As we draw the curtain on the year 2024, cybersecurity is more than ever at the crossroads of digital transformations, geopolitical pressures, and technological innovations. This year has highlighted new challenges as well as opportunities to strengthen our resilience in the face of growing threats. Here is an overview of the trends and key events that have redefined the cyber landscape.
1. Europe strengthens its regulatory arsenal: Towards a more structured cybersecurity
In 2024, the European Union consolidated its role as a leader in cybersecurity by rolling out several major regulatory frameworks aimed at protecting digital ecosystems and raising security standards across the continent.
Directive NIS 2: Standardization and reinforcement
Implemented in October 2024, the NIS 2 Directive aims to harmonize risk management approaches and establish a common resilience throughout the European Union. Its scope extends to more than 10,000 critical organizations covering sectors such as healthcare, energy, and transportation. However, each member state must locally define its supervisory authority, and France, to date, has not yet clarified this. This gap delays the establishment of a clear vision of concrete obligations for companies.
From a technical standpoint, the directive closely aligns with ISO 27001, emphasizing:
Risk management as the cornerstone, through a systematic approach to identifying and prioritizing threats.
Awareness and training of employees, crucial elements to reduce human error.
Organization-wide implementation, avoiding the fragmented approaches that were often prevalent until now.
NIS 2 thus aims to standardize practices while strengthening cross-border collaboration for a coordinated management of cyber crises.
DORA (Digital Operational Resilience Act): Strengthened cybersecurity for the financial sector
Scheduled to come into effect in January 2025, DORA imposes a strict framework to improve the resilience of financial institutions against cyber threats. This regulation addresses the systemic weak points of the European financial sector, a frequent target of cybercriminals.
DORA is based on three key pillars:
Attack simulations: Penetration tests (TIBER-EU) become mandatory to assess the robustness of information systems against sophisticated attack scenarios.
Third-party management: Critical technology providers, often regarded as weak links, must undergo rigorous audits and be held accountable in case of failure.
Response and coordination: Each institution must have rapid-response teams to minimize the impact of major incidents.
DORA marks a major evolution by imposing continuous vigilance, while strengthening trust in the European financial ecosystem.
Cyber Resilience Act: Ensuring the security of digital products
Adopted in 2024, the Cyber Resilience Act aims to improve the security of connected products and software. Manufacturers are now required to integrate cybersecurity from the design stage (security by design) and to provide security updates throughout the product’s lifecycle. This framework responds to the proliferation of IoT, which have become prime targets for cybercriminals.
HDS:2024 (French - Healthcare Data Hosting)
HDS:2024 reaffirms requirements for protecting healthcare data, a particularly sensitive domain. Beyond reinforced compliance audits, the regulation focuses on extraterritorial protection measures. These measures are intended to ensure that European citizens’ data remains under control, even when stored or processed outside the European Union.
Hosting providers must demonstrate complete transparency about their practices, including explicit agreements preventing unauthorized access by foreign jurisdictions. This framework helps reinforce patient and healthcare stakeholders’ trust.
EUCS: A cloud certification still under debate
EUCS, European Cybersecurity Certification Scheme, is designed to establish a unified certification for cloud services in Europe. However, the project remains riddled with disagreements among member states, particularly regarding extraterritoriality.
Points of contention include:
Technological sovereignty: Some countries, such as France, advocate for strict restrictions against non-European providers, citing risks related to foreign jurisdiction (e.g., the US Cloud Act).
Economic pragmatism: Others, including Nordic countries, believe that excluding these providers could slow cloud technology adoption and penalize local businesses.
This deadlock illustrates tensions between a strategic vision focused on European independence and the reality of a globalized market where American and Asian cloud solutions dominate.
2. Cyberattacks in 2024: Faster, more targeted
The year 2024 was marked by a significant increase in cyberattacks, both in terms of volume and sophistication. Cybercriminals adopted more complex, targeted strategies, exploiting both technological and human vulnerabilities to maximize gains while minimizing exposure. Below are the main trends characterizing this evolution.
