top of page

A new era of cyber risks: 4 key trends from the SANS CyberThreat Summit

  • alissahilbertz
  • 1 day ago
  • 3 min read

What cybersecurity leaders need to know from two days of expert-led cyber threat discussions 


The year 2025 was marked by a significant rise in publicly disclosed cyber-attacks globally: over 500 according to the European Repository of Cyber Incidents (EuRepoC).  Cybersecurity needs aren't just top of mind for many organizations; they are on their doorstep. What was once considered a technical concern has become a strategic business issue, demanding attention at the highest levels of leadership. 


The SANS CyberThreat Summit is an event dedicated to cyber threat analysis and intelligence. Across two days of sessions, leading experts and practitioners provided deep insights into attacker motivations, emerging technologies and the shifting dynamics shaping global cyber activity.  


Whether you are shaping cybersecurity strategy, overseeing risk management, or simply staying informed, these insights provide valuable direction for navigating what comes next in an increasingly complex digital landscape. 

 

4 key cyber threat trends you should know about


This year's summit was particularly focused on the latest evolution of threats in the cyber domain. Here are four key insights every organization should be aware of: 


  1. Cybercrime is scaling faster than ever 

The entry-barrier for cybercriminals continues to fall, fuelling the growth of more than 125 active ransomware groups in 2025, according to the presentation of Proofpoint. This includes hackers and criminal groups commissioned by governments. As nation-state actors increasingly mirror the techniques of cybercriminals, the tactics seen today in criminal ecosystems may offer a preview of future state-sponsored operations. 

 

Monitoring the cyber crime groups can help in pre-empt Tactics, Techniques and Procedures (TTPs) used by state actors.” | Saher Naumaan, Senior Threat Researcher Crime & Espionage team, Proofpoint. 

 

  1. AI is accelerating the offensive–defensive arms race 

Cybercriminals are rapidly shifting toward fully AI-driven campaigns, automating tasks once dominated by human expertise. To keep pace, organizations must strengthen their defensive AI capabilities or risk being outmaneuvered by faster, more adaptive adversaries. 

 

You can have two different outcomes from the same AI model, good or evil.

Rem Dudas & Noa Dekels,

Principal Threat Intelligence analyst & Threat Intelligence Researcher, Palo Alto Networks. 

 

  1. Insider and behavioral threats require new detection approaches 

Economic pressures, workforce disruption and the use of advanced evasion techniques are increasing the likelihood of insider activity and making threats harder to spot. Traditional Indicators of Compromise (IoC) are diminishing in value as attackers blend into normal network traffic, pushing organizations toward intelligence-led, behavior-based detection models. 

 

Every advanced evasion technique can be used as a fingerprint to improve detection.

Patrick Staubmann, Team Lead Threat Analysis, VMRay. 

 

  1. Geopolitical instability will redirect threat activity westward 

As the war in Ukraine evolves, organizations should anticipate a shift in focus from threat actors currently engaged in the conflict. A redirection of their capabilities toward Western targets is likely once the war ends, making proactive preparation and resilience planning essential. 

 

When the war ends, a lot of Russian threat actors focused on Ukraine will shift to broader targets.

John Southworth, Senior Threat Intelligence Manager, PwC. 


two women working behind computer screens, one extending her arm to show the other something

 

What does this mean for your organization?  

The key takeaway is clear: organizations must accelerate their cybersecurity efforts while becoming more strategic and intelligent in their approach. Several critical points emerged from the summit, along with questions you should be asking: 


  • Use good AI to fight bad AI. Threat actors are rapidly weaponizing generative AI; organizations that fail to adopt AI-driven defenses will fall behind.  


Ask: Is your organization actively evaluating AI’s role in its security posture? 


  • Threat actors are more diverse than ever. This demands more innovative detection and monitoring capabilities, grounded in threat intelligence and designed to turn adversaries’ own TTPs against them.  


Ask: Is threat intelligence fully integrated into your detection strategy? 


  • Prepare for the worst, hope for the best. The threat landscape and the threat actors' focus will shift soon, with increased targeting of Western organizations expected. 


Ask: Is your organization ready for a more unpredictable threat landscape? 


The SANS CyberThreat Summit highlighted how rapidly cybersecurity threats are evolving - driven by technological innovation - and how organizations must increasingly push themselves to stay ahead. Cybersecurity is not a one-off project; it is a continuous effort that needs to stay up to date with the latest trends. 


Author: Giovanni Ferronato 


Would you like to discuss recent cybersecurity developments? 

Reach out to 


headshot of Davide Bonalumi, senior manager Cybersecurity IG&H

Davide Bonalumi

Senior Manager Cybersecurity

+31615045242


 
 
bottom of page