IBM produces two reports every year focused on cybersecurity: the X-Force Threat Intelligence Index and the Cost of a Data Breach Report. Both are invaluable sources of data for anyone interested in cybersecurity.
The first of these reports, the Threat Intelligence Index, was released on April 17th. While I have not digested everything it contains, several key trends or statistics immediately stood out to me, and I thought would make a good topic for this week’s article.
First, I thought it useful to provide an overview of the IBM X-Force Threat Intelligence Index. The report aims to document how “threat actors get in, what they do when they’re in, and the impact caused by each breach,” with insights gathered from IBM’s team of analysts, hackers and subject matter experts.
As always, this year’s report held some compelling insights into the state of the cybersecurity discipline and the strategies being employed by threat actors globally.
Originally published on LinkedIn: https://www.linkedin.com/pulse/ibm-x-force-threat-intelligence-index-2025-initial-thoughts-hogan-7vipe/?trackingId=ST5NsJfES5%2B%2Fdri4dVRW4w%3D%3D
My key takeaways
Securing Identities is Key
Let me start with one of my favourite (or least favourite, depending on your viewpoint, I suppose) topics: identity. The IBM team discovered that some 30% of intrusions are identity-based attacks. This is seemingly fuelled by increased phishing-based attacks aimed at stealing valid identities.
Multi-factor authentication (MFA) is one way organisations can protect themselves from this type of attack. However, MFA alone is not 100% proof against identity-based attacks. As the report notes, cases of Infostealer malware and credential theft activities are on the rise, which may be “helped” by attackers’ adoption of generative AI tools.
Consider Identity tooling optimisation
Related to Identity (but could be applied to other areas as well), having a consistent tooling strategy and reducing the number of third-party tools/providers in this area can help organisations manage their identities more efficiently and securely.
Ransomware trending downwards???
This one surprised me a little, in that reported cases of ransomware malware was at 28%, and made up 11% of response cases, a downward trend compared to the last few years. I was not expecting that statistic, as anecdotally, ransomware still seems to dominate a lot of the conversations I have had over the last year, including at the UK Cyber Week Expo last week (at the time of writing).
I suspect this is partly due to the defensive tools and strategies organisations employ to counter this threat and to more effective policing, both locally and on a global level. However, the report highlights that intelligence gathered on the dark web reveals an increase in ransomware-based activity, which seems at odds with what we see in the wild, so to speak.
One area I had not considered in the past was that historically, most ransomware malware was focused on Microsoft Windows-based systems, which makes sense for several reasons. However, it appears that Linux systems are being targeted more frequently, and there is an increase in multi-platform/OS attacks.
AI-assisted attacks are gaining traction.
Whilst not at the level most people anticipated, threat actors are starting to incorporate AI tooling/approaches into their strategies, including the predicted use in phishing campaigns, malicious code creation, etc. It isn’t easy to see if this has had any significant impact yet. The report highlights that the share of successful phishing compromises has declined to 25%, which may indicate the adoption of more effective security tools, better awareness and training or other factors. The flip side may be that successful phishing attacks may be even less frequent without the attackers adopting Generative AI tools.
Cloud adoption is enabling attacks at scale.
One of the benefits of the cloud in general is the ability for organisations to scale and offload services to a trusted third party. Threat actors are aware of this and are leveraging the same capability to launch larger campaigns, especially phishing-based attacks. This is partly due to the effectiveness of leveraging “trusted” URLS, domains, IP addresses, etc., and the ability to leverage someone else’s infrastructure to deliver the malware, making attacks more difficult to identify and remediate.
Another factor introduced by organisations adopting the cloud is that shared cloud infrastructure is becoming a tempting target for attackers, as this provides a common platform to target, and they can utilise the scale provided by the cloud providers to expand their range of targets.
Secure your organisation’s public-facing applications.
The final takeaway I will cover in this summary is that 26% of attacks target public-facing applications. This makes perfect sense to me for obvious reasons, as these applications are easier to access, relatively easy to scan for vulnerabilities, and usually offer a way to traverse to other internal systems (or offer a vector themselves in some cases).
In Conclusion
The constantly evolving cybersecurity landscape requires vigilance, adaptability, and constant innovation. Organisations must remain proactive as threat actors continue to refine their methods, from leveraging AI-assisted attacks to exploiting cloud infrastructure vulnerabilities. Strengthening public-facing applications, enhancing training and awareness, and employing advanced security tools are crucial to mitigating risks.
Get the report:
IBM at RSA
RSA kicks off on Monday (Sunday if you are attending any of the pre-show events) and IBM are hosting several sessions (and a booth) that may be of interest to attendees, including:
How Kraft Heinz Use AI and Collaboration to Transform Cybersecurity
Join Mark Hughes to hear how Kraft Heinz was able to reduce detection and response times by adopting a platformized approach, with the help of AI, automation, and IBM.
Securing your Data and AI estate with IBM and Microsoft
Join Molly Dery and Dinesh Nagarajan at Booth 5871 for a panel discussion on how IBM Consulting and Microsoft partner up to safeguard our clients’ AI operations amid an ever-increasing technological complexity and threat landscape.
Share the Future of Identity
Please join Molly Dery & Amit K Agarwal for a round table at the W on “Shaping the Future of Identity”.
Elsewhere on LinkedIn
Retaining and Preserving Microsoft 365 and Purview Forensic Logs and Insider Risk Evidence by Cyrus Irandoust
Unlock the Power of Gen AI in Software Development
Join Miha Kralj & Josh Sommer for an exclusive webinar where we explore the transformative power of generative AI in software development. Our experts will delve into how IBM Consulting and Microsoft are helping clients unlock a future of accelerated delivery, reduced costs, and improved product quality.
Johnny Shaieb on VulnWise
Cloudy with a Chance of Insights
In this week’s episode of ‘Cloudy with a Chance of Insights’, the hosts discuss various recent developments in the Microsoft Cloud, including the new Copilot Studio features. The conversation also touches on security vulnerabilities and the implications of the CVE program.
David Rowley, Cyrus Irandoust and myself share insights on navigating technology changes and the importance of data privacy. They explore the significance of Student Security Operations Centres (SOCS) in bridging the skills gap in cybersecurity education.
The discussion also delves into the rise of agentic AI in cybersecurity, highlighting its potential to enhance security measures and the implications of AI in the context of popular culture, particularly referencing the Matrix.
The Microsoft Cloud Blog 
Leave a comment