Sopra Steria, specialist in consulting, digital services and software development, has presented its “Cyber Threats Report 2025”. According to the Company, generative AI has burst into the digital ecosystem, being used by both organizations and cybercriminals to automate and perfect your attacks.
The report confirms the challenges that modern organizations face for the convergence of artificial intelligence and cybersecurity. In addition to the generation of malware, among the emerging risks the report warns about the growing phenomenon of Shadow GenAI, through which employees expose sensitive company data due to the use of AI tools without corporate control. Likewise, there is an increase in the use of AI to generate deepfakeswhich complicates the detection of phishing (or social engineering techniques) and the response to incidents.
Likewise, the report reveals that the model of Ransomware-as-a-Service (RaaS) has reached critical levels of sophistication and expansion. This system allows non-technical cybercriminals to launch devastating attacks using professional, ready-to-use ransomware kits, delegating the infrastructure to specialized operators.
In general, the number of companies victims of cyber attacks in Spain has increased by 43.2% compared to the previous year, as indicated by the data from INCIBE’s 2024 cybersecurity balance.
«Artificial intelligence has transformed the digital landscape, and cybersecurity is no exception. At Sopra Steria, we believe that this technology should be a tool to strengthen organizations, not to put them at risk. For this reason, in Spain we have a team of experts who help organizations systematically reduce risk and increase the maturity and resilience of their systems.”said Arsenio Pérez, Director of Cybersecurity at Sopra Steria Spain. “We are committed to providing an up-to-date view of the threat landscape, identifying critical assets and helping our customers understand how AI and new regulations influence their digital security.”he added.
Other notable threats are:
- Growth of phishing and multi-channel attacks: Phishing remains the most common type of attack, with new variants such as multi-channel phishing, ‘Adversary-in-the-Middle’ (AiTM) attacks and ‘Phishing-as-a-Service’ platforms.
- Rise of malware and infostealers: The resurgence of malware such as Lumma Stealer and the proliferation of infostealers (information thieves) have facilitated the theft of credentials and data leaks, increasing the risk of unauthorized access and lateral movements within organizations.
- Exploitation of critical vulnerabilities: The average exploitation time of a vulnerability after its publication has been reduced to just five days, which requires a more agile application of patches and updates.
- Threats to critical infrastructure and OT: Ransomware and zero-day vulnerabilities are increasingly affecting industrial systems and essential services, driving the adoption of frameworks such as IEC 62443 and network segmentation.
Challenges for next year
The report also analyzes the main trends and regulatory challenges that will shape the digital landscape in Spain and Europe over the next year.
It stands out that Spain already has a consolidated regulatory framework, supported by the National Security Scheme (ENS), the imminent transposition of the NIS2 Directive and the entry into force of the DORA Regulation, which reinforces the operational resilience of the financial sector. These regulations, together with the CCNCERT guidelines and the promotion of INCIBE, place cybersecurity and resilience at the core of the operations of Spanish organizations.
The document concludes by offering some recommendations to companies that want to operate in the digital ecosystem with greater security:
- Take a comprehensive approach to security, embedding resilience at the core of operations.
- Prioritize regular patching and updating of systems, especially VPNs and APIs.
- Implement robust multi-factor authentication and ongoing cybersecurity training for your employees.
- Strengthen incident detection and response through EDR solutions and advanced monitoring
- Audit and reinforce the management of passwords, permissions and settings across all systems.
