BY Richard Summerfield

An increasing number of attacks on critical infrastructure, a surge in phishing and record-breaking vulnerability disclosures are among the challenges facing companies operating today, according to a new report from critical infrastructure cyber security firm OPSWAT.

The report, OPSWAT’s inaugural Threat Landscape Report, reveals key findings from over 890,000 sandbox scans conducted over the past 12 months.

Among the key highlights within the report is the global cost of cyber crime, which is projected to reach $1.2 trillion in 2025, with downtime and lost productivity representing up to $1 trillion of that total. The report also highlighted a 127 percent rise in malware complexity and warns that traditional detection methods are falling behind, with one in 14 files initially deemed ‘safe’ by legacy systems later confirmed to be malicious. According to OPSWAT, the results underscore the need for multilayered defences and a shift away from outdated tools.

Attacks on operational technology (OT) and critical infrastructure have continued their upward trajectory in 2025. Sectors such as manufacturing, energy and utilities remain at the forefront of threat actor targeting, with financial and espionage motivations both in play. Ransomware remains one of the most prominent threats, featuring in 44 percent of all breaches across sectors and accounting for 75 percent of breaches within the system intrusion pattern. Vulnerability exploitation has also risen sharply as an initial access vector, with attackers particularly focusing on edge devices, firewalls and VPN services.

The report also made note of the surge in malware sophistication which is being driven by multi-stage execution chains and heavy obfuscation, with 7.3 percent of files missed by public OSINT feeds flagged as malicious by Filescan.io, on average 24 hours earlier. These were confirmed executions, not speculative flags, highlighting how adaptive analysis can close dangerous gaps left by static and reputation-based systems.

According to the report, malicious actors are increasingly favouring stealth over scale, concealing payloads in formats such as .NET bitmaps and steganographic images and repurposing Google services for covert command-and-control activity. Social engineering tactics are also evolving, with methods such as ‘ClickFix’ – a clipboard hijacking technique – becoming more widespread, with such attacks enjoying a bump in popularity among both criminal and nation-state actors.

Heightened regulatory scrutiny is also having an impact as it intensifies, particularly in the EU through the Network and Information Systems Security Directive 2, or NIS2, and the Cyber Resilience Act, and in North America, which is driving mandatory reporting and resilience requirements for critical infrastructure. As a result, the cyber security market itself is projected to grow at a 12.6 percent compound annual growth rate, reaching $301.9bn in 2025.

According to OPSWAT: “As critical infrastructure, government systems, and enterprise networks face growing targeting from increasingly modular and evasive malware, the findings of this report spotlight the evolving adversary playbook and the need for integrated, multilayered solutions. Cybersecurity leaders must now prioritize adaptability, shared intelligence, reassessing technology, and fast behavioral detection pipelines to protect systems from known threats, but also to keep pace with a rapidly evolving threat landscape and whatever is on the horizon.”

Report: 2025 OPSWAT Threat Landscape Report

BY Richard Summerfield

Cyber insurance should form the backbone of a cyber security strategy, according to a new report from At-Bay.

According to the report, which surveyed security decision makers in the US, Canada and Europe, Middle East, and Africa (EMEA), cyber insurance is now seen as a best practice by many businesses, with 72 percent of respondents considering it ‘critical’ or ‘important’ to their organisation.

Furthermore, 43 percent of respondents noted that cyber insurance requirements are a significant driver of their cyber security spending. This figure rises to 52 percent among the largest organisations.

“We believe an important finding from this report is that there’s a large number of organizations that should consider partnering with a cyber insurance provider to help drive cybersecurity maturity,” said Andrew Braunber, an analyst at Omdia. “There can be upside for enterprises in aligning proactive cybersecurity spending with cyber insurance requirements, with an even more powerful emerging option to partner with an InsurSec provider to optimize risk reduction and technology performance. These relatively new entities combine cybersecurity products and services with insurance offerings to offer a wider scope of prevention and protection.”

There has been significant growth in the number of businesses of all sizes when it comes to prioritising proactive security solutions that help identify and mitigate potential threats. Over the last 12 months, more than 70 percent of respondents increased their spending on proactive security solutions.

