Organizations across the world are coming to terms with the hard truths behind their cybersecurity exposures. Even after pinpointing thousands of possible vulnerabilities, only around half are addressed each year. This troubling statistic is a reminder that this crisis isn’t just a large-scale problem—it’s personal. Left unchecked, attackers have a hair-trigger pace between discovery and exploitation. Organizations often require days or weeks to mobilize their respective responses resulting in catastrophic exposure backlogs.
In 2025, the ransomware ecosystem faced cyclical upheaval on an unprecedented scale. For one thing, the biggest global Ransomware-as-a-Service (RaaS) groups either vanished, changed their names or got taken down entirely. In the aftermath of this turmoil, new and resurgent players entered the picture to assume leadership. Specifically, the ransomware group Qilin experienced impressive growth by aggressively recruiting displaced affiliates. Consequently, Qilin emerged to be the most active ransomware operator of 2025, with more than 1,000 published victims to its name.
The Action Gap in Cybersecurity
The Exposure Management White Paper has pointed out that which it calls an “action gap” in today’s cybersecurity landscape. Organizations are being bombarded with an average of 1,968 attacks each week—an 18% increase year-over-year. This shocking stat makes plain the need for all organizations to do a better job on protecting against their many vulnerabilities.
The average time to remediate these issues is 3.5 days. It takes attackers on average only a few hours to exploit a known vulnerability. This difference underlines the important gap that makes it imperative for institutions to do something tangible. The Smart Fix report provides concrete examples of the challenges organizations go through trying to figure out how to prioritize fixes.
“What should we fix?” – Anonymous
The report underscores the fact that even when there has been remediation, fixes can create unexpected problems that can make the remediation effort even more complex. These complexities make for a tough cocktail that helps keep exposure backlogs persistent and existing controls inefficacious.
The Rise of ClickFix Techniques
A major trend within the ransomware landscape is the dramatic increase in ClickFix-style tactics. These techniques overlay novel execution boundaries between malware delivery and user action. As a consequence, it’s becoming increasingly difficult for organizations to identify the source of attacks. In 2025, ClickFix activity increased almost 500% and was present in almost 50% of observed malware campaigns.
As organizations implement newer, more innovative defensive tactics, they need to be on the lookout for these sophisticated threats. Sophisticated attackers use AI technology to speed up their processes, rapidly going from vulnerability discovery to exploitation. This abrupt shift increases risks even more for entities that were already having difficulty with their remediation deadlines.
Yochai Corem, VP of Exposure Management at Check Point, emphasizes the importance of immediate action in response to these threats.
“How do we mitigate this safely, right now, with the controls we already have?” – Yochai Corem
This view emphasizes the pace at which organizations need to act when it comes to managing cybersecurity today.
The Qilin Phenomenon
By 2025, Qilin had become one of the leading forces in the ransomware sphere, taking advantage of the chaos created by the takedown of well-known organizations. By promising a market-leading revenue share and feverishly recruiting affiliates who had been displaced in other RaaS companies, Qilin was quickly maximizing its operational bandwidth. The group’s rapid rise demonstrates how quickly nonprofits need to change where they play defense. They must go beyond fire by responding aggressively and proactively to this changing threat landscape.
Qilin was responsible for well over 1,000 victims during its year-long reign of terror. It was much more the cumulative volume of attacks and the precision and sophistication of the tactics this new band of cybercriminals used that really was crushing organizations. Qilin’s fast-tracked recruitment tactics are a reminder that cyber threats are rapidly changing and adapting. These threats morph and metamorphose almost instantaneously, forcing everyone to pivot and react to a constantly shifting adversary.
Proactive measures and continuous monitoring is imperative for organizations to stay ahead of these advancements. Fundamentally, as critical infrastructures are compromised and exploited amid a crisis, a coordinated response strategy is crucial in order to minimize risks.