Fighting 2025 threats with 2015 tools is a losing battle. Last year showed us what fails, what survives, and what must change now.
Dear readers,
Security theater ≠actual security.
‍
2025 was yet another wake-up call - a pretty direct shot in the face of every organization that thought their firewall from 2015 would save them.
‍
AI went from being a buzzword in boardroom presentations to an easy & accessible weapon for both attackers and defenders. Nations finally became more serious regarding technology, healthcare systems got hammered, more and more attacks launched and yet, somewhere, a CISO is still explaining to their CEO why “we’ve always done it this way” isn’t a security strategy.
‍
Here’s the uncomfortable truth: most organizations are fighting 2025 threats with 2015 tools. And it’s costing them everything.
‍
‍
Very in short:
‍
Bybit
In February, the Lazarus Group - North Korea’s state-sponsored hacking collective - pulled off the largest cryptocurrency theft in history, stealing $1.447 billion worth of Ethereum. The FBI attributed it to North Korea within days. Bybit offered a 10% reward for recovered funds, but the damage was done.
→ over 596 suspicious domains detected targeting Bybit customers.
‍
Microsoft SharePoint Zero-Days
Chinese state-linked hackers exploited two critical vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in what the cybersecurity community dubbed “ToolShell.” They owned the systems. US government agencies, critical infrastructure operators, and global companies all fell victim. Microsoft released a patch in July, but by then 396 SharePoint systems had already been compromised. Singapore’s situation was so dire they called in military units to combat the attacks.
‍
Jaguar Land Rover
“the most economically damaging cyberattack to hit the United Kingdom in history.” A September hack did more than stealing data - it delayed car production for months. The cascading effect hit JLR’s suppliers across the UK so hard that some went out of business entirely. The UK government had to step in with a £1.5 billion bailout just to ensure employees and suppliers got paid during the shutdown.
This attack proved something critical: disruption is often more valuable to attackers than stolen data.
‍
Coupang
Asia’s version to Amazon, demonstrated how important detection speed is. Data was stolen for five months - June through November - before anyone noticed. By the time they discovered it, 33 million customers’ personal information had been compromised. The breach was so damaging to customer trust that it led to the CEO’s resignation.
South Korea as a whole had a nightmare year, experiencing a major data breach every single month in 2025.
‍
China’s Surveillance Leak became the largest known data breach in the country’s history - over 4 billion user records from WeChat, Alipay, and other major platforms. The data appeared specifically designed for mass profiling and surveillance. The origin? Still unknown.
‍
Iran’s Bank Sepah lost 42 million customer records (approximately 12 TB of data) in March to a hacker collective called “Codebreakers.” They demanded $42 million in Bitcoin. When the bank ignored them, they released portions of the dataset. This represented one of the largest cyberattacks targeting a financial institution in 2025.
‍
Have you observed an overall pattern?
Attackers aren’t just breaking in anymore. They’re staying for months, taking everything, causing maximum disruption, and organizations only discover the breach when it’s unfortunately too late.
‍
‍
Organizations faced an average of 1,876 cyberattacks in Q3 2024 - a 75% year-over-year increase that accelerated into 2025. Ransomware attacks against critical infrastructure alone rose by 34% in 2025 compared to the previous year.
‍
AI-powered attacks are scaling at terrifying rates. Phishing attacks skyrocketed by 4,151% since ChatGPT’s public release. AI-generated phishing emails now achieve a 54% click-through rate compared to just 12% for traditional phishing. Think about that. More than half of people can’t tell the difference between a real email and an AI-generated fake.
‍
Healthcare got absolutely destroyed. 93% of US healthcare organizations experienced an average of 43 cyberattacks over the past year. A 76% rise in targeted AI attacks in 2025, largely due to automated ransomware deployment.
‍
The average data breach now costs $4.9 million - a 10% increase from the previous year. Healthcare breaches cost even more at $9.77 million on average. By 2027, cybercrime is projected to cost the global economy $24 trillion. Not billion. Trillion.
‍
‍
Not enough, but the work is in progress.
‍
Organizations are finally waking up to Zero Trust architecture. As of 2025, over 86% of organizations have begun moving to Zero Trust. The zero-trust security market reached $38.37 billion in 2025 and is projected to hit $86.57 billion by 2030. Companies that complete all Zero Trust pillars are two times less likely to report security incidents.
‍
AI-powered defense tools are getting better. Companies consistently using AI and automation in cybersecurity save an average of $2.2 million compared to those that don’t. The generative AI cybersecurity market is expected to grow almost tenfold between 2024 and 2034. AI can automate 71% of security analyst tasks, freeing up human experts to focus on what actually matters.
‍
Multi-factor authentication, when actually implemented, blocks over 99% of identity-based attacks. It’s not rocket science. Yet so many breaches in 2025 - including major ones - happened because organizations skipped it.
Law enforcement had some wins. Interpol’s “Operation Serengeti 2.0” in August led to the arrest of over 1,200 alleged cybercriminals across 18 African countries and the UK. Authorities disrupted tens of thousands of scams and recovered nearly $100 million. Nigeria deported over 100 convicted foreign nationals, including 50 Chinese citizens, in a crackdown on one of the country’s largest foreign-led cybercrime syndicates.
