The CrowdStrike Global Threat Report 2025 reveals a rapidly evolving cyber threat landscape, with significant improvements in adversaries’ speed and efficiency. Key findings include:
* A surge in social engineering attacks, including voice phishing (vishing), callback phishing, and help desk impersonation, which increased by 442% between the first and second halves of 2024.
* The rise of malware-free cyberattacks, where 79% of detected incidents were without malware, often relying on tactics like credential abuse and hands-on-keyboard attacks.
* A growing reliance on generative AI (GenAI) and large language models (LLMs) for phishing, business email compromise (BEC), and creating fraudulent personas, which achieved a 54% click-through rate.
To combat these threats, organizations must focus on enhanced security policies, multi-factor authentication (MFA), access controls, and robust identity management strategies. The report also highlights the need for:
* Strengthening cloud security protocols, particularly through MFA and thorough audits of third-party vendor data and access.
* Embedding incident response readiness and supply chain security requirements in third-party contracts.
* Maintaining continuous cybersecurity awareness training, with an emphasis on social engineering and vishing.
The report’s key recommendations include mandating phishing-resistant MFA, proactively auditing user permissions, requiring robust vendor security assessments and certifications, and integrating real-time threat intelligence into compliance programs.
Source: https://www.morganlewis.com/blogs/sourcingatmorganlewis/2025/08/key-takeaways-from-the-crowdstrike-global-threat-report-2025