Cybersecurity is one of the most vital and dynamic domains in the digital era, as it deals with the protection of data, systems, and networks from various cyber threats. Read our blog for more.

Navigating the Evolving Cyber Threat Landscape

As cybercriminals grow bolder and more organised, the Australian threat landscape is entering a new era. If 2024 was the year of rising awareness, 2025 is shaping up to be the year where businesses must take meaningful action—or risk being left exposed.

The recently released CyberCX 2025 Digital Forensics and Incident Response (DFIR) Report gives us a detailed view of the cyber threats facing Australian organisations today. It’s not just another set of scary stats—it’s a practical warning, with real-world insights from one of the country’s leading cyber response teams.

We unpack the key findings of the report, what they mean for Australian businesses, and how you can turn this intelligence into action—today.

The State of Cyber Threats in 2025

The CyberCX DFIR 2025 Threat Report highlights several alarming trends in the cyber threat landscape. One of the most significant findings is the increasing sophistication of cyber adversaries. From financially motivated criminal groups to state-sponsored espionage actors, the range of threats is vast and varied. Here are some key insights from the report:

1. Data Theft and Ransomware: About 25% of data theft victims who did not pay a ransom never had their stolen data advertised on the dark web. This indicates that not paying a ransom does not automatically mean your data will be published. This finding underscores the importance of having strong data protection and incident response plans in place. Organisations should focus on preventing data theft through strong security measures and be prepared to respond effectively if an incident occurs.
2. Espionage: Espionage incidents had a much longer time to detect (TTD) compared to financially motivated incidents, with an average TTD of 403.8 days. This highlights the need for effective detection and monitoring systems. Espionage actors often aim to maintain prolonged access to their targets, making it essential for organisations to implement advanced threat detection solutions and conduct regular security assessments to identify and mitigate potential threats.
3. Phishing-as-a-Service (PhaaS): PhaaS kits are the most common successful credential access vector in Business Email Compromise (BEC) incidents. These kits provide low-skilled actors with the tools to conduct sophisticated phishing attacks. The commoditisation of cybercrime through PhaaS has lowered the barrier to entry for cybercriminals, making it easier for them to launch effective phishing campaigns. Organisations must invest in comprehensive phishing awareness training and deploy advanced email security solutions to combat this growing threat.
4. Endpoint Detection and Response (EDR): EDR doesn’t always stop cyber extortion, with 33% of victims having EDR products that were poorly configured or not properly monitored. This finding highlights the importance of not only deploying EDR solutions but also ensuring they are correctly configured and continuously monitored. Regular reviews and updates to EDR configurations can help organisations maintain effective protection against cyber extortion and other threats.

Key Strategies for Cyber Defence

To navigate this challenging landscape, businesses must adopt a proactive and comprehensive approach to cybersecurity. Here are some key strategies based on the findings from the CyberCX report:

1. Implement Phishing-Resistant MFA Solutions: With 75% of BEC incidents involving session hijacking, it is crucial to implement phishing-resistant multi-factor authentication (MFA) solutions. Hardware security keys and other advanced MFA methods can provide an additional layer of protection. Organisations should also consider implementing conditional access policies to further enhance their security posture.
2. Enhance Phishing Awareness Training: The best defence against phishing attacks is an informed and vigilant user base. Regular security and phishing awareness training can help employees recognise and respond to phishing attempts. Training programmes should be tailored to the specific needs of the organisation and include simulated phishing exercises to test and reinforce employees’ knowledge.
3. Conduct Strategic Threat Assessments: Understanding whether your organisation might be a target for espionage or other advanced threats is essential. Strategic threat assessments and red teaming engagements can test your defences and identify vulnerabilities. These assessments should be conducted regularly and include a thorough review of the organisation’s security posture, threat landscape, and potential attack vectors.
4. Ensure Proper EDR Configuration: Simply deploying EDR solutions is not enough. Ensure that your EDR products are properly configured and monitored across your entire organisation. Regular reviews and assessments can help maintain their effectiveness. Organisations should also consider implementing application control and allow listing technologies to further enhance their security.
5. Monitor for Anomalous Behaviour: Continuous monitoring for anomalous behaviour in your email environment and other critical systems can help detect and respond to threats more quickly. Implementing data retention policies can also limit the impact of a compromised mailbox. Organisations should leverage advanced monitoring tools and techniques, such as behavioural analytics and machine learning, to identify and respond to potential threats in real-time.

Additional Recommendations

To further strengthen your organisation’s cyber defences, consider the following additional recommendations:

1. Develop a Comprehensive Incident Response Plan: Having a well-defined incident response plan is crucial for effectively managing and mitigating the impact of cyber incidents. The plan should outline the roles and responsibilities of key personnel, communication protocols, and steps for containment, eradication, and recovery. Regularly test and update the plan to ensure it remains effective.
2. Invest in Cyber Threat Intelligence: Leveraging cyber threat intelligence can provide valuable insights into emerging threats and help organisations stay ahead of adversaries. Threat intelligence can inform security strategies, enhance threat detection capabilities, and support proactive defence measures.
3. Implement Network Segmentation: Network segmentation can limit the spread of malware and reduce the impact of cyber incidents. By dividing the network into smaller, isolated segments, organisations can contain threats and prevent them from moving laterally across the network.
4. Strengthen Third-Party Risk Management: Third-party vendors and partners can introduce additional risks to an organisation’s security. Implementing a robust third-party risk management programme can help identify and mitigate these risks. Regularly assess the security posture of third-party vendors and ensure they adhere to your organisation’s security standards.
5. Adopt a Zero Trust Security Model: The Zero Trust security model assumes that threats can exist both inside and outside the network. By adopting a Zero Trust approach, organisations can enforce strict access controls, continuously monitor user activity, and verify the identity of users and devices before granting access to resources.

Conclusion

As we move into 2025, the cyber threat landscape will continue to evolve, presenting new challenges for businesses. By staying informed about the latest trends and adopting a proactive approach to cybersecurity, organisations can better protect their digital assets and ensure their resilience against cyber threats.

Contact Care IT today to safeguard your business with tailored data backup and recovery solutions before disaster strikes.