Cybersecurity for businesses: reality and challenges throughout 2025

By 2025, enterprise cybersecurity can no longer be conceived as an isolated IT function: it is a strategic vector that defines business continuity. Digitalization has reached extreme levels: companies operate in hybrid architectures integrating multiple clouds, OT/ICS systems on the shop floor, critical IoT devices, and SaaS services. This fragmentation of infrastructure has shattered the traditional perimeter. Instead of defending networks, organizations must now control access and isolate assets to prevent an initial breach from turning into a systemic disaster.

At the same time, threats have evolved. Ransomware groups no longer act as mere opportunistic criminals: they operate as an industry, with business models that include “ransomware-as-a-service” (RaaS) and extortion platforms. Furthermore, AI-driven automation has accelerated the reconnaissance and attack phases, enabling increasingly fast and precise deployments.

2025 outlook: key cyberattack figures

Situation in Spain

The latest data presents a troubling picture for Spanish companies. According to Check Point, in the first quarter of 2025, Spain recorded an average of 1,911 weekly cyberattacks per company, a 66% increase compared to the same period in 2024.

Additionally, during the second quarter of 2025, this number rose to 1,950 weekly attacks per organization (+36%), according to ThreatCloud AI reports.

Regarding ransomware, Spain experienced a 61% increase in attacks during the first half

Other studies place Spain among the five most affected European countries by ransomware attacks, highlighting a high level of national risk.

The severity is also evident in the scale of incidents: according to Inetum, more than 77,000 security alerts were managed in the first half of the year, over 10,500 of which were classified as critical or high severity.

Other reports indicate a 35% increase in daily cyberattacks, estimating more than 45,000 incidents per day in 2025 in Spain.

European and global context

From a European perspective, the situation is no more comfortable: according to Microsoft and other threat analysts, over 52% of cyber incidents detected in Spain have an economic motivation, mainly extortion or ransomware.

Globally, ransomware attacks are rising with increasing intensity. According to Honeywell’s Threat Report, ransomware extortion incidents grew by 46% during their analysis period, with actors such as the CL0P group particularly active.

Other critical vectors are being enhanced by automation and AI: recent research has documented automated vulnerability scans reaching up to 36,000 requests per second, focusing on insecure protocols such as RDP, IoT, or SIP.

Main technical challenges for companies

Blurry perimeter and new access models

With the disappearance of a well-defined perimeter, the security approach must shift toward access control and microsegmentation. The traditional model based on firewalls and VPNs leaves critical gaps: attackers no longer need to compromise the entire network to reach an asset, just a poorly protected vector. Modern architectures tend to build secure intermediate layers (gateways or connection brokers) from which all access is controlled, monitored, and audited.

This model also promotes the principle of least privilege: users receive only the permissions they need for a limited time, and each session must be logged. By limiting exposure, the attack surface is drastically reduced, even if an endpoint is compromised.

Digital isolation as an active shield

One of the most effective strategies against ransomware or lateral movement is isolating critical sessions. Instead of allowing direct connections to sensitive systems (such as OT production servers, databases, or industrial controllers), companies use hardened remote desktops (RSW). Within this isolated environment, users interact safely but cannot extract data directly or establish persistent connections to critical resources.

This approach not only protects assets but also mitigates exploitation of insecure protocols (RDP, SSH, Telnet, etc.) and limits the vulnerable surface for attackers.

Visibility, traceability, and governance

Access control is insufficient if what happens within each session cannot be audited. Organizations must implement mechanisms that record every action: who accessed what, when, with what privileges, and what was done. These logs must be tamper-resistant to support both internal audits and regulatory requirements (such as NIS2, GDPR, or sector standards).

Moreover, security policies must be governed by metrics: mean time to detect (MTTD), mean time to recover (MTTR), percentage of accesses reviewed, anomalous session rates, etc. Without these metrics, cybersecurity management is reactive, not strategic.

Automation and high-speed response

Given the current threat volume, relying solely on human analysts is insufficient. Artificial intelligence, machine learning, and automated orchestration (SOAR) are key tools to detect anomalies, respond to incidents, and execute playbooks in milliseconds. Systems must be able to:

• Identify suspicious behaviors in real time (e.g., a user executing unusual commands)
• Automatically isolate sessions if risk is detected
• Rotate credentials and privileges when necessary
• Generate alerts and evidence without constant manual intervention

Backup, resilience, and recovery

Ransomware remains one of the most destructive threats to businesses. Resilience cannot be left to chance: companies must have immutable backups isolated from the production network and test restore procedures regularly. Only then can they ensure that in the event of a severe attack, they are not solely dependent on paying the ransom.

The 3-2-1 strategy (or modern variants) remains valid: multiple copies, in different locations, under strict access and segregation policies.

The role of AI and the future post-quantum threat

Malicious AI and attack automation

Artificial intelligence is not just a tool for defenders: attackers already use it to automatically scan systems, generate hyper-realistic phishing, adapt reconnaissance methods, and orchestrate attacks far more efficiently. Reports consistently indicate increasingly aggressive AI use in offensive campaigns, including ransomware.

This scenario demands equally intelligent defenses: behavior analysis, learning-based detection, automated responses, and access-centered security architectures.

Toward post-quantum cryptography

Although the threat from quantum computing is still emerging, organizations handling sensitive data must begin planning long-term cryptography strategies. Classical cryptography could become obsolete against future quantum attacks, so implementing post-quantum mechanisms (or at least preparing the transition) is a forward-looking approach to protect the most critical assets.

How Cosmikal strengthens enterprise defense

Isolation and control philosophy

At Cosmikal, our architecture is designed to minimize exposure to the maximum: no critical asset is directly accessible. We use hardened remote desktops, VDI, and connection brokers acting as an intermediate layer between the user and sensitive resources. This ensures that, whether the user connects from an insecure network or a non-corporate device, all contact occurs within a controlled and isolated environment.

Privileged management and credential security

Privilege management is one of the most vulnerable areas in any company. With Endurance, access is centrally managed, privileges are minimized, and credentials are stored and injected from an encrypted vault under strict policies. Every privileged session is fully logged, generating immutable evidence auditable for compliance with regulations like NIS2, ISO 27001, or ENS.

Full visibility and real-time auditing

Every action within a session (“what the user does while working on a critical asset”) is monitored, recorded, and audited. This traceability is not only key for internal security but also turns the platform into a powerful tool for reporting and regulatory compliance.

Conclusion

By 2025, it has become clear that enterprise cybersecurity is not just a technical issue but a strategic imperative. Threats evolve with AI, attack surfaces grow, and traditional perimeter-based models are no longer effective. To protect effectively, organizations must rethink their architecture from the access layer: isolate, control, automate.

Cosmikal offers solutions that implement this vision in a coherent and advanced way: total asset isolation, privilege management, precise auditing, and automation. It is not just defensive: it is a resilience architecture designed for the present and prepared for the future.

With this approach, companies not only respond to threats but anticipate and neutralize risks before they materialize, building real and sustainable cyber resilience.