By Zack Finstad
As the Vice President of a Platform MSP, I’ve seen the cybersecurity landscape shift dramatically, and the 2025 SonicWall Cyber Threat Report, released on February 24, 2025, underscores just how fast and fierce these changes have become. Compiled by SonicWall’s Capture Labs threat researchers, this report isn’t just a snapshot of 2024 - it’s a call to action for MSPs and our clients to act with speed and precision. Let’s unpack the critical insights and explore what they mean for our business and yours.
The Need for Speed: Closing the Exploitation Window
The report’s title, "The Need for Speed," hits the nail on the head. SonicWall found that 75% of exploits occur within four days of a proof-of-concept (PoC) disclosure, with 61% striking within 48 hours. Groups like LockBit and ClOp have pushed this even further, launching ransomware attacks within 24 hours of vulnerabilities like CVE-2024-27198 (JetBrains TeamCity Authentication Bypass) going public. Douglas McKee, SonicWall’s Executive Director of Threat Research, puts it bluntly: “Threat actors are exploiting vulnerabilities at lightning speed, while organizations take far too long to respond.”
What does this mean for our clients: This shrinking window demands agility. Our platform’s real-time patch management and 24/7/365 monitoring are designed to slam the door shut before attackers can slip through. Hesitation isn’t an option – it’s a risk we mitigate.
Ransomware: A High-Stakes Battle
Ransomware continues to wreak havoc, with a 25% spike at the end of 2024 driven by groups like Fog, Akira, and SafePay. The average ransom payment reached $850,700, but the total cost, including downtime and recovery, averaged $4.91 million per incident. SonicWall’s defenses saved organizations from a potential 68 days of downtime in 2024 – protecting 19% of a company’s at-risk revenue. Nowhere was the impact more severe than in U.S. healthcare, where ransomware fueled 95% of breaches, affecting 198 million Americans. Double and triple extortion tactics have become the norm, especially in healthcare, amplifying the pressure to pay.
What does this mean for our clients: That 68-day downtime save is a lifeline for revenue and reputation. We’re fortifying our clients with regular backups, network segmentation, and multiple layers of detection and response (EDR/MDR/XDR). For healthcare clients, where 198 million individuals were hit, our SOC services tackle the legacy system vulnerabilities that make this sector a prime target.
BEC Attacks: A Dramatic Surge
Business Email Compromise (BEC) attacks have skyrocketed, with nearly one-third of all reported cyber events in 2024 tied to BEC – up dramatically from just 9% in 2023. Leveraging generative AI, attackers craft phishing emails so convincing that they are nearly indistinguishable from legitimate communications. The report cites a case where a compromised trusted account tricked a consulting firm executive into revealing credentials, spreading the scam further.
What does this mean for our clients: This jump from 9% to 33% signals a new frontier in phishing. Our AI-driven threat detection catches these sophisticated attempts, while our cybersecurity awareness training empowers users to spot the red flags. It’s a human-and-tech defense combo that’s critical in this BEC surge. By leveraging a single SaaS monitoring solution, Logically has prevented over 320 BECs since January 2023.
AI: Powering Both Sides
AI is reshaping the battlefield. Server-Side Request Forgery (SSRF) attacks surged 452% in 2024, fueled by AI tools that automate exploits and evade detection. On the flip side, SonicWall’s Real-Time Deep Memory Inspection identified 210,258 never-before-seen malware variants – 637 new threats daily. AI is lowering the barrier for attackers while sharpening our defenses.
What does this mean for our clients: Logically has been leveraging AI in our SOC-as-a-Service platform for several years. We are continuing to review and leverage other AI platform to stay ahead, detecting threats in real time. For clients, this means protection from AI-enhanced attacks like SSRF and BEC, paired with education to counter phishing’s human element.
Expanding Threats: IoT and Everyday Files
The Internet of Things (IoT) is a growing weak spot, with SonicWall blocking over 17 million attacks on IP cameras in 2024 – a 124% increase. Exploits like the Hikvision IP Camera Command Injection (CVE-2021-36260) threaten critical sectors. Meanwhile, file-based attacks are rampant: 38% of malicious files were HTML-based, and 22% were PDFs, often hiding QR codes to phishing sites.
What does this mean for our clients: We’re securing IoT with firmware updates and network restrictions, while our threat protection filters out malicious files. That 19% revenue protection from downtime ties directly to keeping these attack vectors in check. Additionally, we always recommend network segmentation for IoT and similar devices.
MSPs as Essential Partners
SonicWall CEO Bob VanKirk drives home the power of collaboration: “SMBs and enterprises shouldn’t go it alone in this fight.” The report positions MSPs as vital allies, with 24/7 SOC services and Zero Trust models as must-haves.
What does this mean for our clients: You’re not alone. Our platform, fueled by SonicWall’s threat intelligence, delivers the proactive protection that saved 68 days of downtime in 2024. From BEC’s 33% spike to healthcare’s 198 million impacted, we’re your shield and strategist.
Looking Ahead
The 2025 SonicWall Cyber Threat Report – available now at https://www.sonicwall.com/threat-report – lays bare a fast-evolving threat landscape. As a Platform MSP, we’re not just reacting; we’re anticipating. Whether it’s slashing exploitation windows, mitigating ransomware’s $4.91 million sting, or countering BEC’s dramatic rise, we’re arming our clients with resilience.
Cybersecurity is about trust, speed, and partnership – and we’re all in. Be Cyber First and Future Ready!