In today’s rapidly evolving digital landscape, cyber threats continue to pose significant risks to your business. This report provides valuable insights into the current threat environment. Here’s what business leaders need to know.
(CyberCX Digital Forensics and Incident Response (DFIR) 2025 Threat Report)
The threat landscape is deteriorating
According to Hamish Krebs, Executive Director of DFIR at CyberCX, “The global cyber threat landscape has continued to deteriorate over the past 12 months and adversaries have evolved their tactics and upped the tempo of attacks.” This means businesses must remain vigilant and prepared.
Who is being targeted?
The healthcare sector faced the most incidents (17%), followed by financial services and insurance (11%), and education (8%). However, businesses across all industries experienced attacks, highlighting that no sector is immune.
Most common attack types
The report identifies three primary attack categories that businesses should focus on:
Business email compromise (BEC) – The most common incident type (28%), where attackers gain access to email accounts, typically through phishing. A particularly concerning trend shows 75% of BEC incidents now involve session hijacking techniques that bypass multi-factor authentication (MFA).
Unauthorised access – Accounting for 25% of incidents, this involves malicious actors gaining access to networks without necessarily causing immediate harm, often serving as reconnaissance for future attacks.
Cyber extortion – Making up 22% of incidents, this includes ransomware attacks and data theft where criminals threaten to release sensitive information unless paid.
How attackers are adapting
The report reveals several evolving tactics:
Beyond MFA: Attackers are increasingly using sophisticated phishing kits that can bypass MFA through session hijacking. This means businesses can’t rely solely on MFA for protection.
Longer undetected access: Espionage-oriented attacks went undetected for an average of 404 days, compared to just 24 days for financially motivated incidents. This gives attackers a lot of time to review and steal sensitive data.
Legitimate tools being misused: Rather than using obvious malware, attackers are increasingly utilising legitimate remote management tools that businesses commonly use, making detection more difficult.
Essential security measures for 2025
So, how do you protect your business?
Know your threats: Understand who is likely to target your organisation and how they might do it.
Configure security technologies properly: Simply having security tools isn’t enough—they must be correctly configured and monitored.
Control access: Apply the principle of least privilege. Limit access to those who don’t need it and know who is logging in to your systems.
Monitor for unusual activity: Implement systems that detect abnormal behaviour in your networks.
Test your defences: Regularly check for weaknesses in your security posture through vulnerability assessments and penetration testing.
Have an incident response plan: Prepare for security incidents before they happen by developing clear procedures for response and communication.
TL;DR
Cybercriminal tactics are becoming more organised and sophisticated.
Cyberattacks can significantly impact your bottom line and reputation.
Cyberattacks will affect your business at some point, sooner if you are in health, finance or insurance.
Cybersecurity needs to be ‘moved left’ in terms of business priority.
Protecting your business doesn’t need to feel overwhelming with a trusted cybersecurity partner (that’s us 🙂