Five key takeaways from the Microsoft Digital Defense Report 2025

Insights and recommendations for navigating the evolving cyber threat landscape

Cyber threats are growing and evolving faster than ever, impacting everything from individuals to critical societal functions. Microsoft’s annual Digital Defense Report 2025 offers a comprehensive view of the global cybersecurity landscape, highlighting emerging trends and providing actionable guidance that’s highly relevant for Nordic organizations as well.

The scale of the report is staggering: Microsoft processes 100 trillion security signals daily, helping to block 4.5 million new malware threats every day. On average, 38 million identity risk detections are analyzed daily, and 5 billion emails are scanned for malware and phishing. This vast data stream is monitored by Microsoft’s global defense team of 34,000 cybersecurity professionals, working to protect organizations and individuals against increasingly complex threats.

In this blog, we summarize the report’s key findings and share ten practical tips to help strengthen your organization’s cybersecurity posture.

AI: A powerful defense tool—And a new target

Artificial intelligence plays a growing role in cybersecurity, used by both defenders and attackers. Criminals are leveraging AI for advanced social engineering, automated system breaches, and bypassing security controls. At the same time, AI systems themselves are becoming targets—through methods like prompt injection and data poisoning—expanding the attack surface and forcing organizations to adopt proactive, behavior-based defense strategies.

AI is critical in defense because it can detect anomalies quickly, automate responses, and continuously learn to counter new threats. Organizations should consider using AI-powered solutions like Microsoft Sentinel to build robust security capabilities.

Attacks are getting smarter—But basic defenses still work

While attackers continue to develop new tactics, many breaches still follow familiar paths. According to the report, 28% of breaches begin with phishing or social engineering, 18% exploit unpatched public-facing services, 12% target remote access services.

A growing trend is the use of Infostealer malware, where attackers don’t break in—they log in using stolen credentials purchased online. That’s why Multifactor Authentication (MFA) remains one of the most effective defenses, blocking 99% of unauthorized login attempts.

However, traditional MFA solutions are no longer enough. Organizations must adopt phishing-resistant methods, such as Authenticator Passkeys or physical FIDO security keys, to stay protected.

"However, traditional MFA solutions are no longer enough. Organizations must adopt phishing-resistant methods, such as Authenticator Passkeys or physical FIDO security keys, to stay protected."

Nation-State Actors and cybercriminals focus on intelligence gathering

State-sponsored attacks are increasing in both volume and geographic reach, with intelligence gathering remaining their primary goal. The most targeted sectors include: Public administration, IT companies, Research and education. Critical infrastructure, healthcare, and financial organizations are also attractive targets due to the sensitive data they handle.

Cloud identity and supply chain security take center stage

Cloud-based identities are a prime target for attackers, who exploit malicious OAuth apps, phishing, and outdated authentication methods. Supply chain attacks are also on the rise, with adversaries using partner networks, subcontractors, and cloud services to infiltrate target systems.

This highlights the need for continuous monitoring of cloud resources and access rights, as well as thorough security assessments of supply chain partners.

Collaboration, resilience, and continuous learning are key to strong defense

No organization can tackle cybersecurity alone. The report emphasizes the importance of information sharing, collaboration, and preparedness. Cybersecurity must be part of strategic leadership and board-level discussions, with risk management and response plans tested in advance.

Ultimately, it’s not just about technology—people and culture determine how well an organization can withstand new and unexpected threats.

Ten recommendations for strengthening organizational cybersecurity

Microsoft’s report outlines ten key recommendations for organizations:

1. Make cybersecurity a board-level priority

Cyber risks are as critical as financial or legal risks. Leadership must understand vulnerabilities and regularly monitor security status and progress.

2. Protect identities first

Since most attacks begin with compromised identities, implement modern, phishing-resistant MFA for all users—especially for privileged admin accounts.

3. Invest in people, not just technology

Security is everyone’s responsibility. Build staff expertise and foster a culture where security is part of everyday operations.

4. Secure your environment and supply chain

Attackers look for the easiest entry points, including gaining access through partners. Identify and patch vulnerabilities in both your own and your partners’ systems.

5. Identify risks and rehearse your response

A cyber breach is no longer a question of “if” but “when.” Develop and test response plans in advance, especially for ransomware scenarios.

6. Manage and monitor cloud resources

Cloud services are now prime targets. Inventory all services, APIs, and identities, and implement strong governance and monitoring mechanisms.

7. Build recovery resilience

When a breach occurs, fast recovery is crucial. Test backups, keep them separate from production, and plan recovery processes for critical systems.

8. Leverage threat intelligence sharing

Cybersecurity is a team sport. Real-time information exchange with other organizations, authorities, and industry peers strengthens everyone’s defense.

9. Prepare for regulation

New regulations like the EU’s Cyber Resilience Act introduce reporting requirements and “Secure by Design” mandates. Stay informed and compliant.

10. Start managing AI and quantum risks

AI and quantum computing are reshaping the threat landscape. Assess your current encryption methods and plan a transition to post-quantum cryptography (PQC) solutions.

Final Thoughts

“Good planning is half the battle”—but in cybersecurity, continuous vigilance, development, and collaboration are what truly make the difference. Innofactor is here to support your journey toward a safer and more productive digital environment.