Hackers are carrying out attacks faster than ever, report claimsReliaQuest research says encryption of exfiltrated data is becoming less likely Phishing remains the top attack vectorAs well as boosting businesses across the world, the adoption of AI by security teams and hackers has also changed the cybercrime landscape, with new research from ReliaQuest claiming cybercriminals are now faster than ever at breaching systems, with the average time between initial access and lateral movement now just 48 minutes.Interestingly, the report found hackers are relying less and less on encryptions, with 80% of all breaches involving data exfiltration, but just 20% including encryption, and many attackers are, abandoning encryption altogether, focusing solely on data theft, "a faster, more profitable approach,” the report confirms.This suggests companies are perhaps less inclined to pay ransoms, and hackers are finding more success in simply selling the stolen data, rather than making demands.Old habits die hard This isn’t perhaps entirely surprising, as fewer than half of ransomware incidents result in payment, and of those who pay the ransom, only around 7% actually ever fully recover their information - so there’s not much incentive on either side.The research also shows phishing is once again the top initial access technique, and 30% of these attacks include credential harvesting. Social engineering attacks are evolving too, with ‘voice phishing’ now behind 14% of breaches - especially targeting the manufacturing sector, likely due to the ‘frequent IT interactions and lenient help-desk policies’ needed to handle the high volumes of support requests.But the findings also mean security teams are going to have to rethink their priorities in the coming months, and in 2025, companies will have to bolster their defenses to avoid any costly downtime.“The focus can no longer be solely on restoring encrypted systems—strategies must also address protecting data privacy, managing reputational risks, and ensuring compliance with regulatory requirements,” the report adds.“To prepare, CISOs must implement defenses to detect and prevent exfiltration attempts while developing playbooks that prioritize business continuity and resilience against these evolving ransomware tactics.”You might also likeTake a look at our picks for the best antivirus aroundCheck out our recommendations for the best malware removal softwareThe truth about GenAI security: your business can't afford to “wait and see”