As organizations continue to embrace digital transformation and expand their digital footprints, cybercriminals are evolving just as rapidly, if not faster. In its newly released 2025 Global Threat Landscape Report, Fortinet presents a comprehensive look at how the threat landscape is expected to shift over the next year, helping security leaders prepare for what’s coming next.
I encourage you to review this recently released (and complimentary) report to better understand how automation, Artificial Intelligence (AI) and stolen credentials are becoming the preferred technology and the tactics cybercriminals are using to design increasingly sophisticated (and successful) attacks.
Additional key report findings demonstrate:
• How weaponized AI has become “the new cybercrime engine”
• An enormous increase in credentials for sale through the darknet
• Increasing threats, with more than 97 billion exploitation attempts recorded last year
• Persistent gaps in cloud security linked to identity-based access
Based on 2024 data analysis, FortiGuard Labs concludes that cyberattacks are growing at an unprecedented pace, much faster than even the most streamlined security teams can defend. This increase is evidenced by a 16.7% surge in automated reconnaissance, measured at 36,000 scans per second. Even more alarming, the surge in scanning is because threat actors are attempting to maintain near real-time awareness of the attack surface so they can leverage automated attack campaigns as soon as a vulnerability is discovered.
How should Federal Agencies Respond?
Based on its report conclusions, FortiGuard Labs makes recommendations that Federal agencies and their partners can and must take to protect their information assets, in an environment where a reactive approach is no longer effective.
A first and practical step that U.S. Government agencies can take to reduce cyberattacks is to reduce organizational attack surface exposure. This deliberate effort to limit vulnerabilities will enable agencies to remain steps ahead of attackers. Initial tasks may include performing proactive scans of an organization’s external digital footprint, minimizing exposure where possible, and preparing to counter threats to those resources as they develop. Attack Surface Management (ASM) tools can make the vulnerability discovery effort more efficient, as they catalog cloud workloads, APIs, stolen credentials, and more, while conducting contextual risk analysis. ASM tools also recommend measures to monitor and reduce potential external exposures.
Another valuable observation in the FortiGuard Labs report addresses lateral movement, whereby attackers proactively seek methods to expand their unauthorized access to higher value data—the crown jewels. All it takes is a single compromised user credential or device to allow attackers to move silently through the network, harvesting data, escalating privileges, and planting additional malware across critical systems. To address this problem, agencies need to adjust the security model to not only reduce the external attack surface but also treat the internal network as a series of smaller environments with distinct boundaries. Through approaches like micro-segmentation and software-defined perimeters (SDPs), organizations can isolate workloads, contain lateral movement, and restrict access to only what is necessary.
To employ micro-segmentation and SDPs effectively, organizations need to deploy zero trust components referred to as policy decision point (PDP) and policy-enforcement-point (PEP), which requires in-depth knowledge about organizational assets, data and data flows. This comprehensive network awareness can be (understandably) challenging given the multi-domain, hybrid cloud, IT/OT, and other factors that characterize each agency’s operating environment, but it is entirely feasible with organizational buy-in and market technology. The truth is that modern cybersecurity strategies demand a more sophisticated approach to agency network protection.
Fortunately, Fortinet Federal offers agencies options to adopt proven, zero trust enforcing technologies that reduce the attack surface and prevent lateral movement. At the forefront is FortiGate, the most deployed Next-Generation Firewall (NGFW) worldwide. Engineered to be the core component of a zero trust PDP/PEP, the FortiGate protects data, assets, and users across hybrid computing environments. FortiGate also delivers an integrated and more simplified approach to network security and management that can be incrementally implemented in-line with existing capabilities.
For more details and recommendations, download the full report: 2025 FortiGuard Threat Landscape Report.
