The modern cyber threat landscape is rapidly evolving, with threat actors employing increasingly sophisticated tactics, especially targeting small and medium businesses (SMBs). SonicWall’s 2025 Cyber Threat Report highlights the escalating and diversifying nature of these cyber threats.
The report highlights that identity, cloud, and credential compromise account for 85% of actionable alerts. It also indicates that 33% of reported cyber insurance events are Business Email Compromise (BEC) incidents, which are up from 9% year-over-year. Moreover, SonicWall identified 210,258 ‘never-before-see’ malware variants, averaging 637 a day.
Staggering spike in BEC attacks
SonicWave’s report also details the rise in Business Email Compromise (BEC) attacks, noting they are one of the most widespread cyber threats. These attacks rely on deception and impersonation, making them difficult to identify. It noted that nearly one-third of all reported cyber events were BEC attacks in 2024, a significant increase from 9% in 2023.
Additionally, man-in-the-middle (MitM) attacks play a key role in BEC. In these attacks, threat actors use compromised emails to intercept messages or manipulate internal communications. This can alter the perception of reality, as employees may unknowingly send information to cybercriminals.
The speed of threat actors
Regarding threat actors, the report emphasizes the speed at which they exploit vulnerabilities, with most attacks beginning within 48 hours of proof-of-concept (PoC) disclosure.
This trend is supported by Google’s Threat Analysis Group, which reports many vulnerabilities are exploited just days after being made public. These attacks often target flaws in Microsoft Exchange, IoT devices, and third-party software like MOVEit.
Advanced Ransomware-as-a-Service (RaaS) operations streamline the exploitation of these vulnerabilities. The report cites examples of some recent attacks:
- LockBit quickly exploited CVE-2024-27198, launching ransomware attacks within 24 hours of the vulnerability’s disclosure.
- The Cl0p ransomware gang leveraged a critical flaw to breach 66 companies and issue ransom demands within 48 hours of the PoC disclosure.
These examples highlight the critical need for proactive security measures for SMBs, as attackers have reduced their response time to hours.
What this means for ERP Insiders
Implement real-time patching and strict zero trust architecture. Organizations with poor patch management hygiene are highly vulnerable to cyberattacks. According to the SonicWave study, by continuously scanning for and applying patches, businesses can prevent ransomware infections, data breaches, and system compromises before threat actors can take advantage of known weaknesses. Ensure that all your systems, including the ERP software, database servers, and associated operating systems, are consistently updated. Additionally, threat actors leverage AI and automation to infiltrate networks. Thus, security teams must enforce strict access controls, assume no implicit trust, and validate every access request. This translates to granular user permissions, multi-factor authentication (MFA) for all users, and careful monitoring of access logs to detect unusual activity.
Leverage 24/7 SOC services for real-time threat protection and rapid response. MSPs/MSSPs should partner with security vendors offering SOC services and 24/7/365 monitoring because cyber threats evolve rapidly, with attackers exploiting vulnerabilities within hours of discovery, the SonicWave report states. Continuous monitoring ensures real-time threat detection, rapid incident response, minimized downtime, protecting clients from costly breaches and operational disruptions. ERP users should have a system in place to detect and respond to threats targeting the ERP system, such as unauthorized access attempts, data exfiltration, or ransomware attacks, at any time of day or night. This includes monitoring cloud environments and SaaS applications, as 78% of security alerts were tied to cloud-based threats according to the study.
Enhance ransomware readiness by securing IoT, and training users. Organizations must implement regular backups, network segmentation, and endpoint detection and response (EDR) solutions to prepare against ransomware attacks. Ensure that your ERP data is regularly backed up and stored securely, the network is segmented to limit the spread of ransomware, and that EDR solutions are in place to detect and respond to ransomware attacks. The SonicWave report states that IoT attacks surged 124% in 2024. To protect against these, organizations must secure IoT devices by changing default credentials, applying firmware updates, and restricting network access. If your ERP system integrates with IoT devices, ensure these are secured. Human error also remains a major attack vector. Therefore, regular training on phishing, social engineering, and credential hygiene can significantly reduce risk. Train your employees regularly on how to recognize and avoid phishing attacks, social engineering tactics, and other cybersecurity threats.
