Adam Kangiser, Iviry’s Compliance Analyst
The FBI’s 2024 Internet Crime Complaint Center (IC3) report paints a sobering picture: cybercrime losses hit $16.6 billion in a single year, a 33% jump from 2023. Among the many tactics used by cybercriminals, three threats stand out for their scale, persistence, and impact: Business Email Compromise (BEC), ransomware, and phishing. Each represents a different type of danger, but together they form a trio of risks no organization can afford to ignore.
Business Email Compromise (BEC): The Billion-Dollar Threat
BEC continues to rank as one of the most financially damaging cybercrimes. In 2024, the FBI received more than 21,000 complaints, with losses totaling $2.77 billion. These attacks often target finance teams or executives, tricking them into wiring funds to fraudulent accounts through emails that look legitimate.
The FBI’s Recovery Asset Team has been able to intervene in some cases. For example, in real estate scams where fraudsters spoofed agents’ emails, millions of dollars were successfully recovered. But not every victim is so fortunate—especially smaller businesses with fewer safeguards in place.
How to defend against BEC:
- Require multi-factor authentication (MFA)for email and financial systems.
- Always verify changes to payment detailsusing an alternate communication channel.
- Implement dual authorizationfor wire transfers or large payments.
Ransomware: Holding Data Hostage
Ransomware is another enduring threat, with 3,156 reported complaints in 2024, representing a 9% increase from the previous year. Even more troubling, the FBI identified 67 new ransomware variants in 2024, showing how quickly cybercriminals adapt.
Reported ransomware losses were $12.4 million, but this figure drastically underestimates the real damage. The IC3 notes that downtime, lost productivity, reputational harm, and remediation costs drive the true impact far higher.
There was, however, some good news: FBI-led disruption efforts against the notorious LockBit ransomware group prevented more than $800 million in ransom demands from being paid.
How to defend against ransomware:
- Maintain offline and immutable backupsof critical systems and data.
- Apply patches and updatesquickly to reduce exploitable vulnerabilities.
- Use endpoint detection and response (EDR)tools to catch early signs of infection.
- Develop and test an incident response planto reduce downtime.
Phishing & Social Engineering: The Gateway Attack
Phishing remains the most common type of cybercrime, with 193,407 complaints filed in 2024. While direct losses were estimated at $70 million, phishing’s true danger lies in being the entry point to larger attacks like BEC and ransomware.
Cybercriminals are also leveraging AI to craft more convincing lures, from deepfake audio messages to highly personalized emails. This raises the stakes for organizations that rely heavily on email communication.
How to defend against phishing:
- Run regular phishing simulationsand awareness training.
- Enforce MFA on all user accounts, reducing the impact of stolen credentials.
- Promote a zero-trust culturewhere employees verify requests rather than assume legitimacy.
Building a Stronger Cyber Defense
While the FBI’s report underscores how costly these attacks have become, it also highlights the most effective defenses. Across all three threats, common security practices repeatedly surface as critical safeguards: multi-factor authentication, offline backups, incident response planning, and employee training.
Cybercriminals continue to innovate — but so can your organization. Combine strong technical defenses with cybersecurity awareness to make your business a much harder target!
