The digital battleground today is more complex and volatile than ever before. Cybersecurity is a persistent conflict where attackers innovate faster than defenses can adapt. From ransomware’s pivot to data extortion to AI’s dual role as both an adversary and ally, the rules of engagement have fundamentally shifted.
A new report from Check Point, “The State of Cyber Security 2025,” highlights the most concerning trends. I had a chance to speak with Pete Nicoletti, global CISO for the Americas at Check Point, about the report and the findings and insights that were most interesting.
From Singular Strikes to Persistent Campaigns
Gone are the days when cyberattacks were isolated incidents. Today, we’re facing relentless campaigns designed to undermine trust and destabilize critical systems. Nation-states like China, Russia, and North Korea are using cyber warfare as a strategic tool, leveraging zero-days and disinformation campaigns to erode infrastructure and societal cohesion. These attackers have effectively “unlimited time and resources” and are unrelenting in their pursuit of vulnerabilities.
An even more concerning development from the report is the role of alliances between criminal syndicates and hacktivists. These groups are increasingly sophisticated, creating an ecosystem that amplifies their collective power. As Nicoletti puts it, “Cybercrime is now the third-largest economy in the world.”
Ransomware 2.0: Extortion Without Headlines
Ransomware has evolved. Instead of crippling entire systems, attackers are now opting for quieter, more insidious tactics: data exfiltration. By stealing sensitive data and threatening to leak it, they avoid drawing the attention of law enforcement or global headlines. This triple extortion tactic—targeting the company, its suppliers, and its customers—is becoming the norm.
Healthcare has become a prime target, with attackers exploiting the high value of medical records. These records, often worth hundreds of dollars on the dark web, are being used to blackmail both organizations and individuals. As Nicoletti warns, “The aggregation of breached data is a goldmine for attackers, enabling them to layer multiple types of extortion.”
AI: The Double-Edged Sword
Artificial intelligence is reshaping the cybersecurity landscape, and not always for the better. Attackers are using AI to create deepfakes, automate phishing campaigns, and aggregate stolen data to identify vulnerabilities faster. Nicoletti shares a chilling example: “We’re seeing attackers download open-source AI tools, train them on breached data, and create custom models to exploit specific targets.”
Yet, AI is also a powerful defensive tool. Advanced threat detection systems leverage AI to prevent zero-day attacks in real time. Detection is often too late. Organizations need to focus on prevention and resilience.
Cloud and Edge: Expanding Attack Surfaces
The shift to hybrid cloud environments and the rise of edge computing have opened new avenues for exploitation. The report indicates that misconfigured cloud settings, outdated APIs, and unsecured edge devices are prime targets. Nicoletti highlighted the inadequacies of native cloud security tools, describing them as “ridiculously ineffective” and urging organizations to adopt third-party solutions that prioritize prevention.
Operational Relay Boxes and edge devices, often overlooked in security strategies, are becoming central to botnet operations like Raptor Train. These devices serve as anonymization hubs, making it nearly impossible to trace malicious activities.
Why Isn’t Patching Enough?
Despite two decades of emphasizing vulnerability and patch management, it remains a weak link.
According to Nicoletti, “The fact that vulnerabilities from 2014 are still being exploited screams that organizations are not taking patching seriously.” There are a variety of reasons: budget constraints, staffing shortages, and the operational risks associated with patching critical systems.
The Human Factor
Human error remains a key vulnerability, exacerbated by increasingly sophisticated phishing campaigns.
Nicoletti argued that relying on employees as the last line of defense is a failure of security strategy. “If your program depends on people not clicking something stupid, you’ve already lost,” he says bluntly.
He stressed that organizations must instead adopt a multi-layered approach, integrating tools like endpoint detection, firewalls, and AI-driven email protection to catch threats at multiple levels.
Looking Ahead: Predictions for 2025
- AI-Driven Threats: Attackers will increasingly use AI to automate and scale their operations, from creating near-flawless deepfakes to aggregating data across breaches.
- Triple Extortion Models: Data exfiltration will dominate, with attackers targeting not just organizations but their ecosystems, including suppliers and customers.
- Defense in Depth: Organizations will shift from a singular tool approach to a multi-layered strategy, focusing on resilience and rapid response.
- Rise of BYOC Risks: The widespread use of personal devices for work will exacerbate security challenges, demanding stricter policies and protections.
A New Paradigm for Cybersecurity
As the cybersecurity battlefield evolves, organizations must adapt by embracing resilience, collaboration, and proactive strategies.
Nicoletti underscored the urgency: “Nation-states and cybercriminals are not waiting for us to catch up. If we’re not ready, they will outpace us.”