The cyber threat landscape has changed dramatically over the past three years – and the source of further alarm is data from Unit 42, the threat analysis unit at Palo Alto Networks. Their research shows that the median time from compromise to data theft has dropped from nine days in 2021 to just two days in 2023.
It is worth highlighting the unit’s expert forecast that, by the end of 2025, some incidents could be completed in less than 30 minutes – representing a 100-fold increase in attack speed compared to three years ago.
In parallel, the tactics of attackers are changing. Today, up to 86 per cent of ransomware incidents end in significant business disruption – the target of the attack is no longer just data encryption, but a hit to reputation, customer relationships and business continuity.
A surprising, though confirmed by Unit 42, trend is also for encryption to be overlooked in around 10 per cent of cases – smash and grab attacks rely solely on the theft or deletion of data, based on the effectiveness of the threat of disclosure or permanent loss.
Behind the acceleration and escalation of attacks is, among other things, the growing use of artificial intelligence technology in phishing campaigns. By 2024, according to experts, as many as 83% of phishing messages will have used AI to some degree, and around 78% of recipients of such messages will have opened them – creating huge room for manoeuvre for attackers.
Additionally, a so-called ‘access-broker’ market is developing, where cybercriminals treat network entry as a commodity and the ‘ransomware-as-a-service’ model lowers the barrier to entry for new actors.
The economics of attacks have also been transformed: the median ransom demanded in 2024 reached ~US$1.25m – representing 2% of the victim’s estimated annual revenue. While negotiations typically result in reduced payments of up to ~US$267,500, the total cost of an incident – according to Unit 42 – reaches an average of US$4.91 million, especially when attackers gain access to supply chain partners and multiply the number of victims.
What does this mean from an IT organisation’s perspective? First and foremost: the traditional security approach, based on manual detection and response, no longer makes sense. Since attackers can compromise a system in an hour (or less), human-based defences without the support of automation and analytics can no longer keep up.
Automation, AI-based solutions and close human-machine collaboration are becoming a prerequisite for defence.
In practice, this means overhauling the security architecture: reducing the attack surface by rapidly deploying patches and reducing remote access (in 2023, exploitation of online vulnerabilities was the most common initial access vector – in ~38.6 per cent of cases), monitoring and analysing identity behaviour, network segmentation (‘least-privilege’), and implementing UEBA/ITDR tools to catch anomalous activity in real time.
The threat environment is shrinking in terms of response time – and the pressure on business is increasing. No longer are only the largest corporations at risk: the healthcare sector, energy, government departments or smaller companies with valuable data are attractive targets. For technology organisations, this means acting today – because tomorrow may be too late.
