Cybercriminals often initiate their attack chain using automated systems to detect vulnerabilities, then wait to exploit these in a targeted manner on weekends and holidays—times when companies are most vulnerable. This is one of the key findings of the Cybersecurity Trends Report 2025, released today by Sofistic, Cuatroochenta's cybersecurity unit. The report analyzes data from a representative sample of audits and monitoring conducted through its Security Operations Centers (SOCs) for companies in Spain and Latin America throughout 2024.
Cybercriminals continuously probe for weaknesses using automated brute-force techniques, such as login attempts and unauthorized access attempts. Once they identify vulnerabilities, they strategically launch attacks on weekends or holidays—times when companies are most exposed due to reduced staff, lower vigilance, and increased use of less-secure devices like mobile phones.
Despite this pattern, the report warns that 'cybercrime never rests and is becoming increasingly professionalized'.
Enhanced Monitoring Leads to Less Severe Attacks
Cybercriminals are exploiting geopolitical tensions, trade conflicts, and economic rivalries. Combined with emerging technologies, supply chain dependencies, and increasingly sophisticated AI-driven attacks, these factors are complicating the cybersecurity landscape more than ever before. Audits reveal a 2% increase in detected vulnerabilities, while their severity has decreased by 8%. This trend is further supported by SOC monitoring, which recorded a 27% rise in managed cases throughout 2024. While critical and high-severity incidents saw a slight decline, medium-severity cases increased by 7 percentage points. Although these cases may not directly disrupt a company’s operations, they 'can serve as a foundation for more complex attacks.’
Sofistic's SOC facilities in Spain
Access control vulnerabilities are the most common issues detected in audits, accounting for 26% of all findings. These vulnerabilities typically stem from misconfigured authorizations or poorly implemented access restrictions, allowing unauthorized users or systems to access restricted data, applications, or resources.
This type of flaw accounts for the largest share of cases handled by the SOC (29%), primarily driven by the adoption of increasingly sophisticated security policies—a clear reflection of companies’ heightened cybersecurity awareness.
«Despite the growing cybersecurity awareness among companies, they cannot afford to lower their guard in an increasingly complex landscape shaped by the widespread use of AI»
Increased Engagement with Phishing, but Fewer Falling Victim
The report also reveals that more people than ever are opening malicious emails. However, on the bright side, fewer are actually falling victim to phishing scams—clicking on malicious links has dropped by 39%, while data entry has decreased by 31%.
Thanks to training and awareness campaigns, employees are becoming more adept at recognizing phishing attempts. Despite this progress, a significant number of users still fall victim to these scams, potentially giving cybercriminals access to critical systems and putting organizations at serious risk, as evidenced by the study.
0
users access links
0
users provide data
«Companies must bolster their security culture—not only through robust technology controls and management processes but also by investing in training programs. As AI-driven attacks become increasingly sophisticated, they significantly raise the likelihood of success, making employee awareness and preparedness more critical than ever.»
Cybersecurity recommendations for 2025
Global spending on cybersecurity products and services is expected to grow by 13% in 2025, according to McKinsey forecasts, as organizations respond to the increasing scale and complexity of cyber threats. Against this backdrop, and based on the analysis of SOC audits and monitoring, the report provides a series of key recommendations:
Comprehensive Cybersecurity Strategy for Faster Detection and Response. A holistic approach that identifies vulnerabilities through audits, reinforces security with targeted technologies, and ensures continuous monitoring to maintain a resilient defense
Leverage AI models to mitigate the increasing sophistication and personalization of attacks. By harnessing artificial intelligence, companies can better predict potential cyber threats and enhance their investigation and response strategies.
Assess supplier risks to involve the entire supply chain in cybersecurity. Cybercriminals seek out all possible attack vectors, including weaknesses in external environments and partners.
Strengthen the security culture through robust technological controls and administrative processes, and above all, through continuous training and awareness programs for all employees.
The Cybersecurity Trends Report 2025 is based on a representative sample of the work conducted by the Sofistic team in 2024. It includes an analysis of 1,350 vulnerabilities identified in 140 security audits, as well as insights from monitoring 100,000 alerts and 1,500 cases through SOCs located in Panama, Colombia, and Spain. The study primarily focuses on critical infrastructure—such as energy companies, water distribution, airports, and hospitals—as well as banking and finance, services, retail, and telecommunications in Latin America and Spain. However, its conclusions and recommendations are applicable to organizations across all industries. The report was prepared by Manu Ginés (Head of R&D at Sofistic) and Juan Carlos García (Chief Operations Officer & SOC Director, Ph.D. in Computer Science)
0
vulnerabilities analyzed
0
alerts monitored in your SOC
0
cases monitored in your SOC
Sofistic is the cybersecurity division of Cuatroochenta, specializing in critical sectors such as banking and healthcare. It combines advanced technology with AI-driven cybersecurity to deliver a proactive and effective approach to protecting organizations. With over 18 years’ experience, Sofistic provides comprehensive cybersecurity services, including audits, MSSP solutions for expert support and preventative maintenance, and MDR monitoring services through its SOCs across two continents. Both the team and the company hold key security certifications, including ISO 27001, ISO 9001, ENS, and SOC 2 Type II. Additionally, Sofistic collaborates with international (FIRST) and national entities (CSIRT.es, INCIBE, and Red Nacional de SOC) to exchange intelligence and enhance cybersecurity across industries.