The 2025 Global Threat Landscape Report from FortiGuard Labs is a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework.

Fortinet's Global Threat Landscape Report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.

The report showed that targeted attacks on critical sectors intensified. Industries such as manufacturing, healthcare, and financial services continue to experience a surge in tailored cyberattacks, with adversaries deploying sector-specific exploitations.

In 2024, the most targeted sectors were manufacturing (17%), business services (11%), construction (9%), and retail (9%). Both nation-state actors and Ransomware-as-a-Service (RaaS) operators concentrated their efforts on these verticals, with the United States bearing the brunt of attacks (61%), followed by the United Kingdom (6%) and Canada (5%).

Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale.

The traditional security playbook is no longer enough. Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today's rapidly evolving threat landscape.

Fortinet's Global Threat Landscape Report provides rich details on the latest attacker tactics and techniques while also delivering prescriptive recommendations and actionable insights. Designed to empower CISOs and security teams, the report offers strategies to counter threat actors before they strike, helping organizations stay ahead of emerging cyberthreats.

This year's report includes a "CISO Playbook for Adversary Defense" that highlights a few strategic areas to focus on:

Shifting from traditional threat detection to continuous threat exposure management: This proactive approach emphasizes continuous attack surface management, real-world emulation of adversary behavior, risk-based remediation prioritization, and automation of detection and defense responses. Utilizing breach and attack simulation (BAS) tools to regularly assess endpoint, network, and cloud defenses against real-world attack scenarios ensures resilience against lateral movement and exploitation.

Simulating real-world attacks: Conduct adversary emulation exercises, red and purple teaming, and leverage MITRE ATT&CK to test defenses against threats like ransomware and espionage campaigns.

Reducing attack surface exposure: Deploy attack surface management (ASM) tools to detect exposed assets, leaked credentials, and exploitable vulnerabilities while continuously monitoring darknet forums for emerging threats.

Prioritizing high-risk vulnerabilities: Focus remediation efforts on vulnerabilities actively discussed by cybercrime groups, leveraging risk-based prioritization frameworks such as EPSS and CVSS for effective patch management.

Leveraging dark web intelligence: Monitor darknet marketplaces for emerging ransomware services and track hacktivist coordination efforts to preemptively mitigate threats like DDoS and web defacement attacks.