Cybercriminals are now more likely to use stolen login credentials than exploit system weaknesses to break into networks, according to a new report by global cybersecurity firm, Sophos.
The 2025 Sophos Active Adversary Report shows that 56% of network breaches in 2024 stemmed from compromised login details, particularly through remote access tools like VPNs and firewalls. This marks the second year in a row where stolen credentials ranked as the top method of cyberattack, outpacing system vulnerabilities and brute-force attempts.
This trend poses a growing concern for small and medium-sized businesses (SMEs), which often operate with limited cybersecurity budgets and rely heavily on remote tools to stay agile.
“Basic security is no longer enough,” said John Shier, Field CISO at Sophos. “Small businesses must actively monitor their networks and respond quickly to threats. The faster the detection, the better the outcome.”
The report also revealed the fast pace of modern cyberattacks, with attackers reaching sensitive data in just over 3 days after the initial breach. In some cases, they gained control of key systems like Active Directory in just 11 hours.
For businesses, especially those without dedicated IT teams, this short window poses a high risk of data loss, ransomware, or complete operational shutdown.
Among the most active ransomware groups in 2024 were Akira, Fog, and LockBit, the latter of which remains a threat despite enforcement crackdowns.
The study also noted that 83% of ransomware attacks happened outside normal business hours, catching many SMEs off-guard and unprepared.
Sophos recommends businesses take key precautions including:
- Blocking public access to Remote Desktop Protocol (RDP) ports
- Using strong authentication systems
- Keeping all systems updated and patched
- Investing in 24/7 monitoring or Managed Detection and Response (MDR) services
With cyberattacks evolving rapidly, the report underscores the urgent need for proactive security strategies—especially for small businesses that can’t afford the cost of downtime or data breaches.
Discover more from SMALL BUSINESS INSIGHTS
Subscribe to get the latest posts to your email.
