Four key takeaways from the new Security Navigator 2025 Report
Orange Cyberdefense has published its Security Navigator 2025 Report, which provides essential insights for CISOs, CTOs, and IT Security professionals.
The report highlights the latest trends and insights into an increasingly volatile threat landscape, where new technologies are emerging and malicious actors are constantly evolving their strategies.
This year’s Security Navigator Report is unique in its expanded focus on how AI is playing a role in cybersecurity – in the hands of both threat actors and cybersecurity experts.
It also digs deeper into threats facing critical infrastructure – such as mobile networks and operational technology – in the context of increased adoption of IoT and 5G solutions.
South African representation
This year’s Security Navigator report saw many important contributions from South African security experts.
The annual report which examines the global cyber threat landscape and is downloaded across the world is predominantly produced by the Orange Cyberdefense Security Research team – a team within Orange Cyberdefense dedicated to the research and analysis of current and emerging threats. Heading up this team is one of the founders of the SensePost business, South African security veteran Charl van der Walt.
Along with van der Walt, the report also saw a significant contribution from Wicus Ross – a senior security researcher who is part of van der Walt’s team.
In his contribution to the report, Ross investigates the reactive nature of vulnerability management.
He highlights how defenders must juggle remediation priorities with a growing list of new vulnerabilities, and urges organisations to prioritise risk reduction and threat mitigation.
Lastly, Rogan Dawes, a senior security analyst and researcher, part of the SensePost team, investigated VPNs – asking the provocative question of whether they are faulty by design.
For these and many other valuable insights, click here to download the report.
Alternatively, read on for a summary of four key Security Navigator 2025 Report findings.
This summary was written by Sara Puigvert – Orange Cyberdefense EVP of Global Operations.
What have we learned?
Essential insights for CISOs, CTOs, and Security Managers
The Security Navigator 2025 highlights critical cybersecurity trends, providing insights and strategic guidance tailored to address the challenges faced by today’s CISOs, CTOs, and Security Managers.
This year’s findings underscore how organisations are increasingly exposed to aggressive cyber extortion (Cy-X), sophisticated hacktivism, targeted Operational Technology (OT) threats, and the evolving demands of integrated threat and risk management.
Cyber extortion (Cy-X): Growing aggression and targeted attacks
Cyber extortion remains a pervasive threat that is impacting organisations of all sizes and sectors – especially small and medium-sized enterprises (SMEs). SMEs this year faced a 53% rise in ransomware incidents, and this year marks the biggest ever ransom obtained by a ransomware group: $75 million was paid to Dark Angels.
With the emergence of AI tools designed specifically for fraud, extortion, and impersonation, AI has enabled an increase in the volume and sophistication of extortion incidents across sectors. The impact of these attacks reaches beyond the immediate target, with disruptions cascading through supply chains and posing risks to larger companies. We observe a growing cynicism as criminals no longer avoid critical services like healthcare.
We need resilience-building strategies to counter these risks. This includes the implementation of robust recovery protocols and reliable backup systems to reduce downtime and data loss after an attack. Our previous report offers detailed guidance for CISOs.
Hacktivism and cognitive attacks: A rising threat to public trust
Hacktivism is still evolving from activism into destabilizing campaigns, often aligned with geopolitical conflicts like the war against Ukraine, with a particular impact in Europe.
In the Nordics, through a combination of distributed denial-of-service (DDoS) attacks and disinformation tactics, pro-Russian hacktivists have launched extensive attacks targeting government services, critical infrastructure and other “symbolic” entities. AI can be used to create fake news and digitally altered images as part of campaigns targeting elections and eroding trust in democratic institutions.
Attackers increasingly target perception and trust through these “cognitive” attacks. These attacks aren’t technical disruptions. They aim to manipulate public opinion, undermine trust in institutions, and destabilize societal confidence.
To limit the spread of disinformation and safeguard institutional credibility, the report recommends organisations prepare to counter these “cognitive attacks”.
This involves equipping cybersecurity teams with monitoring tools to identify disinformation early and implementing rapid response protocols to counter false narratives effectively. It is paramount to protect high-visibility assets like public facing websites and social media accounts, which Orange Cyberdefense anti cybercrime teams work toward daily. By managing public perception and maintaining a trusted information environment, organisations can mitigate the reputational damage that often accompanies these attacks.
Operational Technology (OT) security: Unique risks for critical infrastructure
Operational Technology (OT) environments, which control essential physical processes, are now vulnerable to cyber extortion and hacktivism, with attackers frequently using techniques that specifically target OT systems.
Unlike information technology (IT) systems, OT environments have specialised requirements that make conventional cybersecurity approaches inadequate.
We highlight direct threats called “Category 2 attacks”, which target OT directly and aim to interfere with physical processes. The techniques tend to leverage existing, legitimate OT functionality, and are therefore very hard to detect or block. We can’t simply copy the defenses we have for IT in an OT environment. Basic controls like network segmentation remain essential, while more advanced practices like penetration testing need to be carefully examined to ensure they add value to OT.
Evolving threat and risk management: A shift beyond “vulnerability management”
With over 264,000 vulnerabilities catalogued globally, the load is impossible to manage.
Moreover, threats like zero-day vulnerabilities in widely used products like Ivanti, Palo Alto, and Cisco, continue to be exploited by actors reportedly backed by states like China.
2024 has demonstrated that traditional “vulnerability management” must evolve toward a dual strategy of threat-informed prioritisation for publicly exposed assets, combined with systemic risk reduction for internal environments.
For large internal environments, we need to conceive architectures that are immune to compromise via an individual system.
This requires three strategies:
- Firstly, minimising attack surfaces by removing unnecessary systems.
- Secondly, limiting attack impact through robust segmentation and Zero Trust architecture.
- Thirdly, defining and implementing appropriate configurations, recorded in an asset inventory, and enrolled in software management systems.
Conclusion
As cybersecurity threats become more sophisticated and unpredictable, today’s CISOs, CTOs, and Security Managers stand at a pivotal crossroads.
The cyber landscape demands more than just defences; it requires a proactive, intelligence-driven approach that anticipates and mitigates risks before they materialise.
Cyber extortion, hacktivism, zero-day exploits and OT-specific threats are no longer isolated issues but interconnected challenges that call for a cohesive and adaptable strategy.
The path forward lies in building resilient organisations equipped to protect, recover, and evolve in response to shifting tactics and emerging vulnerabilities.
This means embracing not only technical solutions but also cognitive defences to safeguard public trust and prioritising risk-informed management over sheer volume in vulnerability tracking.
By adopting these approaches, security leaders can transform challenges into opportunities for stronger, more resilient infrastructures.
A strong security strategy requires adaptation and readiness to address constantly evolving threats, supported by tools and an organisation that can swiftly adjust to new circumstances.
Click here to download the Security Navigator 2025 report.