Targeting SMEs and mid-cap companies: Weak links in critical ecosystems
SMEs and mid-cap companies were particularly affected in 2024. Their often-insufficient level of cybersecurity maturity exposed them to moderate ransomware attacks, ranging between 10,000 and 50,000 euros per ransom. However, it is not the amounts themselves that are most concerning, but rather the repeated nature of these attacks and their impact on supply chains.
By targeting SMEs and mid-cap companies, cybercriminals indirectly aim at larger organizations that often use them as subcontractors. This strategy allows attackers to access more critical systems through insufficiently protected entry points.
Ephemeral Attacks: A new dynamic of aggression
In 2024, cybercriminals multiplied so-called “ephemeral” attacks, brief but destructive offensives. These actions, which rarely last more than 24 to 48 hours, aim to temporarily paralyze critical systems. The objective is twofold: cause immediate financial losses while avoiding detection by monitoring systems.
Examples include attacks on hospitals, deprived of their management systems for several hours, or the blocking of strategic logistics platforms. These interruptions, although temporary, can have major repercussions on entire ecosystems.
Artificial Intelligence as an attack catalyst
The emergence of AI has provided cybercriminals with new tools to refine their strategies. Notable uses include:
Ultra-credible phishing campaigns: Generative AI has made it possible to produce fraudulent emails of alarming realism, reducing the chances of detection by victims.
Deepfakes to manipulate transactions: Some companies have suffered multi-million-euro losses due to vocal or video deepfakes used to manipulate trusted interlocutors.
Automated attacks: Malicious scripts generated by AI models have been deployed to massively target known vulnerabilities in critical infrastructures.
Major Hacks of 2024: A dark year for several large organizations
In 2024, several attacks targeted major companies and institutions, causing significant disruptions:
Health insurance companies: Several insurers fell victim to targeted attacks, compromising the sensitive data of hundreds of thousands of policyholders. Cybercriminals exploited authentication system flaws to access critical databases, threatening to publish this information on the dark web.
Free: The French telecom operator suffered a massive attack that paralyzed several of its services for multiple days. Hackers used sophisticated ransomware to encrypt data in some internal systems, disrupting subscriber communications and exposing sensitive technical data.
Boulanger: The French retail chain was targeted by a cyberattack that compromised its stock management and payment systems. For nearly a week, several stores were unable to process online orders, causing significant financial losses.
These attacks illustrate how quickly cybercriminals can adapt, exploiting weaknesses in organizations of all sizes to achieve their objectives.
A call for a revision of defense strategies
In light of these developments, organizations must rethink their cybersecurity plans. This includes:
Strengthening employee training: Human error remains both the first link in the security chain and the most vulnerable.
Adopting advanced detection technologies: Solutions based on behavioral analysis and machine learning are critical allies.
Implementing regular testing: Attack simulations help identify weak points before they are exploited.
In short, the cyberattacks of 2024 remind organizations that cybersecurity is not a destination but a constantly evolving process. Anticipation and innovation must remain at the heart of strategies to confront ever more sophisticated threats.
3. AI: Between opportunity and the dark side of the force
The year 2024 marked a turning point in the adoption and integration of AI into cybersecurity. While this technology opens up vast possibilities, it also raises complex issues. AI now asserts itself as a central player, serving both as a defense tool and as a weapon in the hands of cybercriminals.
Threats amplified by AI
The use of AI by cybercriminals exploded in 2024, resulting in attacks of unprecedented precision and scale. Generative AI tools like FraudGPT or WormGPT enable the creation of phishing emails so convincingly realistic that they evade traditional filters and fool human targets. These tools also facilitate:
Creating adaptive malware capable of circumventing protection systems.
Carrying out vocal or video deepfakes, used to manipulate transactions or extort sensitive data.
Automating large-scale campaigns, reducing costs and increasing the success rate of attacks.
These innovations make cyberattacks not only more sophisticated but also more accessible to less organized or inexperienced groups.
