1、IBM Institute for Business Value|Research InsightsIBM X-Force 2025 Threat Intelligence Index 21The pattern is familiar.Organizations devote ever-growing resources to detect threats,protect networks,and deter disruption.And despite this,cyberattacks continue to grow in scale,speed,and sophistication.

2、But over the past 18-24 months,there has been a marked change in tactics.Threat actors are pursuing broader-scale campaignsdemonstrating a level of coordination,automation,and prowess not seen beforeand raising the likelihood and impact associated with operational risks.Unlike incidents of the past,

3、where data breaches and reputational harm were the greatest concern,widescale business disruption is now a real possibilitysomething every boardroom needs to be aware of and act upon.A campaign conducted by Salt Typhoon,an advanced persistent threat(APT)group,exemplifies this troubling trend.In 2024

4、,this threat actor group compromised virtually every major US telecommuni-cations providerin addition to targets in dozens of other countriesimpacting supply chains,energy infrastructure,transportation,healthcare,and other critical services,including breaches of highly sensitive government systems.1

5、As the Salt Typhoon attack demonstrates,threat actors are becoming more proficient at hiding illicit activity.They are massively increasing their use of compromised credentials to log in to networks,precluding any need to hack in.And doing so makes this activity much harder to detect and isolate.Whe

6、n threat actors use public cloud infrastructure,it becomes far more difficult for cyberdefenders to discern between safe and unsafe workloads.The new litmus test is how well we can defend against resourceful threat actors conducting campaign-ori-ented,supply chain attacks.While we can use standard c