BENGALURU: Once restricted only to large enterprises, now cyber attacks have become common on small and mid-sized businesses (SMBs) too as attackers leverage automation, AI, and advanced evasion techniques to evade traditional defenses. SonicWall has released the 2025 SonicWall Annual Cyber Threat Report, which highlights that as attack surfaces expand and the time to exploit vulnerabilities shrinks, SMBs must prioritise proactive security measures.
“Threat actors are moving at an unprecedented pace, exploiting new vulnerabilities within days, while we’re observing that it takes some organisations 120 to 150 days to apply a critical patch,” said President and CEO Bob VanKirk. “Now more than ever businesses need the expertise of an MSP/MSSP backed by real-time threat monitoring and SOC capabilities. Legacy security solutions are no longer enough, businesses must adopt a new mindset to stay ahead of modern cyber threats.”
"Leveraging real-time threat intelligence, automation, and proactive defenCe strategies will help counteract emerging threats before they escalate," said Debasish Mukherjee, vice-president of sales APJ, at SonicWall.
The report highlights a range of threats including a staggering spike in Business Email Compromise (BEC) attacks – nearly one-third of all reported cyber events were BEC attacks, up dramatically from only 9% in 2023. Ransomware was far and away the biggest threat to the healthcare industry, utilized in 95% of all breaches in this sector.
It also points out that India saw jumps in IOT and cryptojacking and the country saw a jump in targeted crypto attacks. APAC accounts for almost 20% of all malware attacks. As more devices become available, the threat landscape is also growing. IoT attacks (124%) and encrypted threats (93%) continue to climb globally, it points out, adding it is crucial to identify attacks.
Stressing the importance of fixing vulnerabilities, it says patch management has been considered a necessary evil by IT, security and business teams for many years. However, with the recent shift in attack focus — from vulnerabilities in applications to vulnerabilities in operating systems — and the increase in publicised breaches and ransomware attacks, it is now essential for organisations to ensure they are properly managing vulnerabilities in their systems.