Data breach speed tripled compared to 2021, study shows

A Unit 42, the cybersecurity threat research unit of Palo Alto Networks, today released its Global Incident Response Report 2025Revealing that 861 of the main cybersecurity incidents in 2024 resulted in operational disruption, reputational damage, or financial losses. 

The report, based on the response to 500 major incidents in 38 countries and across all sectors of the economy, highlights a new trend: financially motivated criminal groups have begun prioritizing deliberate damage, destroying systems, blocking clients, and causing prolonged disruptions to maximize impact and pressure victims into paying ransoms.

The speed, sophistication, and scale of attacks have reached unprecedented levels, driven by AI-based threats and multifaceted intrusions, making the 2024 cybersecurity landscape even more volatile.

Cyber threats are faster and more destructive.

Come gli attaccanti riscrivono le regole del gioco, le squadre difensive faticano a star dietro. Il rapporto evidenzia diverse tendenze:

• Ataques mais rápidos do que nunca Translation: **Attacks faster than ever**In 25% incidents, attackers exfiltrated data in less than five hours, three times faster than in 2021. The situation is even more alarming in 20% cases, where data theft occurred in less than one hour.
• Internal Threats on the RiseO número de incidentes internos ligados à Coreia do Norte triplicou em 2024. Grupos patrocinados pelo Estado têm se infiltrado em empresas, passando-se por profissionais de TI, conseguindo empregos e, em seguida, instalando backdoors, roubando dados e até alterando códigos-fonte.
• Multifaceted attacks have become the norm.In 70% cases, attackers exploited three or more attack surfaces simultaneously, forcing security teams to protect endpoints, networks, cloud environments, and the human factor simultaneously.
• Phishing is back.Após ser superado por outras vulnerabilidades no ano passado, o phishing voltou a ser o principal vetor de entrada para ataques cibernéticos, representando 23% das invasões. Com o uso da IA generativa, as campanhas de phishing são agora mais sofisticadas, convincentes e escaláveis do que nunca.
• The growth of cloud attacksAlmost 29% of the incidents involved cloud environments, and 21% resulted in operational damage, with attackers exploiting incorrect configurations to map entire networks in search of valuable data.
• IA como catalisadora do ciclo de ataques translates to: **IA as a catalyst for the attack cycle**Kriminelle nutzen künstliche Intelligenz, um überzeugendere Phishing-Kampagnen zu erstellen, die Entwicklung von Malware zu automatisieren und ihre Ausbreitung innerhalb der Angriffssequenz zu beschleunigen. In einem kontrollierten Experiment stellten Forscher von Unit 42 fest, dass IA-gestützte Angriffe die Zeit bis zur Datenexfiltration auf nur 25 Minuten verkürzen können.

Why are cyberattacks still successful?

The report highlights three key factors enabling attackers' success:

• Kompleksiteti komprometon efektivitetin e sigurisë: In 75% of the incidents, there was evidence in the logs, but operational silos prevented detection.
• Manglende synlighet letter angrep: 40% degli incidenti nel cloud sono stati causati da asset non monitorati e shadow IT, consentendo agli aggressori di muoversi lateralmente senza essere rilevati.
• Over-privilege amplifies the harm.In the 41% attacks, the attackers exploited excessive permissions to facilitate lateral movement and privilege escalation.

Malicious actors are adapting their strategies, combining AI, automation, and multifaceted tactics to bypass traditional defenses. The time between initial intrusion and full impact is rapidly decreasing, making detection, response, and mitigation more critical than ever.

For å holde seg foran truslene i 2025, må organisasjoner proaktivt styrke sikkerheten til nettverk, applikasjoner og skymiljøer, i tillegg til å utstyre sikkerhetsoperasjonene sine med IA-baserte løsninger for raskere og mer effektive deteksjon og respons.