Sophisticated cyberattacks and threats are increasingly on the rise as cybercriminals become more persistent, leaving many organizations vulnerable and struggling to keep up with the latest attack vectors. This makes Cyber Threat Intelligence (CTI) more critical as organizations pivot from reactive to proactive cybersecurity strategies.

In this blog, we will discuss different industries being attacked, how CTI can mitigate risks before an attack happens, and how organizations can implement it to be proactive.

What Industries are being Attacked?

Industrial Control Systems and Critical Infrastructure

In today's geopolitical climate, Industrial Control Systems (ICS) and critical infrastructures are increasingly under attack. As Rob Lee, CEO and Founder of Dragos, Inc. stated in his RSACTM 2025 presentation, "In 2024, we saw the expansion of adversaries, tools, and ransomware events targeting industrial organizations." Lee went on to highlight that groups such as Volt Typhoon (also known as VOLTZITE) have successfully gained access to numerous American companies in the telecommunications, energy, water, and other critical sectors.

High-profile incidents like the SolarWinds attack and the Chinese state-backed penetration of a cloud service that accessed US Treasury Department workstations in December 2024 demonstrate the real-world impact of these threats. These events prove that securing critical infrastructure is vital.

Food and Agriculture

The food industry has now become a prime target for cybercriminals, with ransomware attacks doubling in the past quarter of 2025. Jonathan Braley, Director at Food and AG-ISAC, presented findings from the Food and AG-ISAC Threat Report in his RSAC 2025 presentation. Braley highlighted the following victims that were found in the report:

• Agribusinesses
• Food processors
• Food distributors
• Food and beverage companies
• SMS farms
• Restaurants
• Grocery chains
• Farming cooperatives and more

Braley stated that in 2024, the food and agriculture sector was the sixth most impacted, with 212 of 3,500 observed attacks. Notable incidents included direct ransomware attacks on Krispy Kreme and a third-party vendor attack on Starbucks. Braley said the threat actors are “Primarily Ransomware Groups (53.2%), followed by Nation-State Actors (27.7%), Cybercriminals (14.9%), and Hacktivists (4.3%).” And unfortunately, we may see a continued rise in these attacks throughout 2025.

Cloud Computing

Cloud adoption continues to rise, with 94% of organizations now using cloud services as of 2024. While the cloud offers many benefits, it also introduces new security challenges. Etay Maor, Chief Security Strategist at Cato Networks stated in his RSAC 2025 presentation “Identity has become the new cloud perimeter, making compromised identities the number one access vector for attackers today.”

Ransomware attacks are less effective in the cloud because cloud systems are often backed up, allowing for easier restoration. However, this has led to a rise in data extortion within the cloud as lateral movement with identity is so easy, as Maor stated.

Why is Threat Intelligence Critical for Proactive Security?

According to a recent Armis survey, Nadir Izrael, CTO and Co-Founder at Armis cited in a 2025 RSAC Keynote, 58% of organizations feel they are entirely reactive to threats. To combat this, organizations must implement effective (CTI), which enables them to anticipate threats, assess vulnerabilities, and mitigate risks before they can escalate into serious incidents.

Before implementing CTI, an organization must first create a threat profile, as cybersecurity experts Stephanie Gass, Senior Director of Information Security at Center for Internet and Kaitlyn Drape, Hybrid Threat Intelligence Analysts at Center for Internet Security explained in their RSAC 2025 webcast. This involves a crucial first step, identifying threats based on the organization's specific line of business. This strategic approach ensures that security efforts are focused on the most relevant and impactful threats.

Gass outlined questions an organization should ask when building an effective CTI:

• What are the adversaries' motivations and Tactics, Techniques, and Procedures (TTPs)?
• What governs an organization (e.g., regulations, legal requirements, contracts, cyber insurance policy, etc.)?
• What Indicators of Compromise (IOCs) should the organization track?
• What are the “crown jewels?”
• What are the relevant geographics threats?

Drape then stated that once the threat profile is built, organizations should use CTI. This is intelligence that has been aggregated, transformed, analyzed, and enriched to provide the necessary content for decision-making. Using threat intelligence allows for it to shift through the noise and transform data into a narrative for a decision-maker.

Drape also emphasized that threat sharing is a key component of a robust security strategy. By sharing intelligence with other organizations, everyone can benefit from a wider pool of information, improving collective defense against common adversaries. This collaborative approach enhances the effectiveness of CTI across the entire industry.

By understanding the threat landscape and leveraging innovative technologies like CTI, organizations can shift from being reactive to proactive and mitigate risk before a cyberattack occurs.

Ready to harness the power of threat intelligence? Visit our RSAC library to find out how an effective CTI program can help an organization proactively defend against modern threats.