---

Summary Bullets:

• To protect an expansive mobile environment attack surface in the face of a very dangerous threat environment, organizations are ramping up their security investments, with 75% of the 762 polled in a recent Verizon study reporting they had increased spending this year.
• But concerns still loom large threat actors using AI and other technologies and tactics to breach the enterprise; and only 17% have implemented security controls to stave off AI-driven attacks.

Mobile and IoT devices play an essential role in most organizations’ operations today. However, the convenience and flexibility they bring comes with risk, opening new points of exposure to enterprise assets. Organizations that were quick to embrace bring your own device (BYOD) strategies often didn’t have a solid plan for safeguarding this environment when so many of these devices were under-secured. Enterprises have made progress in layering their defenses to better protect mobile and IoT environments, but there is still room for progress.

In Verizon’s eighth annual Mobile Security Index report, 77% of the people surveyed said deepfake attacks that tap AI-generated voice and video content to impersonate staff or executives, and SMS text phishing campaigns are likely to accomplish their objective. Approximately 38% think AI will make ransomware even more effective.

Despite the increase in cybersecurity spending in most organizations, only 12% have deployed security controls to safeguard their enterprise from deepfake-enhanced voice phishing. Just 16% have implemented protections against zero-day exploits.

Enterprise employees are welcoming AI-driven apps to their mobile devices – with 93% using GenAI as part of their workday routine. They raised red flags, with 64% calling data compromise via GenAI their number one mobile risk. Of 80% of enterprises that ran employee smishing tests, 39% fell for the scam.

AI aside, user error is the most frequently noted contributor to breaches in general, followed by application threats and network threats. Some 80% said they had documented mobile phishing attempts aimed at staff.

While prioritizing cybersecurity spending is important, organizations need to look at whether they are allocating this investment on the right areas. Just 45% said their organization provides comprehensive education on the potential risks mobile AI tools bring. Only half have formal policies regarding GenAI use on mobile devices, and 27% said they aren’t strictly enforced.

Summary Bullets:

• As part of a larger global cross-industry study, LevelBlue surveyed executives in 220 manufacturing companies to gauge the state of their cyber resilience strategies in the era of AI-driven threats and other risks
• Awareness is high but also so are concerns, with 37% saying they are seeing a significantly higher volume of attacks; just 30% said their organization is prepared for deepfake attacks, even as 47% are anticipating them

Threat actors are savvy when choosing their targets. Manufacturing holds a strong appeal to cyber criminals because the profit potential associated with intellectual property is high and, thanks in part to supply chain vulnerabilities, there are plenty of points of exposure. A recent LevelBlue survey of 220 manufacturing executives found that while awareness about the threat environment is high, preparedness, especially for AI-driven attacks, is not.

Only 32% of manufacturing executives are ready for AI-powered threats, even though 44% expect them to occur. On the supply chain front, 54% admitted to having a very low to moderate visibility into their supply chains. Just 26% said working with their software suppliers to vet their credentials will take precedence in the next year.

In spite of the fact that 28% of manufacturing executives say their organization suffered a breach in the past 12 months and more than one-third are expecting that attack volume to increase, 51% said they are highly or very highly competent to protect their enterprise against threat actors. Fifty-five percent gave themselves the same competence when it comes to implementing and using AI to enhance cybersecurity.

The contradiction between this high level of confidence in their own competencies and their preparedness for AI-driven and other types of attacks points to potential overoptimism that adversaries could easily exploit. But there are also signs that some of the traditional internal organizational cybersecurity challenges in manufacturing are being addressed. Sixty-eight percent described their cybersecurity team as being aligned with lines of business. Sixty-five percent those in leadership positions are assessed against cybersecurity KPIs, which is higher than the cross-vertical results (60%).

Seventy percent are engaged in end-user education on social engineering, again higher than the entire sample (62%). Manufacturing companies are also more willing to tap third-party security providers for security training and awareness than in the past. Thirty-eight percent said they will augment their own internal resources with external training support in the next two years versus the 30% that have engaged with a third-party in the last year.

Manufacturing organizations are investing in cybersecurity to prepare for emerging threats. Top priorities are machine learning for pattern matching (71%); cyber resilience processes across the organization (69%); GenAI to combat social engineering attacks (64%); application security (67%) and enhanced supply chain security (63%).

