Ransomware Attacks Rise 37% in 2025; Microsoft’s New Passwordless Strategy and Security Insights

Ransomware attacks have surged dramatically, particularly affecting small and mid-sized businesses (SMBs), which now experience ransomware in 88% of breaches. According to Verizon's 2025 data breach investigations report, ransomware was detected in 44% of over 12,000 data breaches, marking a 37% increase from the previous year. While the number of organizations paying ransoms has decreased, the FBI's report indicates that complaints related to ransom have risen by 9%, making it the top threat to critical infrastructure. The overall online crime losses surged by 33% in 2024, totaling $16 billion, with investment fraud linked to cryptocurrency accounting for the most significant financial losses.

A recent report from KeepAware highlights the security risks associated with employee use of web browsers in the workplace, revealing that over 70% of modern malware attacks originate from these unmonitored endpoints. Traditional security tools are ineffective at detecting threats within browsers, leading to increased vulnerabilities. Key findings show that 70% of phishing campaigns impersonate trusted platforms, and a significant portion of file uploads from company devices are directed to personal accounts without detection. This raises concerns about the basic security hygiene that many SMBs still lack, such as multi-factor authentication and unpatched systems.

Microsoft has announced a shift towards passwordless accounts by default, emphasizing the need for improved security practices. This change comes in light of significant security breaches, including one involving Defense Secretary Pete Hedgeseth, whose reuse of passwords across multiple accounts raised concerns about national security. Microsoft has dedicated substantial resources to strengthen its systems post-breach, migrating cryptographic keys and eliminating outdated systems. However, the underlying issue of human negligence remains a critical challenge, as advanced technology cannot compensate for poor decision-making and lack of user training.

Enable reported its first quarter 2025 results, showcasing a revenue of $118.2 million, reflecting a 3.9% year-over-year growth. Despite exceeding revenue guidance, the company experienced a net loss of $7.2 million, raising concerns about market saturation and pricing pressure in the managed services software ecosystem. The discussion highlights the importance of understanding the dynamics of the MSP market, where churn is sticky and expansion is slow. As the podcast concludes, listeners are encouraged to reflect on the implications of geopolitical and trade policies on tech supply chains and the necessity of modernizing security practices to mitigate risks

Four things to know today

00:00 Ransomware, Browser Risks, and Record Losses: 2025 Security Reports Point to a Failure of Fundamentals

04:11 Password Reuse, Passkey Hype, and Microsoft’s Security Reckoning: What the Latest Breaches Reveal About Culture and Complexity

07:49 Durable But Not Disruptive: N-able’s Q1 Results Reflect Sluggish MSP Software Growth and Operational Pressure

11:53 Tariffs, Tech Gaps, and Legal Risks: The Hidden Pressures Facing U.S. SMBs and Security Leaders

Supported by:  https://afi.ai/office-365-backup/