AI as a Shield: Advances in defense
Faced with these threats, companies and institutions have also used AI to bolster their defenses. Behavioral detection systems, powered by advanced AI models, can identify anomalies in real time. Benefits include:
Analyzing massive volumes of data to detect early signs of attacks.
Automating responses to certain types of attacks, such as blocking suspicious connections or neutralizing malware.
Enhancing attack simulations to test and optimize defense systems.
However, these technologies remain imperfect. They still largely depend on human expertise to refine models, avoid false positives, and outsmart adversarial strategies.
Risks Linked to AI Use by Companies
While AI is a huge opportunity for businesses, its rapid integration also comes with new risks. Some organizations deploy AI without taking the necessary measures to protect their data and prevent abuses. Main dangers include:
Data leaks: AI models, especially those trained on sensitive data, may reveal confidential information if misconfigured or accessed without authorization.
Bias and systematic errors: Using poorly trained or biased models can compromise critical processes, from fraud detection to strategic decision-making.
Internal vulnerabilities: AI systems, if not properly secured, may become targets themselves for attackers seeking to manipulate or steal their functionalities.
These issues underscore the importance for companies to develop a rigorous approach to AI adoption, integrating both security and ethics.
Ethics and ISO 42001 standard
The rise of AI has also raised major ethical questions. In 2024, the ISO 42001 standard was widely adopted as a reference for responsible AI use. This standard provides clear guidelines:
Transparency: AI systems must be understandable and auditable by external experts.
Bias management: Specific methodologies must be applied to identify and correct biases in models.
Data protection: The standard enforces high standards to ensure the confidentiality of information used in model training and execution.
This standard offers a valuable framework to help organizations navigate a complex technological environment where innovation must be balanced by solid safeguards.
4. Lessons and perspectives for 2025
In 2024, the combination of growing cyber threats and strengthened regulations such as NIS 2 and DORA has transformed cybersecurity into a strategic concern. In 2025, companies will need to reinforce their governance, risk management, and compliance, while paying particular attention to supply chains, team awareness, technical security, and AI integration.
Governance must involve top management, which is responsible for defining and steering a clear cybersecurity vision. This requires structured policies, regular communication, and rigorous monitoring. In this context, ISO 27001 stands out as a sound and structuring approach for companies. It provides a rigorous framework for managing security according to specific issues, stakeholders, and identified risks. By aligning cybersecurity practices with a recognized methodology, ISO 27001 helps organizations effectively manage their asset protection strategies.
Risk management calls for constant vigilance, especially with regard to third-party suppliers. Supply chain security has become critical, as attackers often exploit weak links to circumvent large organizations’ defenses. In 2025, it will be essential to conduct regular audits of service providers, include strict contractual requirements, and actively monitor partner activities to spot abnormal behaviors.
Compliance is no longer a formality. Meeting the requirements of NIS 2, DORA, or the Cyber Resilience Act ensures not only legal compliance but also credibility and stakeholder trust.
Humans remain at the heart of the equation. Awareness and training must be deepened, as human error remains one of the main causes of incidents. Companies should ramp up simulation exercises—such as phishing campaigns, crisis tests, and hands-on sessions—to prepare teams for realistic scenarios.
Technical security calls for meticulous management of vulnerabilities. With attacks becoming ever faster, organizations will need to improve their real-time detection and response capabilities. This involves automated monitoring tools to identify known vulnerabilities, regular patching (or redeployment where possible), and penetration testing.
AI, for its part, is becoming an essential weapon in the fight against cyber threats. Systems dedicated to incident detection and analysis are improving thanks to machine learning, allowing faster identification of abnormal behavior and suspicious activities. By automating certain incident responses, AI enables real-time reactions, limiting the impact of attacks. However, companies must remain vigilant, as attackers also use AI to develop more sophisticated attacks, such as credible phishing campaigns or deepfakes targeting internal operations.
In 2025, having a strategic vision, robust technical resilience, and strong human commitment will enable organizations to turn constraints into levers for lasting security and competitiveness. Cybersecurity will no longer be just a priority, but an essential capability for anticipating future threats.
Comments