While investment is important, awareness, pragmatism, and solid policy execution are essential. Without these, there is no way for any enterprise to mount an effective defense against cyber adversaries.

Summary Bullets:

• Though just 12% of public safety workers currently use AI everyday, 46% anticipate it will become part of their daily work by 2030.

• With an increasing emphasis on using network-dependent technologies like connected cars and drones, network reliability – or the lack thereof – is the top concern of 67% of those surveyed.

As essential as first responders are, public safety officials aren’t necessarily known for deploying leading-edge technology. But results from the fifth annual Verizon Frontline Public Safety Communications Survey suggest this may be changing. The survey results of 1,028 first responders – i.e., EMS, fire, police, emergency management, public safety, and emergency communications workers – find that while advanced technologies like AI and drones are broadly used today, they expect wider implementation through 2030.

While today, only 35% have implemented AI-driven applications in their agencies, 20% are investigating the technology for future use. Seventy-one percent (71%) described AI as either important or a top priority for their organizations, with 22% calling it the latter.

Today, 84% rely on smartphones during emergency response operations. Thirty percent (30%) use drones to provide visual support during emergency response maneuvers. Though currently, drones are only part of daily operations for 15% of the organizations surveyed, and that figure is expected to soar by 2030 to 48%. Wearables including body cameras, which are part of daily operations in 28% of organizations now, will jump to 50% by 2030. Other advanced technology will play more prominent roles in daily work in the coming years, including augmented and virtual reality applications, which currently are only part of daily operations in 8% of agencies, but they will be adopted by a third of first responder organizations by 2030.

All of this underscores the importance of the stability and service quality of the underlying communications network. Seventy-five percent (75%) say a reliable and resilient communications network is the most important element to day-to-day professional communications. Seventy-three percent (73%) cite it as most essential during emergency operations.

Cybersecurity is an important component of network continuity and productivity. More than two-thirds – i.e., 67% – of first responder organizations have deployed new cybersecurity protections in the last twelve months.

Seventy-eight percent (78%) of respondents cite better communications in the field as the biggest payoff of access to a reliable network, nearly double any other benefit, including better situational awareness (46%) and improved response time (45%).

Summary Bullets:

• In its annual Global Managed Security survey of 1,019 managed services providers (MSPs) in the US, Canada, and the UK, security vendor OpenText uncovered a big delta between the desire to exploit SMB demand for AI-driven solutions and the capability of these providers to deliver the essential support.

• Approximately 92% said they are seeing growth driven by client interest in AI but only half have the adequate resources and expertise to help clients deploy these solutions.

Organizations of all sizes are boarding the AI bandwagon. For smaller businesses lacking internal AI expertise, adoption often requires the support of an external provider. Unfortunately, that same resource limitation also plagues many of the MSPs SMBs seek out for AI support. In a recent OpenText survey of 1,019 security practitioners, IT managers, and customer relationship managers, in the coming year 96% expect to see growth in demand driven by interest in AI. However, half said a combination of factors leaves them under-prepared to support SMB AI needs, including a lack of internal expertise, too many disparate tools to manage, and the lack of standardization across different client environments.

Fewer than 50% of the surveyed organizations have developed or implemented AI cybersecurity for their clients. That said, the majority are using AI for a variety of customer-facing applications, with 67% leveraging the technology for customer support and 66% rely on AI for technical support and triage. Over half (58%) apply AI for threat detection and response.

All MSPs are aware of the urgency of upskilling staff on AI, noting it is now the third most important capability behind threat prevention and 24/7 support for its SMB clients. SMBs are seeking out bundled security packages in droves. Seventy-one percent are looking for combined prevention, detection, and response solutions. Forty-one prevent want endpoint, network, and email security offerings.

Most of the surveyed MSPs are on a growth path with 95% expanding their portfolios in the coming year. Integration across discrete tools is of highest importance (38%). Eighteen percent said attach-rate to core services is crucial. Sixteen percent cited the criticality of having solutions that work across vertical industries.

A proven reputation is essential for MSPs to compete and win new clients. Thirty-two percent said customer referrals are the primary way to gain new customers, while 29% of prospects come to MSPs through digital searches or advertisements.

Summary Bullets:

• Fueled both by its lucrative results and AI-driven toolkits that lower the barrier of entry for enterprising yet inexperienced bad actors, ransomware incidents are soaring.

• In 2024, ransomware drove 44% of data breaches around the world and accounted for 54% of those in APAC, according to the 2025 Verizon Data Breach Investigations Report (DBIR).

