Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With hybrid work, cloud applications, and distributed teams now the standard, organizations face a critical challenge: how to deliver secure, seamless access to both cloud-hosted and private applications without relying on outdated remote user VPNs or complex hardware.

The hybrid working model has blurred the traditional limit of corporate networks. With users accessing critical resources from remote locations, unmanaged networks and personal devices, attack surfaces have increased exponentially. This demands a cutting-edge, comprehensive and adaptive approach to security. A recent example in January 2025 makes this clear: a vulnerability in SimpleHelp - a remote access tool - let attackers compromise corporate endpoints and move laterally across the network.

For years, ransomware gangs have thrived by holding businesses hostage, forcing a terrible choice: pay up or watch your systems collapse. That era is ending. After a summer of cyber chaos that hit everything from the NHS to Harrods, the UK government has drawn a red line: no more quiet payoffs, no more sweeping attacks under the rug.

The APT group known as Librarian Ghouls has managed to infiltrate the networks of technical universities and industrial companies in Russia, Belarus, and Kazakhstan without arousing suspicion. How did the gang get inside? By using legitimate logins and moving laterally through internal networks, relying on legitimate access credentials without generating alerts.

Ransomware is evolving ‒ not fading. Despite a decline in attack detections based on WatchGuard Firebox telemetry, data from extortion sites and media reporting tells a different story: ransomware activity is actually on the rise, both quarter-over-quarter and year-over-year. The number of active ransomware groups is also increasing, as is the average ransom demand. In fact, the typical payout jumped from $400,000 in 2023 to $2 million in 2024 ‒ a staggering 500% spike.

In an era where professional sports organizations increasingly rely on digital infrastructure, the risks associated with cyber threats are greater than ever. Girona FC, one of LaLiga’s rising professional football clubs, has taken a significant step to enhance its cybersecurity posture by partnering with WatchGuard Technologies. This move reflects the Club’s broader commitment to digital resilience and operational security.

Just because ransomware attacks have decreased doesn’t mean that the risk has disappeared. Indeed, it remains one of the most disruptive threats to any organisation. Headlines can convey a false sense of relief: Ransomware attacks are down 15%, according to Verizon's latest DBIR report. But for those of us who work in cybersecurity, we know that this doesn't tell the whole story, especially when the real issue isn't how often an attack occurs, but what happens when it does.

As IT environments become more complex, organizations face rising threat volumes, persistent cybersecurity talent shortages, and adversaries capable of dwelling undetected for days and moving laterally within hours. In this context, choosing between SIEM and XDR is no longer a technical preference; it’s a strategic decision that shapes how your organization defends itself.

Cybersecurity in 2025 is marked by a more complex, dynamic, and decentralised environment. Threats have not only become more sophisticated but also act faster, supported by technologies including artificial intelligence and a fragmented geopolitical context. Against this backdrop, the latest IDC report* on the state of cybersecurity in 2025 brings to the table a paradigm shift in how protection is provided, with what resources and under what structures.