Muhammed Mayet, Global Sales Engineering Director, at Obrela elaborates on ENISA’s Threat Landscape 2025 and Microsoft’s Digital Defense Report 2025 and discusses how resilience can win over complexity
The European Union Agency for Cybersecurity (ENISA), in its Threat Landscape 2025 report, paints a vivid picture of sustained and diverse cyberattacks across the EU. Simultaneously, Microsoft’s Digital Defense Report 2025 highlights accelerating attacker innovation powered by AI, social engineering and the global commoditisation of cybercrime.
Taken together, these reports reveal a critical shift; the threat environment is no longer just complex it is increasingly convergent.
Threat actors once separated by motive or geography now share tactics and AI-driven tools. The result is an escalating environment where espionage and financial crime share a common DNA.
ENISA’s analysis of nearly 4,900 incidents shows that critical infrastructure across public administration, digital services and transport is under sustained threat.
- DDoS attacks, often politically motivated, dominate the reported incidents.
- Ransomware remains the most financially impactful.
- Phishing and vulnerability exploitation account for over 80% of initial access routes.
These figures mirror trends across regions and industries, emphasising that the human element remains the critical perimeter. Microsoft’s findings validate this: Adversaries increasingly “log in” rather than “break in,” using stolen credentials, infostealers and compromised tokens to bypass traditional controls entirely.
When adversaries blur the lines
One of the most striking findings in the ENISA report is the convergence in threat actor behaviour. In Europe, hacktivists, state-aligned groups and financially motivated criminals are adopting identical Tactics, Techniques, and Procedures (TTPs).
- We are seeing political narratives used to mask profit-driven attacks while Microsoft confirms that nation-states are blending espionage with disruption.Commoditised Intrusion: Sophisticated capabilities are now purchasable, allowing smaller actors to achieve state-level impact.
- AI-Driven Reconnaissance: Attackers use AI to automate recon, generate deepfakes, and refine social engineering at scale.
In this landscape, exposure and intent matter more than attribution. Defenders must assume that any adversary, regardless of stated motive, can and will target critical systems.
Exploiting Dependencies: The Supply Chain Crisis
ENISA warns that attackers are weaponising the digital supply chain – targeting cloud providers, managed service partners (MSPs), and software vendors. Microsoft reports a 30% rise in identity-based attacks and a 90% surge in attacks on cloud workloads in 2025.
For regulated sectors under NIS2 or DORA, this presents a dual challenge. While compliance may enhance oversight, it cannot deliver true resilience without deep visibility into third-party dependencies. Governance must extend beyond the enterprise perimeter, because attackers already have.
The Double-Edged Sword of AI
Both reports highlight how adversaries are using generative AI to craft phishing campaigns, automate lateral movement and discover vulnerabilities. Microsoft warns that autonomous malware and adaptive AI agents are already testing defences in real time.
However, AI systems themselves are now high-value targets. Prompt injection and data poisoning introduce risks of misinformation, data leakage and compromised decision making.
The organisations that thrive will be the ones that apply AI securely, with governance, transparency and continuous validation.
From Alerts to Awareness
ENISA and Microsoft agree on one fundamental truth: security must evolve from reactive defence to strategic resilience. Cybersecurity is no longer just an IT concern, it’s an executive-level risk discipline.
At Obrela, we believe cyber resilience is not about building walls—it’s about adapting as fast as the attackers. We combine 24/7 Managed Detection and Response (MDR) with Managed Risk & Controls (MRC) to deliver a clear line of sight from threat data to business impact.
What’s Next?
Both reports make one thing clear – no single entity can secure itself in isolation. Collaboration, intelligence sharing and integrated defence strategies are essential to counter the convergence of cyber threats.
For organisations ready to move beyond compliance and toward true operational resilience, Obrela provides the intelligence, technology and expertise to help you do just that.
