Data & research · 2 MIN READ · AARON WALTON · FEB 4, 2025 · TAGS: Get technical / Phishing / Resource / Threat hunting / Vulnerability management
TL;DR
- Expel’s latest Annual Threat Report is live, covering cybersecurity threat insights and recommendations from, by, and for our customers and community
- It includes resilience recommendations based on what’s worked for our customers, so you don’t have to solve problems we already have
- The report includes data from our customer base, backed by industry trends and research
What is the Annual Threat Report?
Our 2025 Annual Threat Report takes a full year’s worth of data from our SOC and shapes it into trends, insights, and resilience recommendations. While this is common across the industry, our version spans incidents across 125+ tools, and covers security for endpoint, cloud, network, identity, SaaS, and more—because we secure all of it.
And the actionable insights you’ll find throughout the report aren’t just educated guesses. They’re tried-and-true, tested solutions we’ve already implemented for our customers as we navigated these trending challenges throughout 2024.
Cybersecurity is a team sport, so this report is our way of making sure we’re learning and growing together with lessons learned from, by, and for our customers and community.
Top takeaways from last year
So, what did the data tell us? Here’s a preview:
- Identity-based incidents are, again, primarily what our SOC investigated, but these attacks continued to rise YoY, up 4% from 2023. This is a trend that remains the same year after year, so it’s critical that securing identity is a top security goal regardless of your organization’s size or industry.
- 86% of cloud incidents targeted AWS, down from 2023, hinting at increased targeting of other cloud platforms. This is likely only due to the increase in identity incidents, but it’s also important to know incident percentages for other cloud platforms—while low—are increasing as well. This signals attackers are getting more familiar with all cloud platforms, and are finding they’re worthwhile targets, too.
- While extortion emails make up a small amount of phishing investigations, incidents have increased drastically. Extortion phishing is worth being aware of, even at such a small percentage, because the intention behind it drives an attacker’s persistence.
- Infostealer malware’s popularity doubled, and the use of initial access tool (IAT) malware halved. This shift in malware types is critical because the different approaches require different defenses—including proper education for employees on what each scenario looks like.
Looking ahead to 2025
While covering data from last year, this report is meant to bolster your security strategy for this year. It includes sections on how to protect your org against specific types of threats, as well as predictions from our Expel experts on what else they’re expecting in the coming year.
Here’s just one of those thoughts:
“Protection against identity threats will remain the single most important part of most companies’ security posture. Attacks will continue increasing in sophistication and speed, especially powered by artificial intelligence, which is aiding attackers to carry out tried and true methods more efficiently. This will only exacerbate onboarding and hiring fraud as a significant problem for most companies, especially those with large remote workforces. Validating and revalidating the identity of authorized users, especially for third- and fourth-party providers, will be a continued challenge. The rise of deepfakes and generated identities will also make identity adjacent security technologies critical.”
Greg Notch, Chief Security Officer, Expel
Ready to download the full report and dive into the data? Get your copy here now.