2024 will be remembered as a pivotal year in cybersecurity, marked by an alarming surge in cyberattacks across industries that not only drove skyrocketing costs for businesses (not to mention eroding trust from customers) but introduced the world to new and evolving tactics that demand attention as we move into 2025.

‍

Inside the Numbers

Cyberattacks are Increasing in Frequency and Impact:

We officially closed the books in 2024, and it's evident that the volume of cyberattacks has reached all-time highs. Research from Check Point highlights this disturbing trend: in Q3 2024, global cyberattacks surged by 75% compared to the same period in 2023, with organizations enduring an average of 1,876 attacks per week.

‍

But the number of attacks is just part of the story for 2024. Next comes the financial fallout of these incidents. IBM’s Cost of a Data Breach Report 2024 reveals that the global average cost of a data breach climbed to $4.88 million. That’s a 10% increase from 2023 and the highest figure on record. Winning the prize for the most costly was the MOVEit breach, where global damages reached an estimated $12 billion.

‍

Attack Vectors are Evolving:

‍Following the frequency and costs of cyberattacks comes the growing complexity and variety of methods employed by cybercriminals over the last year. The top methods were business email compromise (BEC), API phishing, executive impersonation, employee fraud, and of course deepfakes. Of these, it was deepfakes that really stole the spotlight in 2024. According to Entrust Cybersecurity Institute, deepfake attacks occurred every five minutes globally in 2024, with the three most targeted industries related to financial services. Powered by sophisticated generative AI-powered tools, these attacks have people second-guessing every interaction they have over the phone, email, and video. 

‍

The most notable incident of 2024 involved a multinational firm in Hong Kong. In this case, cybercriminals used deepfake technology to impersonate a CFO during a video call. The convincing ruse led an employee to authorize 15 transactions totaling over $25 million.

‍

Trustmi’s Take

At the end of the day, cybercriminals are succeeding because they rely on proven tactics while expanding their capabilities with new attack vectors powered by the same innovations (Gen AI) used by their victims (but with very malicious intent). Like bad actors, businesses must continually review their defenses to mitigate these threats, including those targeting payments.  This means migrating from traditional solutions to AI-powered automated email and payment security offerings. As with your foe, tap into Gen AI as well as automated real-time fraud detection capabilities that can uncover unusual patterns in payment data that members of your team would otherwise miss. This is your best bet in sniffing out deepfakes while also battling other attack types, both known and unknown. 

‍