Insights and recommendations for navigating the evolving cyber threat landscape
Cyber threats are growing and evolving faster than ever, impacting everything from individuals to critical societal functions. Microsoft’s annual Digital Defense Report 2025 offers a comprehensive view of the global cybersecurity landscape, highlighting emerging trends and providing actionable guidance that’s highly relevant for Nordic organizations as well.
The scale of the report is staggering: Microsoft processes 100 trillion security signals daily, helping to block 4.5 million new malware threats every day. On average, 38 million identity risk detections are analyzed daily, and 5 billion emails are scanned for malware and phishing. This vast data stream is monitored by Microsoft’s global defense team of 34,000 cybersecurity professionals, working to protect organizations and individuals against increasingly complex threats.
In this blog, we summarize the report’s key findings and share ten practical tips to help strengthen your organization’s cybersecurity posture.
Artificial intelligence plays a growing role in cybersecurity, used by both defenders and attackers. Criminals are leveraging AI for advanced social engineering, automated system breaches, and bypassing security controls. At the same time, AI systems themselves are becoming targets—through methods like prompt injection and data poisoning—expanding the attack surface and forcing organizations to adopt proactive, behavior-based defense strategies.
AI is critical in defense because it can detect anomalies quickly, automate responses, and continuously learn to counter new threats. Organizations should consider using AI-powered solutions like Microsoft Sentinel to build robust security capabilities.
While attackers continue to develop new tactics, many breaches still follow familiar paths. According to the report, 28% of breaches begin with phishing or social engineering, 18% exploit unpatched public-facing services, 12% target remote access services.
A growing trend is the use of Infostealer malware, where attackers don’t break in—they log in using stolen credentials purchased online. That’s why Multifactor Authentication (MFA) remains one of the most effective defenses, blocking 99% of unauthorized login attempts.
However, traditional MFA solutions are no longer enough. Organizations must adopt phishing-resistant methods, such as Authenticator Passkeys or physical FIDO security keys, to stay protected.
"However, traditional MFA solutions are no longer enough. Organizations must adopt phishing-resistant methods, such as Authenticator Passkeys or physical FIDO security keys, to stay protected."
State-sponsored attacks are increasing in both volume and geographic reach, with intelligence gathering remaining their primary goal. The most targeted sectors include: Public administration, IT companies, Research and education. Critical infrastructure, healthcare, and financial organizations are also attractive targets due to the sensitive data they handle.
Cloud-based identities are a prime target for attackers, who exploit malicious OAuth apps, phishing, and outdated authentication methods. Supply chain attacks are also on the rise, with adversaries using partner networks, subcontractors, and cloud services to infiltrate target systems.
This highlights the need for continuous monitoring of cloud resources and access rights, as well as thorough security assessments of supply chain partners.
No organization can tackle cybersecurity alone. The report emphasizes the importance of information sharing, collaboration, and preparedness. Cybersecurity must be part of strategic leadership and board-level discussions, with risk management and response plans tested in advance.
Ultimately, it’s not just about technology—people and culture determine how well an organization can withstand new and unexpected threats.
Microsoft’s report outlines ten key recommendations for organizations:
Cyber risks are as critical as financial or legal risks. Leadership must understand vulnerabilities and regularly monitor security status and progress.
Since most attacks begin with compromised identities, implement modern, phishing-resistant MFA for all users—especially for privileged admin accounts.
Security is everyone’s responsibility. Build staff expertise and foster a culture where security is part of everyday operations.
Attackers look for the easiest entry points, including gaining access through partners. Identify and patch vulnerabilities in both your own and your partners’ systems.
A cyber breach is no longer a question of “if” but “when.” Develop and test response plans in advance, especially for ransomware scenarios.
Cloud services are now prime targets. Inventory all services, APIs, and identities, and implement strong governance and monitoring mechanisms.
When a breach occurs, fast recovery is crucial. Test backups, keep them separate from production, and plan recovery processes for critical systems.
Cybersecurity is a team sport. Real-time information exchange with other organizations, authorities, and industry peers strengthens everyone’s defense.
New regulations like the EU’s Cyber Resilience Act introduce reporting requirements and “Secure by Design” mandates. Stay informed and compliant.
AI and quantum computing are reshaping the threat landscape. Assess your current encryption methods and plan a transition to post-quantum cryptography (PQC) solutions.
“Good planning is half the battle”—but in cybersecurity, continuous vigilance, development, and collaboration are what truly make the difference. Innofactor is here to support your journey toward a safer and more productive digital environment.