ReliaQuest report reveals rapid evolution in cyber threats

Today

ReliaQuest has released its Annual Threat Report highlighting the increasing speed of cyber-attacks and the evolving tactics of cybercriminals.

The report indicates that cyber attackers are achieving lateral movement within networks as swiftly as 27 minutes, with an average time of 48 minutes once inside. In response, security teams are harnessing AI and automation technologies to counter these threats, with some achieving mean time to contain (MTTC) figures as low as three minutes. This is significantly faster than the 6.3 hours recorded when using traditional methods.

Michael McPherson, Senior Vice President of Technical Operations at ReliaQuest, commented, "Time is the enemy in cybersecurity. Attackers are moving faster than ever, which means our defenses must speed up as well. Manual responses are no longer sufficient to stop today's threats. We have to take advantage of automation and AI to stay ahead. Agentic AI is now taking this even further and is capable of processing security alerts 20x faster than traditional methods with 30% greater accuracy at identifying true threats to the business."

The report also sheds light on the persistence of traditional attack methods. Phishing continues to be the top method for gaining initial access, with nearly 30% of phishing emails containing credential harvesters. These emails, enhanced with AI, are becoming more sophisticated, featuring polished language and convincing designs that increase their effectiveness.

The report further identifies five critical controls necessary for security teams to minimise threat exposure. It stresses the importance of improving detections, ensuring all devices are monitored, using secure VPNs, limiting external exposure, and maintaining vigilance against social engineering tactics. Particularly, the report notes that 14% of breaches in 2024 involved social engineering for either initial access or to escalate privileges.

Additionally, the report reveals broader trends, including a shift in tactics by ransomware groups. It notes that 80% of breaches are now exfiltration only, compared to 20% that involve encryption, with exfiltration-only breaches being 34% faster. The report also highlights that inadequate logging is the top cause of breaches, and that one in four active intrusions begin with the exploitation of public-facing applications. Furthermore, 85% of incidents involve compromised service accounts, and two-thirds of critical incidents involve legitimate software. The most targeted sectors are the United States, manufacturing, and professional services.

ReliaQuest exists to Make Security Possible. The company's Agentic AI-powered security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses data-stitching, detection-at-source, AI and automation to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies.

ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organisation's unique architecture, technology and business needs, the company states. It currently has more than 1,000 customers and 1,200 teammates across six global operating centers.

Share on: