A surge in edge device exploits, credential abuse, and third-party breaches signals a dangerous shift in the cybersecurity landscape. Enterprises must act fast with unified, resilient defenses to stay ahead of AI-driven and identity-based attacks.
The Verizon 2025 Data Breach Investigations Report (DBIR) offers a sobering snapshot of the shifting cyber threat landscape, detailing six critical trends that demand immediate attention. With contributions from security leaders like Qualys, the report identifies a dramatic surge in vulnerability exploitation, ransomware, AI misuse, and third-party breaches.
Notably, the report reveals that 20% of breaches in 2024 began with vulnerability exploitation—a 34% increase year-over-year. Edge device vulnerabilities have exploded nearly eightfold, now accounting for 22% of all exploitation attempts.
“Attackers follow the path of least resistance, targeting vulnerable edge devices that provide direct access to internal networks.”
— Saeed Abbasi, Manager Product – Threat Research Unit, Qualys
Credential Abuse Takes Center Stage
“One key finding is the growing threat of credential abuse, which rose 24% year-over-year and remains the most common attack vector,” said Morey Haber, Chief Security Advisor at BeyondTrust. “This surge underlines the urgent need for stronger identity security measures.”
Alarmingly, VPN abuse has increased eightfold, exposing weaknesses in remote access infrastructure. Nearly half (48%) of all compromised credentials are linked to BYOD environments or unmanaged systems—underscoring the relative security advantage of corporate-managed devices.
Patching Delays and Zero-Day Risks
The report highlights a troubling 32-day average time to remediate edge vulnerabilities. This delay is increasingly untenable as attackers exploit vulnerabilities immediately upon public disclosure. Many of these exploits target known issues cataloged in CISA’s KEV list, making a strong case for real-time asset visibility and automated patching protocols.
Ransomware: Targeting the Underserved
Ransomware continues to dominate the cybercrime landscape, appearing in 44% of breach cases. While median ransom payments fell to $115,000, the number of targeted small and mid-sized businesses (SMBs) surged—88% of ransomware victims were SMBs, compared to just 39% from large enterprises. The volume-over-value strategy shows attackers are scaling operations against under-defended sectors.
Supply Chain and Third-Party Breaches Double
Supply chain attacks have doubled, with third-party breaches now comprising 30% of incidents. Many stem from leaked secrets in public repositories. “The report makes a compelling case for enhanced third-party vetting and the adoption of CIS Controls as a strategic baseline to combat these risks,” Haber noted.
On average, organizations took 94 days to remediate exposed credentials on GitHub, leaving critical assets vulnerable for extended periods. Espionage-motivated breaches also increased, now accounting for 17% of all incidents—with 28% of those financially motivated, further muddying the distinction between state and criminal actors.
“Credential abuse is rising fast, VPN misuse is rampant, and BYOD is a major blind spot—stronger identity security and CIS Controls are now essential.”
— Morey Haber, Chief Security Advisor, BeyondTrust
Shadow IT: A Growing Threat Vector
Credential logs show that 46% of compromised systems were unmanaged BYOD devices using corporate credentials. This blind spot presents a significant challenge for IT and security teams already grappling with tool sprawl and limited endpoint visibility.
AI-Driven Threats on the Rise
Generative AI, while a productivity enhancer, is increasingly being misused by attackers. The report found that 15% of employees accessed GenAI tools from corporate networks—72% using personal email credentials. Meanwhile, AI-generated phishing emails have doubled in the past two years, becoming more convincing and harder to detect.
Building Resilience with Unified Security
Both Abbasi and Haber stress the urgency of cohesive security frameworks. “Security programs must be built for resilience—from automated patching to continuous third-party monitoring. That’s the only way forward,” Abbasi stated.
Haber added, “The DBIR makes a strong case for adopting CIS Controls as an effective strategy to mitigate these evolving cybersecurity threats.”
