attackers demanded ransoms ranging from $300,000 to $5 million to prevent the public release of stolen data. The attack affected over 165 organizations, including major corporations like AT&T, Santander Bank, and Ticketmaster. The breach impacted over 550 million customers worldwide and sparked significant concern about third-party cloud security risks and the need for stronger authentication protocols. It served as a wake-up call to focus more fully on cloud security.

In early 2025, three major UK retailers—Co-op, Harrods, and Marks & Spencer (M&S)—faced a coordinated cyberattack spree linked to the Scattered Spider group, with the DragonForce cybercrime group also claiming responsibility.

The Ticketmaster-Snowflake breach and the attacks on UK retailers reveal several worrying trends in cybersecurity. The reliance on third-party cloud services amplifies vulnerabilities, as attackers target weak links in the supply chain to access multiple organizations. The rise in malware-free attacks highlights a shift from traditional malware to more covert methods. The integration of generative AI by bad actors, including nation-state actors from China and Iran, has lowered the barrier to entry for sophisticated attacks.

Thankfully, there are actionable steps organizations and individuals can take to protect themselves in this evolving digital battlefield.

The first step companies and organizations must take is to implement phishing-resistant MFA by enabling it across all accounts, particularly for cloud-based platforms. The second step is to educate staff and social engineering tactics such as phishing, vishing, and smishing (phishing uses email, smishing uses text messages, and vishing uses phone calls). Awareness programs can help employees recognize these attacks early and report suspicious activity.

It is important to stress the need to perform cybersecurity gap analyses to identify vulnerabilities. Companies should implement penetration testing and live-fire attack simulations on a regular basis to strengthen incident response capabilities.

Third-party vendors must be vetted and monitored to ensure they adhere to strict security standards. Supply chain risks can be mitigated by enforcing secure development practices.

Recent incidents that caused major damage and exposed serious vulnerabilities should serve as a stark reminder of the evolving nature of cyber threats. But there is no reason to despair. Even as cyber criminals use new technology, exploit identity-based vulnerabilities, and target third-party services, organizations and companies can and should shift from a reactive to a proactive defense strategy. It is possible to achieve greater resilience and security. It just takes resolve and a commitment to heed the warnings and take decisive action.