Understanding the modern cybercrime landscape

理解现代网络犯罪格局

Throughout 2025, HPE observed significant changes in how cybercriminals operate. Analyzing real-world threats, our HPE Threat Labs highlighted an industrialization of the cyber criminals’ methods in its new In the Wild Report, enabling greater scale, speed and structure in their campaigns. They typically use automation and AI to exploit longstanding vulnerabilities, and many have adopted a professional, corporate hierarchy to optimize their efficiency.

在整个 2025 年，HPE 观察到网络犯罪分子的运作方式发生了重大变化。通过分析现实世界的威胁，我们的 HPE 威胁实验室（HPE Threat Labs）在其最新的《In the Wild》报告中强调了网络犯罪手段的“工业化”趋势，这使得他们的攻击活动在规模、速度和结构上都有所提升。他们通常利用自动化和人工智能来利用长期存在的漏洞，许多犯罪组织甚至采用了专业的企业级层级结构来优化其效率。

Cybersecurity threats today are as menacing as ever for enterprises, as any CISO or CIO can probably confirm. But, digging behind that straightforward statement, there is a much more nuanced, complex cybersecurity landscape at play. This can make it significantly harder to plan, execute, and sustain effective strategies and solutions to protect the network—plus the often valuable—sometimes priceless—data, apps, and assets it transports and stores.

正如任何首席信息安全官（CISO）或首席信息官（CIO）所能证实的那样，当今的网络安全威胁对企业而言依然极具威胁性。然而，深入这一表象之下，会发现网络安全格局远比想象中更加微妙和复杂。这使得规划、执行和维持有效的策略与解决方案变得更加困难，而这些策略旨在保护网络，以及网络所传输和存储的那些往往价值连城、有时甚至是无价的数据、应用程序和资产。

But it can be done, with the right philosophy and strategy, and the right tools and insights. We must first understand the contemporary cybersecurity landscape. This understanding can unlock the right strategy and then onward to identify the tools and insights necessary to protect an enterprise’s network effectively. There are five primary factors influencing the landscape, some old, some new, all dynamic. These factors are distinct but often interdependent, both within themselves and with one or more of the others. Another meaningful way of looking at them is “internal” and “external”; as ever, understanding and dealing with what is in your control can also help to navigate and mitigate what is beyond your control.

但只要拥有正确的理念、策略、工具和洞察力，这一切是可以实现的。我们必须首先了解当代的网络安全格局。这种理解能够开启正确的策略，进而确定有效保护企业网络所需的工具和洞察。目前有五个主要因素在影响这一格局，其中既有旧因素，也有新因素，且都处于动态变化中。这些因素各不相同，但往往相互依存，既存在于自身内部，也与其他因素相互关联。另一种有意义的观察方式是将它们分为“内部”和“外部”因素；一如既往，理解并处理你所能控制的事物，也有助于应对和减轻那些你无法控制的风险。

Five key factors influencing today’s dynamic cybersecurity landscape

影响当今动态网络安全格局的五个关键因素

1. Expectations 1. 期望值

The first factor is predicated on the fundamental reality of an enterprise’s reliance on its network. Most enterprises have already undergone some form of digital transformation and are reaping the day-to-day benefits. This means that the number of people, devices, and things using the network continues to grow; it also means that people’s expectations of the network are higher than ever before – they demand that it does exactly what they need it to do, typically across a proliferation of devices and from multiple locations. Conversely, many employees might not be fully aware of cyber threats and infiltration methods, so their skillsets can easily be the weak point that admits bad actors into the network. Equally, senior management and board members have high expectations at a meta level. Embracing digital transformation and network reliance means the enterprise’s function and reputation are inextricably tied to that. Loss of reputation due to a security breach is a chilling prospect, as is the threat of financial penalty and revenue loss. So, in the minds of leadership, the network has to be safe from cyber threats and be compliant.

第一个因素基于企业对网络的依赖这一基本现实。大多数企业已经经历了某种形式的数字化转型，并正在享受其带来的日常收益。这意味着使用网络的人员、设备和事物的数量在持续增长；这也意味着人们对网络的期望比以往任何时候都高——他们要求网络能够精准地执行任务，且通常是在多种设备和多个地点同时进行。相反，许多员工可能并未完全意识到网络威胁和渗透手段，因此他们的技能水平很容易成为让不法分子进入网络的薄弱环节。同样，高层管理人员和董事会成员在宏观层面也有很高的期望。拥抱数字化转型和网络依赖意味着企业的职能和声誉与此紧密相连。因安全漏洞而导致的声誉损失是一个令人不寒而栗的前景，面临经济处罚和收入损失的威胁也是如此。因此，在领导层看来，网络必须能够抵御网络威胁并保持合规。

2. Financial pressures 2. 财务压力

The first factor arguably contradicts its neighbor in the landscape: general financial constraints and the pressure on CISOs and CIOs to achieve more with less. Despite the strategic reliance on the network and the expectation that it will be protected from cyber threats regardless, the appropriate latticework of defenses (e.g., skilled and right-sized IT teams using progressive tools and meaningful data insights, plus constant workforce education) is not always properly funded and sustained, particularly in the current tough economic climate.

