Cybersecurity: New Threats Targeting Businesses in 2024

The global cost of cybercrime is expected to reach $10.5 trillion by 2025, according to Cybersecurity Ventures. Facing increasingly sophisticated attackers, businesses must rethink their approach to IT security. **Ransomware: a criminal industry** Ransomware remains the number one threat. In 2023, this malware that encrypts data and demands ransom cost global businesses more than $30 billion. The LockBit group, dismantled in February 2024, alone had extorted more than $120 million. What's changing: attackers now use AI to write more convincing phishing emails, identify vulnerabilities faster, and personalize their attacks. Ransomware-as-a-service (RaaS) even allows criminals without technical skills to launch attacks. **The supply chain: the weak link** The SolarWinds attack of 2020 revealed a new vulnerability: the software supply chain. By compromising a software vendor, hackers can reach thousands of client companies at once. In 2023, the attack on MOVEit, a file transfer software, affected more than 2,000 organizations, including giants like Shell, British Airways and the US government. This trend is accelerating: supply chain attacks have increased by 742% since 2019. **Deepfakes: the new weapon** Deepfakes — AI-generated videos or audio — are becoming a fraud weapon. In February 2024, a Hong Kong company lost $25 million after an employee transferred funds following a video conference with a fake CFO generated by deepfake. These AI-augmented "social engineering" attacks are particularly dangerous because they exploit human trust rather than technical vulnerabilities. **How to protect yourself?** Experts recommend a "Zero Trust" approach: trust no user or device by default, even inside the network. This involves systematic multi-factor authentication, network segmentation, and continuous monitoring of abnormal behavior. Employee training remains crucial: 95% of cybersecurity incidents involve human error. Companies must invest in ongoing awareness for their teams. Finally, regular data backup (3-2-1 rule: 3 copies, 2 different media, 1 offsite) remains the best defense against ransomware. **The talent shortage challenge** The cybersecurity sector lacks 4 million professionals worldwide. This shortage is pushing salaries up but leaving many companies vulnerable. Automation and defensive AI are becoming essential to compensate for this lack of human resources. **Key takeaway** Cybersecurity is no longer a technical topic reserved for CIOs. It's a strategic issue that concerns top management. In a world where a cyberattack can bring a company to its knees in hours, IT resilience has become a competitive advantage.