As is the case with any IT security breach, it is no longer a question of if but when an enterprise might be hit with ransomware. Motivated in large part by profit potential, cybercriminals are drawn to ransomware as a mechanism to extort money. As a result, ransomware incidents are on the rise with the 2025 Verizon DBIR finding the number has increased 37% in 2024 versus the prior year.

In Akamai’s newly-published 2025 State of the Internet/Security research, security and content delivery network (CDN) provider Akamai attributed this surge to a number of factors, including AI. Examining incident data from its secure internet access enterprise clients, Akamai shows a strong correlation between the increased availability of GenAI and large language models (LLMs) tools. This makes it easier for less seasoned bad actors to mount highly effective ransomware operations. Cybercriminals use LLMs to generate code and enhance their social engineering techniques.

While money is a powerful motivator in ransomware campaigns, the Akamai research notes hacktivism is also part of the picture. The increasing prevalence of ransomware-as-a-service (RaaS) is one indicator of this. RaaS leverages a sprawling underground network that uses developers, the zero-day market, and initial access brokers. These organized crime entities specialize in particular functions like money laundering to fund activities pursuing sociopolitical or ethical goals.

Threat actors are also becoming more aggressive in their extortion efforts, increasingly applying double extortion, in which cybercriminals move beyond breaching an organization to encrypt data and then demanding payment to decrypt it, has become commonplace. In double extortion breaches, cybercriminals promise to release data elsewhere if not paid. Triple extortion, leveraging DDoS attacks to add more incentive for the targeted organization to pay the ransom, is also a more frequently used tactic than in the past.

Akamai notes that it has found incidents that use quadruple extortion, in which cybercriminals communicate with executives, other employees, partners, and the media to add more pressure to pay. Some criminal organizations also threaten to expose lack of regulatory compliance to authorities to up the ante. It is worth noting that some cybercriminals release the data anyway or come back for more ransom money. There is no honor among thieves.

The effectiveness of cybercriminals in collecting ransom has had a ripple effect on cyber insurance rates and an increased frequency of IT security audits by firms to ensure the appropriate controls are in place.

The challenge of staying one step ahead of the threat actors has never been more daunting. Budget holders need to prioritize the resources to make it possible for security practitioners to do so, or risk the consequences.

Summary Bullets:

• In a survey of 2,286 technology and security-focused executives, Accenture reports that only 34% have a mature cybersecurity strategy.
• Just 20% say they are confident in their ability to protect their generative AI (GenAI) models from a breach.

Artificial intelligence (AI) presents as a double-edged sword for many enterprises. The technology has the potential to revolutionize business processes and drive further innovation but is protecting the model from advancing threats that could compromise the integrity of data output. This is a daunting challenge that few organizations have a handle on today. Add threat actors harnessing AI for their own nefarious purposes to the mix, and the situation becomes much more daunting for the enterprise.

Accenture surveyed 2,286 executives, 80% of whom are chief information security officers (CISOs), and it uncovered a perilous scenario where enterprises are largely unready to protect their assets, including AI applications, from emerging threats. Just 20% of those surveyed say they are ready to defend their generative AI (GenAI) models from cyber threats.

One of the issues enterprises are running into with respect to their security postures in general is the prioritization of AI development and deployment over other IT investments, which often means security falls by the wayside. Between 2023 and 2024, Accenture reports that investments in GenAI projects are 1.6 times higher than security spending. If this trend continues, there is a risk that AI systems built on less than secure ground are vulnerable to cyber threats. Only 28% of the executives surveyed say they are integrating security capabilities into all transformative projects from the earliest development phases. Only 42% say they are mapping security development spending to AI development.

The news is not all bleak. For organizations that prioritize cybersecurity investments and focus on infrastructure resilience as they conduct transformational projects to create elevated security postures that mitigate serious risks. Enterprises that achieve what Accenture terms a ‘Reinvention-Ready Zone’ classification faces a 69% lower risk of the kind of sophisticated cyberattacks that leverage advanced techniques, including AI to cripple operations.

The investment in security brings other dividends. Accenture found organizations that prioritize security spending achieve a 1.7 times lower technical debt due in large part to the overall efficiency and resilience of their infrastructure.

The clear takeaway is that enterprises need to balance their AI infrastructure investments with their security spending to ensure the most protected, consistent, and high-performing environment possible.

