Graymont Technologies recorded an approximately three-fold increase in managed detection and response client engagements during 2024 and into 2025. The growth came in a year that Kaspersky's State of Ransomware 2025 report characterised as one of rising attack severity across Africa, with the share of Kaspersky's emergency response cases linked to ransomware rising from 33.3% in 2023 to 41.6% in 2024 even as global detections fell 18% (5.7 million to 4.7 million).
The MDR engagement profile at Graymont Technologies is concentrated in financial services, regulated lending institutions, and mid-market commercial businesses whose IT environments have grown beyond what a small internal team can monitor at the required cadence. Engagements typically include endpoint detection coverage, log aggregation and analysis, threat hunting, and incident response retainers, with the specifics tuned to the client's regulatory profile and threat exposure.
Ghana is not separately broken out in the Kaspersky published summary, but the patterns documented in the report apply directly. The Bank of Ghana's revised Cyber and Information Security Directive is the regulatory response, and the controls it calls for, including endpoint detection coverage, penetration testing, and structured threat intelligence reporting, are the same controls Graymont Technologies has been deploying for clients independently of the regulatory cycle.
The attack vectors documented in Kaspersky's report align with what Graymont Technologies' team has observed in client environments through the period. Phishing campaigns that deliver credential-harvesting payloads, exploitation of unpatched internet-facing software, and abuse of remote desktop protocol credentials remain the principal entry points. None of these vectors requires sophisticated zero-day capability; they exploit gaps in basic security hygiene that remain common across many businesses.
The shift in attack severity that Kaspersky documented matters operationally. The fact that detections are falling globally while the share of ransomware-linked emergency response cases is rising suggests that attackers are increasingly selective about their targets and more committed to monetising successful intrusions through ransomware deployment. For client organisations, the implication is that the cost of a successful attack is higher than it would have been earlier in the threat cycle, while the probability of being targeted at all has shifted in ways that reward defensive posture rather than obscurity.
The team's posture is that ransomware defence is not a one-time engagement. The threat environment evolves continuously, the attack surface for any client of meaningful scale grows with the business, and the operational discipline that distinguishes a defended environment from a vulnerable one requires sustained investment in monitoring, hygiene, and staff awareness. MDR retainers are designed for that sustained engagement rather than one-shot project work.
Looking ahead, Graymont Technologies' MDR engagement count has continued to grow through 2025 and into 2026, supported by the formal launch of the service into the external market in April 2026. The trajectory the firm observed through 2024 was a leading indicator of the broader demand picture that has since materialised, and the team's capacity build-out has been calibrated accordingly.