Attackers are shifting tactics, targeting mid-size companies and critical infrastructure sectors, while generative AI risks threaten to overshadow a focus on cyber hygiene.
Ransomware attacks continue to be one of the most significant cybersecurity threats organizations and cybersecurity leaders face. Attacks lead to wide-scale disruptions, large data breaches, huge payouts and millions of dollars in costs to businesses.
In response, large, coordinated law enforcement operations have targeted major ransomware groups and disrupted operations, dismantled data leak sites and seen the release of decryption keys.
However, the volume of attacks has risen, the number of reported victims continues to grow and like a hydra that sprouts new heads, the ransomware ecosystem has been reformed and continues operating, although some of the tactics are changing.
Here are five key insights CISOs need to know in 2025.
1. Too much focus on generative AI risks underestimating known threats
Generative AI tools such as ChatGPT continue to cause a stir in organizations and raise a host of security concerns. However, some incident data and threat analysis suggest security leaders need to remain vigilant about the evolution of traditional ransomware tactics.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825545/5-things-to-know-about-ransomware-threats-in-2025.html
CrowdStrike (Nasdaq: CRWD) today announced the findings of the 2025 CrowdStrike Global Threat Report, revealing a dramatic shift in cyber adversary tactics, with attackers leveraging stolen identity credentials, AI-generated social engineering, and hands-on keyboard intrusions to bypass traditional security measures. The report details a surge in identity-based attacks, the growing exploitation of cloud environments and an increase in nation-state cyber activity, particularly from China, which has intensified its targeting of critical industries such as finance, media and manufacturing. Now in its 11th annual edition, CrowdStrike’s definitive threat intelligence report provides an in-depth look at cybercriminal and nation-state adversary behavior.
Key Findings in the 2025 Report
The global cyber threat landscape has evolved rapidly, with adversaries becoming faster, stealthier and more sophisticated. A surge in Chinese cyber activity, the rise of hands-on keyboard attacks, and the widespread use of generative AI to enhance phishing and social engineering tactics have forced security teams to rethink their defense strategies.
According to CrowdStrike’s latest threat report, China’s cyber operations escalated significantly, with a 150% increase in attacks across all sectors in 2024 compared to the previous year. Certain industries, including financial services, media and manufacturing, saw spikes of 200-300%, marking a shift in China’s cyber strategy. CrowdStrike also identified seven new China-nexus adversaries, further contributing to the surge in espionage and cyber operations.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Enterprise security operations teams find themselves stretched thin and contending with an escalating cyber threat landscape today. Many are understaffed and underfunded, leaving CISOs on edge about the consequences for the enterprise — and their careers.
A recent survey from Adaptavist about fallout from last summer’s CrowdStrike outage found that two out of five (39%) IT leaders “warn that excessive workloads” could lead to a major incident for their companies. “The ongoing war for IT talent is likely exacerbating these issues,” the survey’s writers concluded.
John Price, CEO at Cleveland-based security firm SubRosa, underscored the reality many CISOs and their teams currently face.
“The sheer volume of alerts, coupled with the complexity of modern attack surfaces, has created a near-constant state of overwhelm for many security professionals,” he said. “We are operating still in a reactive security mindset. In some cases, a successful cyberattack can be the driving force behind getting the budget you need.”
Cutting (and delegating) workload bloat
Given this situation, security specialists encourage CISOs to consider new ways of engaging their overstretched teams — and helping them keep sharp.
One of the most effective ways to minimize security risk when working with suboptimal resources and people is to “strictly triage what your team is doing,” said Jim Boehm, an expert partner at consulting firm McKinsey.
“This would amount to robust demand management,” Boehm said, suggesting that team tasks that could be discarded could include architecture board review meetings and “chasing things for an internal audit.”
“Why have four or five people in an hour-long [review] meeting where they are just going to argue?” Boehm asked. “I would rather them review the security posture of a potential acquisition. It’s all about taking a risk-based look at everything, not just your assets and controls but what your people are doing.”
Boehm also suggested embracing the LOB dual-embedding mechanisms within DevSecOps. Ideally, that could help reduce security issues by training non-security colleagues in security thinking.
“Developers, for example, hate to be considered engineers. They hate constriction. They want to be artists [and deliver] no documentation,” Boehm said.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
