TL;DR
Ransomware now hits SMBs at more than double the rate of large enterprises, credential theft has surged 160%, and attackers are mimicking trusted apps like ChatGPT to sneak malware past your staff. Here are the five stories from the past week that actually matter for your business — and what to do about each one.
1. SonicWall Report: SMBs Carry Double the Ransomware Burden
Get Our Weekly Cybersecurity Digest
Every Thursday: the threats that matter, what they mean for your business, and exactly what to do. Trusted by SMB owners across Australia.
No spam. No tracking. Unsubscribe anytime. Privacy
SonicWall's 2026 Cyber Protect Report found that 88% of SMB breaches involved ransomware — more than double the rate seen at large enterprises. The report reframed the problem away from exotic zero-days and onto seven preventable operational failures it calls the "Seven Deadly Sins of Cybersecurity," including weak authentication, overexposed access, and reactive security postures.
High and medium severity attacks surged 20.8% to 13.15 billion hits globally. Automated bots now generate more than 36,000 vulnerability scans per second, and stolen credentials — not zero-day exploits — remain the attacker's weapon of choice in 85% of actionable security alerts.
Free Resource
Get the Free Cybersecurity Checklist
A practical, no-jargon security checklist for businesses. Download free — no spam, unsubscribe anytime.
Send Me the Checklist →What this means for SMBs: You are not too small to target. Ransomware actors cast wide nets and SMBs with flat networks, no offline backups, and single-factor authentication are the easiest catches. The fix isn't buying more tools — it's executing the basics: MFA on every account, tested backups, and network segmentation.
2. Credential Theft Surges 160% — Your Passwords Are the Problem
Check Point reports a 160% rise in credential-theft events in 2025, and SMB telemetry from Guardz shows over 80% of breaches stem from compromised passwords or token theft. A CyberArk study found 49% of employees reuse credentials across multiple work applications, and 36% use the same password for personal and work accounts.
Microsoft's Identity Report noted that nearly half of SMBs still rely on passwords alone without multi-factor authentication, making credential stuffing and lateral movement trivial for attackers once a single password leaks.
What this means for SMBs: Password reuse is a supply chain problem — your staff's personal Netflix breach becomes your business breach. Mandate MFA on every login that touches business data, enforce unique passwords via a password manager, and monitor for credential exposure using a free service like Have I Been Pwned. Cost: near zero. Impact: massive.
3. Spoofed Apps Luring SMB Staff Into Malware Traps
Attackers are now mimicking trusted tools — ChatGPT, Microsoft Office, Google Drive — to trick users into installing malware. For smaller businesses with less rigorous software controls, the assumption that an app "looks legit" is becoming a direct entry point for info-stealers and remote access trojans.
This coincides with SonicWall data showing bad bot traffic alone now accounts for 37% of all global internet traffic, with automated scanners probing for weaknesses every second.
What this means for SMBs: Staff download what looks familiar. Lock down software installation privileges on work devices, maintain an allowlist of approved applications, and train employees to verify download sources — especially for AI tools. A five-minute team briefing on this topic could save your business.
ISO 27001 SMB Starter Pack — $97
Everything you need to start your ISO 27001 journey: gap assessment templates, policy frameworks, and implementation roadmap built for SMBs worldwide.
Get the Starter Pack →4. Ivanti EPMM Flaws Actively Exploited in the Wild
Two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution) — are now confirmed under active exploitation. Both flaws carry critical severity ratings and affect organisations using mobile device management or remote access services.
CISA issued emergency directives for federal agencies, but the exposure extends well beyond government. Any Australian SMB using Ivanti EPMM to manage mobile devices or remote workers is potentially vulnerable right now.
What this means for SMBs: If you use Ivanti EPMM, treat this as an emergency patch — not a monthly maintenance item. If you use any mobile device management platform, confirm your vendor's patch cadence and ensure automatic updates are enabled. Attackers are scanning for these specific flaws within hours of disclosure.
5. Ransomware Variants in SMB Environments Have Nearly Doubled
Guardz reports that ransomware variants detected in SMB environments have nearly doubled year-on-year. The average ransom payment in 2024 was US$2.73 million, and 5,243 ransomware victims were posted on leak sites — up 15% from 2023. Seventy per cent of cyberattacks in 2024 led to data encryption.
For Australian SMBs, the math is stark: downtime from a cyberattack costs roughly US$53,000 per hour (VikingCloud), and 83% of small businesses are not financially prepared to recover from a breach. Only 14% of SMBs consider their cybersecurity posture highly effective.
What this means for SMBs: Ransomware is a when, not an if. Your survival depends on three things: immutable offline backups you've actually tested restoring, an incident response plan your team has rehearsed, and cyber insurance that covers ransomware specifically. If you haven't tested a backup restore in the last 90 days, you don't have a backup — you have a hope.
FAQ
Q: I'm a 10-person business. Am I really a target? A: Yes. SonicWall data confirms attackers aren't selecting targets — they're scanning everyone indiscriminately. SMBs with weaker defences are the easiest wins. 94% of SMBs experienced at least one cyberattack last year.
Q: What's the single most effective thing I can do this week? A: Enable multi-factor authentication on every account that touches business data — email, cloud storage, accounting software, admin panels. It blocks the vast majority of credential-based attacks for zero cost.
Q: Is cyber insurance worth it for a small business? A: Increasingly yes, but read the policy carefully. Many policies now require evidence of MFA, patching, and backups to pay out. ESET research shows SMBs are increasingly using insurance as a security layer, but only 9% of small businesses currently hold a policy.
Q: How do I know if my business has been breached already? A: The average breach takes 204 days to identify (IBM). Signs include unusual login locations, slow network performance, unexpected software installations, and locked or renamed files. If you're unsure, a professional assessment is the fastest way to find out.
Conclusion
The threat landscape for Australian SMBs isn't getting more sophisticated — it's getting more relentless. The five stories this week all point to the same pattern: attackers exploit basic gaps in fundamentals, not exotic vulnerabilities. MFA, patching, backup testing, and staff training are not optional extras. They are the difference between a bad Monday and a closed business.
Take one action today: Enable MFA on your email and cloud accounts. It takes five minutes and blocks the majority of attacks.
Visit consult.lil.business for a free cybersecurity assessment tailored to Australian small businesses.
References
- SonicWall 2026 Cyber Protect Report — Seven Deadly Sins of Cybersecurity
- Check Point — Credential Theft Surges 160% in 2025
- IBM Cost of a Data Breach 2025 Report
- CISA Emergency Directive — Ivanti EPMM Active Exploitation (CVE-2025-4427, CVE-2025-4428)
- Guardz SMB Threat Telemetry — Ransomware Variants Double
Work With Us
Ready to strengthen your security posture?
lilMONSTER assesses your risks, builds the tools, and stays with you after the engagement ends. No clipboard-and-leave consulting.
Book a Free Consultation →
lilMONSTER Newsletter
Weekly cybersecurity insights, practical tips, no spam. Unsubscribe anytime.