Organisations in EMEA faced an average of 1,679 cyber-attacks per week in the past six months, with the education sector facing the largest number of attacks.

According to the Check Point EMEA Threat Intelligence Report, launched today at the CPX 2025 conference in Vienna, education and research are the most attacked sector in EMEA, with an average of 4,247 weekly attacks per organisation.

Speaking at CPX2025, Sergey Shykevich, threat intelligence lead at Check Point Software, said education is typically attacked due to its open networks, but also due to it having PII and sensitive information. “Also many colleges and high profile universities conduct sensitive technical research for government, for defence institutions,” he said.

The highest increase in attacks was against software and semi-conductor developers, “because different types of attackers understood the best way to find the networks of various organisations,” Shykevich said. “Cyber-criminals look at the supply chain and strike to make their operations efficient.

The report also found that ransomware remains one of the most persistent and damaging cyber threats, with attackers moving away from traditional encryption-based extortion, and toward pure data-leak extortion. They are also focused on stealing sensitive corporate data and threatening to leak it, rather than encrypting files.

Email Issues

Email was also determined to be the most dominant attack vector, with around 70 percent of attacks beginning with this method. Skykevich said that more than just email attachments, as after protections were put into place, different malicious files inside of archive files as they are extended to emulate what is inside those files.

Asked if the threat from email is ever likely to change, Gil Friedrich, VP, email security at Check Point, said that email is being replaced inside organisations by collaboration tools like Slack and Teams, but email “by design is open to everyone in the world.”

Speaking to SC UK, Friedrich said the open nature was intended so people can communicate, but it is also why it is vulnerable. “I think it is also relatively easy to impersonate the domain, impersonate the user,” he said. “A lot of functions around invoice systems and payment are trying to move away from email, but they always start there and that’s really the problem as the initial trust is based on email.”

Is it is the case that a move from email to collaboration platforms will remove the attacker’s opportunity? Friedrich said if Teams were open to the rest of the world, then we would see all these attacks moving to Teams.

“We are seeing those attacks hitting our SMS messages, in WhatsApp, in LinkedIn. Any platform that's open to everyone and we'll start seeing the hackers trying to leverage it.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.