Small and medium-sized businesses faced cyber threat most

Sophos annual threat report reviled

Sophos has released its Annual Threat Report for 2025, highlighting the major security threats that small and medium-sized businesses faced in 2024. According to the report, the primary method attackers used to infiltrate networks was through network edge devices, such as firewalls, routers, and VPNs, which were responsible for the initial compromise in nearly 30% of cases.
"Over the past several years, attackers have aggressively targeted edge devices," stated Sean Gallagher, principal threat researcher at Sophos. "Compounding this issue is the rising number of end-of-life (EOL) devices still in use—a problem Sophos refers to as digital detritus. These devices, which are often exposed to the internet and are low on the patching priority list, serve as highly effective entry points for network infiltrations."
The report revealed that VPNs were the most frequently compromised point, accounting for over 25% of all incidents, including 25% of ransomware and data exfiltration events. Gallagher explained, "Attackers no longer need to deploy custom malware; they can exploit the very systems that businesses rely on, making their attacks more agile and harder to detect."