第一个因素在格局中与其邻近的因素存在矛盾：即普遍的财务限制，以及 CISO 和 CIO 面临的“以更少资源实现更多目标”的压力。尽管企业在战略上依赖网络，并期望无论如何都要保护其免受网络威胁，但适当的防御体系（例如：使用先进工具和有意义的数据洞察的专业且规模适度的 IT 团队，以及持续的员工教育）并不总是能得到充足的资金支持和维持，尤其是在当前严峻的经济环境下。

3. Complex infrastructure operations 3. 复杂的架构运营

The ongoing pursuit of digital transformation and consequent network reliance also drives the third factor. Ironically, there is another facet of enterprise protection and financial control wrapped up in this. The widespread move from one-stop shops (avoiding IT vendor lock-in in favor of more competitive pricing and autonomy) has created a more complex, multivendor environment. This is coupled with multiple IT domains required to handle many diverse functions and layers of IT infrastructure (e.g., cloud, on-prem), all connected to the network. Complex, mission-critical IT operations now need to be monitored and protected from increasingly sophisticated cyber breaches.

对数字化转型的持续追求以及随之而来的网络依赖也推动了第三个因素。讽刺的是，这其中还涉及企业保护和财务控制的另一个层面。从“一站式服务”向多元化供应商的广泛转变（为了避免 IT 供应商锁定，转而追求更具竞争力的价格和自主权）创造了一个更复杂的多供应商环境。再加上需要处理多种不同功能和 IT 基础设施层级（如云端、本地部署）的多个 IT 领域，所有这些都连接到网络上。如今，复杂且关键的 IT 运营需要受到监控，并保护其免受日益复杂的网络攻击。

4. Unpredictable geopolitics and economics 4. 不可预测的地缘政治与经济

Shifting from the first three factors—all internal to an enterprise—the fourth is unquestionably external and without doubt the most intractable risk for any enterprise, individual, or industry group. Global uncertainty and tension are unavoidably putting even greater pressure on already-tight IT budgets, component supply chains and power costs. This can easily exacerbate existing constraints on cybersecurity budgets when vigilance and protection are more needed than ever. Unfortunately, in cyberspace one cannot always point a finger in one direction to identify an adversary. Geopolitical alliances in cyberspace are much more difficult to track, and defending against an escalating tension becomes an all-out fight to secure the network.

从前三个属于企业内部的因素转向第四个因素，这无疑是外部因素，也是对任何企业、个人或行业群体而言最棘手的风险。全球的不确定性和紧张局势不可避免地给本已紧张的 IT 预算、组件供应链和电力成本带来了更大的压力。当比以往任何时候都更需要警惕和保护时，这很容易加剧网络安全预算现有的限制。不幸的是，在网络空间中，人们并不总能明确指出对手是谁。网络空间中的地缘政治联盟更难追踪，防御不断升级的紧张局势已成为一场保卫网络的全面战争。

5. Evolving cyber threats 5. 不断演变的网络威胁

The fifth factor is obviously the epicenter of today’s cyber security landscape. According to the HPE Threat Labs’ report, governments were the most frequently targeted sector globally in 2025, followed by finance, technology, defense, and manufacturing. The prevailing global geopolitical and economic situation may further accelerate the twin motivations of nation state-linked espionage and organized crime for extortion and theft.

第五个因素显然是当今网络安全格局的震中。根据 HPE 威胁实验室的报告，2025 年全球受攻击最频繁的行业是政府部门，其次是金融、科技、国防和制造业。当前全球地缘政治和经济形势可能会进一步加速与民族国家相关的间谍活动，以及有组织犯罪进行勒索和盗窃的双重动机。

Use the network to protect the network… and beyond

利用网络来保护网络……以及更多

The current cybersecurity landscape calls for a re-think of the network’s pivotal role and how it can manage an enterprise’s digital defenses effectively, dynamically, and comprehensively. Overall, the network can be an excellent security sensor and enforcement point, using built-in security capabilities rather than being a collection of devices with an inflexible, bolted-on security layer. Much as cybercriminals use agentic and generative AI to intensify their campaigns, CISOs can stay ahead more easily by…

当前的网络安全格局要求我们重新思考网络的核心作用，以及它如何能够有效、动态且全面地管理企业的数字防御。总的来说，网络可以成为出色的安全传感器和执行点，利用内置的安全功能，而不是仅仅作为一组带有僵化、附加安全层的设备集合。正如网络犯罪分子利用代理式和生成式人工智能来加强其攻击活动一样，CISO 也可以通过……更容易地保持领先地位。