Jaime Desviat

Jaime Desviat

Cybersecurity Analyst

5 Critical Data Protection Mistakes of 2024 and Keys to Avoid Them in 2025

In a world where data is the new gold, its protection has become an absolute priority for companies of all sizes. The year 2024 has taught us important lessons about digital security, with cases that have exposed critical vulnerabilities in personal data management. City councils, hospitals, newspapers, the DGT, and major companies like Telefónica, Deloitte, and Banco Santander have been just some examples of victims affected by exposed sensitive data issues. 2025 will be no different, as cybercriminals, increasingly prepared and innovative, are ready to improve their attack vectors.

Is your organization prepared for the data protection challenges of 2025? Discover the most significant data protection errors of the past year and how to avoid them in your company during this new year.

1. AI Misuse: The Double-Edged Sword

Artificial Intelligence continues to transform everything in its path. The proliferation of models and their integration with various tools have significantly expanded access to information, often without considering how this data is used in model training processes.

For example, lawsuits against OpenAI for privacy violations marked a turning point in how we consider data use in AI model training. The AI tools available in today’s market are endless – models, platforms, extensions, code assistants – all are very useful and make our work more efficient, but users often have no idea what happens with the information they use.

How to protect your company in 2025?

  • Implement privacy impact assessments before adopting any AI tool
  • Implement sandboxing for AI applications (usually possible with paid instances)
  • Develop clear policies on what information can be shared with AI assistants
  • Focus on education about responsible AI use rather than excessive restrictions

2.Unencrypted Communications: An Open Door for Cybercriminals

Unencrypted communications have become one of the main access routes for cybercriminals, who exploit this vulnerability to intercept sensitive data in transit. It’s like sending all letters in transparent envelopes.

Unencrypted communications are particularly dangerous in today’s hybrid business ecosystem, where data constantly travels between offices, homes, and the cloud. When this data travels “in plain text,” any malicious actor with network access can intercept, read, and manipulate the information without leaving a trace. It’s like shouting confidential information in a public square hoping no one else is listening.

The problem is magnified in multi-cloud environments, where data passes through multiple network points before reaching its destination. In 2024, 40% of data breaches occurred precisely because of this vulnerability, with an average cost exceeding 5 million euros per incident. More worryingly, these breaches took an average of 283 days to detect, during which attackers had free access to sensitive information.

Your shield for 2025:

  • Implement end-to-end encryption in all communications
  • Adopt robust key management solutions
  • Establish regular encryption system audit schedules

3. Poor Access Control: The Weakest Link

Imagine a corporate building where all doors are open, with no record of who enters or leaves, and where any employee can access the safe. This is the perfect analogy to describe how many companies managed their digital access in 2024.

The complexity and workload involved in properly managing and monitoring access means many organizations fail in critical aspects: former employees maintain active credentials months after their departure, elevated privileges granted for specific projects remain indefinitely, and when attackers manage to compromise a single access point, they find an almost clear path to move laterally throughout the corporate network.

The 2024 Snowflake case taught us a clear lesson: more than 165 companies suffered security breaches for not activating multi-factor authentication. A basic error with devastating consequences.

Your winning strategy for 2025:

  • Rigorously implement the principle of least privilege
  • Invest in next-generation IAM systems
  • Use mandatory MFA systems
  • Schedule quarterly access permission reviews

4. Insufficient Monitoring: The Price of Neglect

The math is simple: according to IBM, organizations with reduced security teams paid $1.76 million more in breach costs. Investment in cybersecurity continues to be underestimated; it’s a matter of priorities – SMEs don’t consider cybersecurity one of them, and this can lead to data leaks, loss of money, customers, or reputation.

Your action plan for 2025:

  • Implement 24/7 monitoring systems with behavior analysis
  • Adopt AI-powered threat detection tools
  • Partner with specialists for implementing monitoring measures and tracking hybrid multi-cloud environments

5. Insufficient Investment in Training and Systems: The False Economy

Companies that invested in AI and security automation saved $2.2 million in breach costs during 2024. Training and awareness play a fundamental role in this area – if your employees know the risks and problems, they’ll be much more alert in their daily work. At Making Science, around 2,500 phishing cases were detected, which is why we raise awareness among our employees with internal tests updated with the latest attack methodologies, keeping us trained and in shape.

Your smart investment for 2025:

  • Allocate specific budget for cybersecurity training
  • Modernize your infrastructure with advanced security technologies
  • Implement regular security drill programs such as phishing campaigns

Conclusion: Data Protection as a Competitive Advantage

In 2025, data protection won’t just be a legal obligation but a crucial competitive advantage. Companies that learn from past mistakes and implement proactive solutions will not only protect their sensitive information but will also gain the trust of their customers and partners.

Are you ready to turn data protection into your strategic ally? The time to act is now. Investment in data security isn’t an expense; it’s an investment in your company’s future.

Need help implementing these measures in your organization? Contact us for a free assessment of your data security.