Let’s talk security and where to focus your attention.
Companies overestimate their cyber resilience, with many unable to meet business recovery goals after ransomware attacks. A survey revealed that nearly 70% of IT leaders paid ransoms despite policies against it, and almost half needed over six days to recover core processes. While 80% express confidence in their resilience strategies, actual recovery times often exceed expectations, highlighting a significant disconnect between perceived and actual capabilities.
Tenable’s research indicates that only 3% of vulnerabilities pose significant cybersecurity risks, highlighting the need for organizations to adopt a proactive defense strategy. The study utilizes the Vulnerability Priority Rating (VPR) model to prioritize vulnerabilities, revealing that those with a VPR above 9.0 are high-priority targets. This approach aims to help cybersecurity teams focus on the most dangerous threats rather than being overwhelmed by fragmented data.
Research indicates that most ransomware attacks occur between 1 a.m. and 5 a.m., taking advantage of off-duty security professionals. Global ransomware incidents rose by 33% over the past year, with significant increases in the U.K. (67%) and U.S. (63%). Smaller ransomware groups are becoming more active, with their share of attacks rising from 25% to 31%. The services industry is the most targeted, while the U.S. accounts for nearly half of all attacks globally. Attackers increasingly use living-off-the-land techniques to evade detection, resulting in faster attack timelines.
Online scam cycles have become shorter and more effective, with 43% of scam revenues tracked by Chainalysis sent to newly active wallets, indicating a rise in new scamming campaigns. The average duration of scams has decreased from 271 days in 2020 to just 42 days in 2024. Scammers are shifting towards smaller, targeted operations, quickly discarding old infrastructure to evade detection, which is seen as more profitable and less risky than larger schemes.
The ‘2024 Unit 42 Attack Surface Threat Report’ by Palo Alto Networks reveals that critical sectors like insurance, pharmaceuticals, and manufacturing face evolving cybersecurity threats, particularly AI-driven attacks. Key findings include an average of over 300 new services added monthly, high-risk exposures primarily in IT infrastructure, and significant vulnerabilities in remote access and business operation applications. The report emphasizes the need for AI-driven tools for continuous asset discovery and monitoring to maintain visibility and mitigate risks as digital transformation accelerates significantly.
Why do we care?
IT service providers and cybersecurity professionals should focus on real-world incident recovery testing, prioritized vulnerability management, and around-the-clock protection against ransomware and other evolving threats. AI will be both the adversary and the solution, and businesses that embrace proactive, AI-driven tools will be better positioned to mitigate risks as the digital landscape grows more complex. Being good at the basics – being ready for incidents, keeping a regular rhythm of updates – will make all the difference. And most are not doing this well.