Summary Bullets:

• Most enterprises say mobile devices are crucial to operations; 95% have connected device deployments.

• AI-driven attacks including deepfakes and SMS phishing are top of mind with 77% saying they expect these types of attacks to be successful.

In this century, the sweeping impact of mobile infrastructure on corporate operations can’t be overstated. Workers have become increasingly dependent on their mobile devices to perform work-related functions. With the COVID-19 lockdown-related movement toward remote and hybrid work becoming permanent in more organizations, the importance of mobile devices has become even more outsized. But this, along with the expansion of connected device deployments, makes securing these sprawling virtual business operations environments complicated.

Verizon’s annual ‘Mobile Security Index’ survey of 600 security professionals finds a proliferation of mobile and IoT devices, with 62% of all authentications to enterprise networks coming from mobile and connected devices. There is a recognition that staff members are doing more essential work via their mobile devices than in the past. Fifty percent (50%) acknowledge that mobile devices have more access to sensitive information than even just a year ago. The extension of remote work has made mobile security a more important agenda item for 86% of respondents.

The proliferation of connected devices is changing the security picture. Almost all survey respondents – i.e., 95% – have at least some connected devices in their environments. Sixty-two percent (62%) describe their IoT environments as “mature, full scale.”

Virtually all organizations operating critical infrastructure such as utilities and water systems – i.e., 96% – have IoT deployments. Critical infrastructure is often cited for as being vulnerable to attacks because of issues such as out-of-date or insufficient security controls. The survey results bear that out, with 53% of those representing these organizations noting they have suffered serious security events resulting in downtime or data loss. Forty-eight percent (48%) of those operating critical infrastructure say that a compromise of an IoT device has caused a major operational issue.

What is clear from the research is that the mass use of mobile and IoT devices has produced more complex and potentially more porous enterprise environments. The first step to protecting these is understanding that effective multi-layer security controls need to be in place and then building out plans to execute on that.

Summary Bullets:

• AT&T divulged that the call and text records of 109 million cellular customers had been unlawfully downloaded from a third-party cloud provider’s environment.

• Wired magazine reports AT&T paid $370,000 to hackers to delete the records, which included cell site data. While the hacker provided a video of the deletion, there is no way to prove the threat actors don’t have a copy of the records.

AT&T is feeling the heat after admitting that the call and text records of 109 million wireless customers had been illegally downloaded from third-party provider Snowflake’s cloud. The records, which include the incoming and outgoing phone numbers and cell site locations that these communications were relayed through, covered a more than six-month time span in 2022 and a single day in January 2023.

In a Securities and Exchange Commission (SEC) filing this month, AT&T disclosed an internal investigation discovered the theft in April 2024. At the Department of Justice’s request, AT&T delayed a public disclosure so the agency could investigate. At least one person, a US citizen, was arrested in Turkey. The Federal Communications Commission is also probing the breach.

Wired magazine reports that AT&T paid a hacking group $370,000 in cryptocurrency to delete the records. While the bad actors provided a video showing the data deletion, there is no way to prove that the cyber criminals don’t have other copies of the records.

The theft involves call and text records of almost all of AT&T cellular clients as well as customers of mobile virtual network operators (MVNOs) including Cricket and Boost. While the data doesn’t include personally identifying information such as names or social security numbers, the scale and the inclusion of communicating phone numbers and location data present a damning picture of the severity of this breach.

Security and intelligence experts are sounding the alarm on how valuable this information would be to many bad actors and espionage agencies. The identities of individual customers can be linked to the phone numbers contained in the metadata, which can be found in public records. Adding cell sites provides the kind of information sought to map communications and locations for individuals by intelligence agencies and other entities.

This metadata can be used for several different applications, including discerning the connection between phone numbers through network mapping, geofencing analysis for targeted advertising, behavioral pattern recognition to establish travel patterns, fraud, and cold-case resolution. Intelligence agencies around the world have tapped into these types of records for surveillance purposes.

This is not AT&T’s first major security incident this year. In March 2024, AT&T disclosed that the passwords of 7.6 million customers were stolen. That theft occurred in 2019. AT&T never clarified why it took so long to notify its customers of that breach.

Big questions loom about the lack of security protections for such high-value and high-volume data. Why did it take so long for AT&T to identify that breach? What actions is the company taking to ensure that customer data is protected in the future?