‍
‍
The future of cybersecurity isn’t about having the biggest firewall or the most expensive security operations center. It’s about becoming less of a target by integration the right processes, understanding your systems & speed.
‍
By 2028, 45% of organizations are projected to use fewer than 15 cybersecurity tools, compared to just 13% in 2023. Why? Because AI needs data, and fragmented systems create blind spots.
‍
AI vs. AI warfare is the new normal. By 2026, the majority of advanced cyberattacks will employ AI to execute dynamic, multilayered attacks that adapt instantaneously to defensive measures. Success will depend on who has better AI, better data, and faster response times.
‍
Regulatory pressure is intensifying. The EU Cyber Resilience Act, US critical infrastructure mandates, and similar regulations worldwide are forcing organizations to adopt Secure by Design practices and timely incident reporting. Compliance is becoming a mandatory part of the game.
‍
IAM is finally being taken seriously. As people working remote is getting more popular and cloud adoption accelerating, organizations are embedding security into identity and access management from the ground up. AI-driven identity governance monitors user behavior in real-time, enforces risk-based access controls, and detects anomalies before they escalate.
‍
‍
Let’s talk about what the industry reports won’t tell you.
‍
Security is still treated as a cost rather than a business enabler. Despite all the talk about “security by design” and “shifting left,” most organizations still add security on at the end. Only 28% of companies embed security controls in transformation initiatives from the start.
‍
The talent shortage is getting worse. 83% of executives cite workforce limitations as a major barrier to maintaining a secure posture. With an estimated 4.8 million cybersecurity positions unfilled worldwide, organizations are stretched thin. AI can help, but it can’t replace human expertise entirely.
‍
Most boards don’t understand cybersecurity. They see it as an IT problem, not a business risk. Only 73% of Reinvention-Ready Zone organizations ensure board-level cybersecurity accountability. For everyone else? Security decisions are made three layers down from where they should be.
‍
Speed is still prioritized over security. Spending on generative AI initiatives was 1.6 times higher than security budgets in 2024. By 2025, that gap widened to 2.6 times. Organizations are building AI systems on insecure foundations, treating security as an afterthought. This is how breaches happen.
‍
Legacy thinking is killing organizations. The “that’s how we’ve always done it” mentality doesn’t work when threats evolve daily. Static defenses are useless against dynamic, AI-powered attacks. Yet many organizations are still operating like it’s 2015.
‍
‍
After analyzing hundreds of attacks, dozens of reports, and countless security frameworks, here’s what actually moves the needle:
‍
Treat cybersecurity as a business imperative, not an IT problem. Make AI security a C-suite priority with clear accountability. When security is embedded in strategic decision-making from the start, organizations are 69% less likely to experience advanced attacks.
‍
Implement Zero Trust like you mean it. Not as a checkbox or as a project. As a fundamental shift in how you think about access, identity, and trust. Organizations that fully implement Zero Trust see incident rates drop from 66% to 33%.
‍
Embrace AI for defense, not just for innovation. Use AI-powered threat intelligence, anomaly detection, and automated response. But do it thoughtfully. Understand both the benefits and risks. Adjust your threat models accordingly.
‍
Fix the basics. Multi-factor authentication. Encryption. Patch management. Access controls. The Coupang breach lasted five months. The SharePoint vulnerabilities were exploited because organizations didn’t patch fast enough. Sophisticated AI tools won’t save you if your fundamentals are broken.
‍
Build security into procurement and vendor management. Your security is only as strong as your weakest vendor. Require transparent AI security controls, enforce contractual security commitments, and conduct independent audits. The supply chain is where attacks are increasingly happening.
‍
Invest in people, not just tools. Upskill your security teams. Implement AI-specific training. Foster a security-conscious culture across the organization. Cybersecurity is a whole-of-organization responsibility, not just the CISO’s problem.
‍
‍
Here’s what I believe: security is at a turning point.
‍
It can definitely be overwhelming to make sure your organization is secure, especially when the ROI can sometimes only be seen in retrospective after an attack. We know humanity is not the best at prevention in general, but I strongly believe we are improving on this note.
‍
Here’s the opportunity: those that reach the Reinvention-Ready Zone see 1.6 times higher returns on AI investments, 1.7 times reduction in technical debt, and 1.6 times greater improvement in customer trust.
‍
The game will change when we stop treating security as a checkbox and start treating it as what it actually is - the foundation everything else is built on.
‍
Stay secure,
A
‍
If this article resonated with you, share it with someone who needs to hear it. If you’re a CISO or security leader struggling with these challenges, you’re not alone. The industry is changing faster than most organizations can keep up. But change is possible - it just requires honest conversations, real commitment, and the courage to challenge “how we’ve always done it.”
‍
Want to explore how to build real security resilience? Let’s talk.
https://calendly.com/stefan-artifactsecurity
‍
Primary Research Reports:
2025 Major Cyberattacks & Breaches:
Ransomware & Critical Infrastructure Attacks:
Cyberattack Statistics:
Healthcare Cybersecurity:
AI Threats & Defense:
Global Cybercrime Costs:
Zero Trust & Defense Technologies:
Regulatory Framework:
‍