In a scenario where digital threats are constantly evolving, traditional cybersecurity measures no longer provide the necessary protection for companies. It is what the latest study from Akamai indicates, company specialized in cloud security and performance solutions, that compiled years of research into a practical guide called "Defender's Guide 2025"
The report comes at a critical moment: Brazil ranks 4th among the countries with the most vulnerable SSH servers on the internet, with 1,2 million exposed systems that can serve as entry points for attacks. In total, Akamai has identified over 22 million infrastructures at risk globally
"When applying technical analyses and research to your cybersecurity strategy", organizations can mitigate risks more effectively, in an increasingly complex digital environment, explain Claudio Baumann, general director of Akamai Technologies
The challenge of protecting complex environments
The study highlights common flaws that will require increased attention in 2025, including gaps in authentication and network segmentation, secrets exposed in code repositories and poorly configured VPNs. Another point of concern is the evolution of malware, that now operate without files (fileless) or adopt decentralized architectures, making them harder to combat
Parallely, traditional vulnerabilities such as outdated equipment persist, Zero-Day vulnerabilities and identity theft attempts. The defacement of websites and the abuse of Kubernetes are also mentioned as significant risks
Cyberattacks can be launched even by amateur criminals, while specialized groups are becoming increasingly skilled. And we still have artificial intelligence, making the risks even deeper, Baumann alert
The four-step strategy
To strengthen digital defense in 2025, Akamai recommends a structured approach in four steps
- Implementation of digital hygiene measuresConstant software updates, strict access control and ongoing training of employees and executives to combat common threats
- Use of security and segmentation platformsImplementation of firewalls, API protection systems and distributed architecture, creating layers of defense against denial of service attacks
- Priority protection for critical servicesIdentification and enhanced protection of essential business systems, avoiding compromise of operations, recipe and reputation
- Specialized incident response teamsPreparation to mitigate damage and quickly restore operations when attacks occur, recognizing that invasions are practically inevitable
The report highlights that risk quantification metrics, although widely applied, are challenging in practical execution. "It is impossible to generalize", while replicating an existing model is extremely difficult, because it depends on the size, sophistication and criticality of each operation, within individual corporate structures, concludes Baumann
The main message is clear: to face the threat landscape of 2025, companies will need to go beyond conventional strategies, adopting a personalised and proactive approach, aligned with the specificities of your sector and the emerging trends of cyber attacks
