What's Happening?
Mandiant's M-Trends 2026 report, unveiled at the RSA Conference, reveals significant changes in ransomware attack strategies. The report, based on over 500,000 hours of incident response in 2025, indicates that attackers are accelerating their operations
and focusing on systems critical for recovery post-breach. The median dwell time for attacks has increased to 14 days from 11 days the previous year. Notably, voice phishing has emerged as a significant initial infection vector, accounting for 11% of cases, while email phishing has decreased to 6%. These trends suggest a shift towards more interactive social engineering tactics.
Why It's Important?
The findings from Mandiant's report underscore the evolving nature of cyber threats, particularly ransomware, which poses a growing risk to organizations' operational resilience. The increased speed and sophistication of attacks, coupled with a focus on recovery systems, highlight the need for enhanced cybersecurity measures. Organizations may face heightened financial and reputational risks if they fail to adapt to these new tactics. The shift towards voice phishing also indicates a need for updated training and awareness programs to mitigate these threats effectively.
