The FBI’s latest Internet Crime Complaint Center (IC3) data reads like a post-incident report too many CISOs recognize. In 2024 alone, reported cybercrime losses exceeded $16.6 billion, with phishing, business email compromise (BEC), ransomware, and network intrusions dominating both volume and impact. What’s changed is not attacker creativity—but how consistently they exploit trusted infrastructure.

Recent advisories from the Federal Bureau of Investigation highlight a pattern: attackers are no longer “breaking in” through exotic zero-days. They are logging in, often through perimeter devices and VPNs that organizations still implicitly trust. This is where the Fortinet story becomes impossible to ignore.

Multiple FBI and CISA alerts over the past two years have documented widespread exploitation of Fortinet FortiOS vulnerabilities—often months after patches were available. In real incidents, compromised FortiGate devices were used to establish persistent access, harvest credentials, and move laterally into email and financial systems. Once inside, attackers shifted seamlessly into BEC, extortion, or ransomware operations.

The FBI is explicit: perimeter compromise frequently precedes high-impact fraud. BEC alone has generated more than $55 billion in global losses since tracking began, and many cases trace back to VPN or firewall access that was never properly hardened. In short, identity abuse now matters more than malware detection.

The lesson for security leaders is uncomfortable but clear. Firewalls are no longer “defensive assets” – they are high-value targets. Patch latency, shared admin credentials, exposed management interfaces, and weak MFA controls turn trusted appliances into silent backdoors.

What CISOs should act on now

• Treat perimeter devices as Tier-0 assets: continuous patching, MFA everywhere, no internet-exposed management.
• Assume credential compromise after any edge vulnerability disclosure.
• Align IR plans with FBI guidance: isolate fast, preserve logs, secure backups offline, and report immediately.
• Replace implicit trust with verification—Zero Trust is no longer architectural theory, it’s fraud prevention.

FBI data doesn’t just quantify losses: it explains how organizations are losing. Fortinet incidents are not vendor-specific failures; they are warning signals. The perimeter is no longer the boundary. It’s the battlefield.

CISO Node takeaway: If your firewall is trusted more than your users, attackers will exploit that trust first.