Yet, despite the increase in the use of cyber insurance and its burgeoning impact on security decisions, only 13 percent of respondents said they were working ‘proactively’ with their cyber insurance provider to reduce cyber risk. By contrast, 33 percent of respondents said they were taking preventive measures with support from their cyber insurer.

Worryingly, proactive collaboration is even lower in critical infrastructure sectors, where cyber risks could have broader societal impacts. For example, only 4 percent of manufacturing companies, 7 percent of energy, utility and transportation companies, and 8 percent of healthcare companies reported proactive engagement with their cyber insurance providers.

“Cyber insurance has emerged as a critical pillar to building a proactive cybersecurity strategy as it enables companies to complete their risk mitigation,” said Thom Dekens, chief business officer at At-Bay and general manager of At-Bay Security. “Additionally, insurance providers with significant in-house cybersecurity expertise can provide huge business value to their customers, closely partnering with them to make informed decisions about their technology strategies and also improve their risk outcomes throughout the policy year.”

Report: InsurSec Can Drive An Effective Proactive Security Strategy

BY Richard Summerfield

Cloud services, infrastructure and applications are the primary subjects of cyber attacks, according to the 2024 Thales Cloud Security Study.

The report, which surveyed nearly 3000 IT and security professionals across 18 countries in 37 industries, found that cloud security spending now tops all other security spending categories. This is particularly concerning given that 47 percent of all corporate data stored in the cloud is sensitive. Of those companies surveyed, 44 percent have experienced a cloud data breach - 14 percent in the past year.

According to the report, nearly half of organisations believe it is more difficult to manage compliance and privacy in the cloud compared to on-premises. Thirty-one percent recognise the importance of digital sovereignty initiatives as a means of futureproofing their cloud environments.

“The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies,” said Sebastien Cano, a senior vice president at Thales. “However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”

The report also noted that among the targeted cloud resources, 31 percent are software as a service (SaaS) applications, 30 percent are cloud storage and 26 percent are cloud management infrastructure.

Human error and misconfigurations occurred in 31 percent of breaches, making this the top root cause. That figure was significantly lower compared to last year’s report, where 55 percent of cloud incidents were caused by human error. Exploitation of known vulnerabilities was the next highest root cause of cloud breaches, accounting for 28 percent, up seven percent compared to Thales’ 2023 report. Exploitation of previously unknown vulnerabilities and zero days accounted for 24 percent of breaches. Failure to use multi-factor authentication (MFA) was another significant cause of cloud breaches, identified in 17 percent of cases.

External attackers, including cyber criminals, hacktivists and nation-state actors, as well as malicious insiders, are also the driving force behind many cloud security breaches.

Sixty-five percent of respondents identified cloud security as a current concern, and cloud security was the top category of security spending, reported by 33 percent of all respondents.

Report: Thales 2024 Cloud Security Study

BY Richard Summerfield

Cyber criminals are deploying new and innovative lines of attack in addition to modified versions of existing methods, according to Verizon’s 2024 Data Breach Investigations Report.

According to the report, which analysed more than 30,000 real-world security incidents, including a record high of just over 10,000 confirmed data breaches, spanning 94 countries, the three most popular vectors for data breaches were unauthorised uses of web application credentials, email phishing and exploiting vulnerabilities in web applications, when excluding errors and misuse, typically honest mistakes by employees.

Attacks utilising the exploitation of vulnerabilities were up 180 percent, according to the report. This increase comes as no surprise given the mass exploitation of the MOVEit zero-day vulnerability and other similar vulnerabilities. Primarily, these attacks utilised ransomware and other extortion-related threat actors, and the main entry point was web applications. Attacks involving ransomware or extortion have seen considerable growth over the past year, accounting for 32 percent of all breaches.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, senior director of cybersecurity consulting at Verizon Business.

The human element also had a substantial hand in the number of recorded breaches. Sixty-eight percent of breaches involved a non-malicious human element. Accordingly, the onus remains on organisations to improve security awareness among their employees in order to reduce the impact of breaches. The report explains that the most common causes of breaches involving a non-malicious human element are someone falling victim to a social engineering attack or someone making a mistake.

“In either case, these could have been mitigated by basic security awareness and training. This is an updated metric in the report (we would previously include malicious insiders), and it is roughly the same as the previous period described in the 2023 DBIR,” Verizon added.

Report: 2024 Data Breach Investigations Report