huntress logo

Top Cybersecurity Threats and Trends Facing Internal IT Departments

IT departments today are grappling with a diverse range of threats. Attackers continue to rely on tricks that have worked in the past, like phishing attacks, while also trying to expand the breadth and scale of their attacks, through targeting the software supply chain and other means.

Let’s go through the full spectrum of the top cybersecurity threats and trends that IT departments are facing and the best practices they can use to address these threats.

Top Cybersecurity Threats and Trends Facing Internal IT Departments

IT departments today are grappling with a diverse range of threats. Attackers continue to rely on tricks that have worked in the past, like phishing attacks, while also trying to expand the breadth and scale of their attacks, through targeting the software supply chain and other means.

Let’s go through the full spectrum of the top cybersecurity threats and trends that IT departments are facing and the best practices they can use to address these threats.

Ransomware attacks

It may come as no surprise that ransomware is among the top cybersecurity threats today for IT departments. We’ve seen ransomware impact both massive organizations—think Colonial Pipeline or Change Healthcare. But threat actors are also targeting small and medium-sized firms, which poses a major business risk given that 60% of small businesses permanently close within six months of an attack.


In fact, ransomware has major implications for all parts of the business. Not only can a ransomware attack jeopardize sensitive and personal data, opening the doors for reputational damage, compliance concerns, and more, but it can also slam the brakes on daily operations. The average cost per minute of business downtime due to a cyberattack is $1,467—and mid-sized businesses end up paying over $250,000 to recover from a cyberattack.


As we found in our Huntress 2025 Cyber Threat Report, ransomware groups are also switching up their strategies, which is putting an added burden on IT teams. For example, attackers are no longer just encrypting data and demanding that victims pay a ransom. They’re also stealing data and threatening to publicly leak it as an extra means of putting pressure on victims to pay.


Phishing and social engineering

Threat actors continue to rely on tried-and-true techniques. Phishing is a good example. It’s still a primary means of initial access for threat actors because it works. In this type of attack, threat actors send messages to the employees in a targeted company—typically via email—and trick them into either downloading a malicious file or handing over their credentials on a fake attacker-owned webpage. 

Threat actors use different types of social engineering tactics that play on trusted relationships or sound urgent. For instance, in the 2025 Cyber Threat Report, Huntress found that threat actors often impersonate popular brands in their phishing attacks in order to build trust with their targets, including Microsoft, Docusign, and Dropbox. 

In some cases, attackers are also tweaking their phishing attacks to try to make them harder for traditional email security methods to detect. Some threat actors have turned to QR code phishing, for example, where they send users an email with an embedded QR that redirects to a malicious site.

Employees who understand the characteristics of phishing emails and know to follow their instincts if something doesn’t feel right are less likely to fall for them. Security awareness training can help employees spot phishing email red flags. IT departments should also have a clear reporting process in place if an employee thinks they’re being targeted by a phishing scam.


Advanced Persistent Threats (APT)

While many threat actors are opportunistic and cast a wide net with their cyberattacks, advanced persistent threats (APTs) are much more targeted. The threat actors behind these threats, who are often well-resourced, sophisticated, and state-sponsored, aim to stay hidden on victim networks for as long as possible. By staying stealthy, these actors can exfiltrate data over a prolonged period of time to support espionage efforts.


The hack of the US Treasury Department in late 2024 is a good example of an APT attack. Chinese state-sponsored threat actors were able to access Treasury workstations and steal unclassified documents. APT attacks can hit various targets, including nuclear think tanks, journalists, human rights defenders, and more.  



Insider Threats

While businesses face many external threats (threat actors trying to get in), insider threats are another pain point that IT departments need to manage and right within their own environments. The 2024 Verizon Data Breach Investigations Report found that internal actors are tied to 35% of breaches.  


Insider threats often bring to mind images of disgruntled employees sabotaging their employers’ computer systems. While these types of cases certainly exist, insider threats are more likely to be non-malicious or accidental. For instance, AWS S3 buckets that are left misconfigured (meaning that access settings are improperly configured) can potentially expose sensitive customer data to the public. Or maybe an employee mistypes an email address and accidentally sends confidential business information to a customer or competitor.


Cloud and remote workforce security weaknesses

In recent years, IT departments have been working to keep up with the security impacts caused by two sweeping changes across their workforces: the rise of both remote work and cloud-based services.

Remote work surged after the COVID-19 pandemic, and this rapid shift has made security teams’ jobs of making people and data secure more difficult. Companies that rely on remote and hybrid work environments deal with various device management challenges, external Wi-Fi networks, and more.

More businesses are also relying on cloud-based services and applications, dramatically expanding the potential attack surface for attackers—and threat groups like Scattered Spider are taking full advantage by targeting organizations’ cloud environments to steal data, hijack accounts, and more. There are several types of cloud-based attack vectors that threat actors use. They might target cloud-based storage buckets and databases that are misconfigured, use weak access controls to their advantage, or go through unsecured application programming interfaces (APIs).



Best practices for internal IT departments

IT department leaders can take several measures to either prevent or contain these types of attacks:

  • Patch vulnerable software: Threat actors like to target software that’s not up-to-date and that contains vulnerabilities, so enabling auto-update mechanisms where possible and having a vulnerability management program in place can help you prioritize and address the flaws across your environment.

  • Perform backups and test them regularly. Keep offline, encrypted backups for critical data and test them in disaster recovery scenarios. This can help mitigate the impacts of a ransomware attack.

  • Multi-factor authentication (MFA): The security industry has a password problem—passwords are often weak, reused, or easily guessed by threat actors. MFA is a solid way to prevent account compromise by introducing multiple forms of authentication. Make sure MFA is mandated for users (and regularly look for non-compliant accounts to remediate them). In particular, make sure that system administrator accounts—valuable targets for threat actors—use MFA.  

While IT departments face a variety of threats today, Huntress offers fully managed endpoint detection and response (EDR), so you've got 24/7 support from security experts ready to respond to threats. 



Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
Try Huntress for Free