For years, the main concern of IT departments was perimeter shielding against highly sophisticated software vulnerabilities. However, the latest data reveals that the cybercriminal no longer needs to break down traditional technical defenses; Today, you simply log in using compromised credentials that have been leaked onto the network.

According to data collected by SonicWall in its recent Cyber ​​Protect Report85% of actionable security alerts detected are directly linked to compromised identities, cloud environments, and theft of access information. This alarming trend is forcing small and medium-sized businesses (SMEs) to completely rethink their protection strategies in the face of a threat environment that mainly exploits the human factor and excessive access.

The deception of the tool: the risk of fragmentation

For sector experts, the diagnosis is forceful: the greatest current danger for the business fabric does not lie in the scarcity of protection tools in the market, but in the lack of control and the lack of segmentation of access within the organizations themselves. Many companies have taken a piecemeal approach, purchasing security solutions in isolation that fail to communicate and coordinate with each other.

Sergio Martínez, country manager of Iberia and Italy at SonicWall, explains the seriousness of this scenario. In his opinion, “many companies continue to approach security from a fragmented approach, based on isolated solutions that do not always work in a coordinated manner. In an environment where attackers routinely use compromised credentials to gain entry without raising suspicion, this lack of integration has become one of the main risks for SMEs.”

The manager emphasizes a crucial paradigm shift for corporate survival: real success in cybersecurity is not determined by the volume of tools a company has deployed in its infrastructure, but by its inherent ability to keep the business operational and mitigate damage when an incident occurs.

The most common attack vectors

Digital identity theft has established itself as the preferred entry route for cybercriminals. By using legitimate accounts that have previously been compromised, attackers manage to go unnoticed by traditional monitoring systems. The use of compromised credentials is mainly fueled by the following recurring tactics observed in the last year:

  • Key theft and specialized malware: Programs specifically designed to extract passwords and user access data.
  • Phishing campaigns: Social engineering strategies aimed at tricking employees into voluntarily handing over their access codes.
  • Business Email Compromise (BEC): Interception and impersonation of corporate communications to divert funds or steal critical information.
  • Excessive remote access: Granting unnecessarily broad permissions to users or devices that do not require them for their daily tasks.

Faced with this reality, the priority can no longer be exclusively to avoid intrusion at all costs. Organizations must assume as an inevitable fact that, at some point, their defenses will be overcome. Therefore, current security design must focus on containing the impact of this breach immediately.

The danger of traditional VPNs and the need to segment

One of the most critical weaknesses identified in SME infrastructures is the continued dependence on traditional remote access models based on virtual private networks (VPN). Under this outdated scheme, once a user is authenticated, the system grants them extremely broad visibility and control over the entire corporate network.

In a context where the use of compromised credentials is massive, resorting to traditional VPNs exponentially increases the risk of propagation of attacks. If a cybercriminal gets hold of an employee’s keys, they automatically obtain “the keys to the kingdom,” facilitating lateral movement within the company’s servers.

Paradoxically, many organizations already have advanced protection capabilities built into their everyday productivity and collaboration platforms—such as multi-factor authentication (MFA), email filtering, or basic endpoint protection. However, the report warns that these functions are often implemented partially or without a coordinated access and identity strategy, which ends up generating blind spots that can be exploited by criminals.

Towards a coherent architecture and operational resilience

To solve these deficiencies, the multinational’s experts recommend migrating towards a coherent and simplified architecture. Far from requiring multi-million dollar investments or extremely complex technological infrastructures, small businesses need systems capable of limiting lateral movement, reducing the area of ​​exposure and accelerating recovery times from incidents caused by compromised credentials.

One of the great advantages of designing a simpler and more consistent security structure is the direct impact on employee behavior. By simplifying the user experience and reducing complexity for IT teams, the likelihood of staff compliance with security standards is significantly increased, reducing the need to grant exceptions or enable insecure access for operational convenience.

The recommended strategy involves adopting a layered security model. This approach should natively integrate end device protection (endpoints), email security, multi-factor authentication and, most importantly, robust operational recovery plans. Again, the key to success lies in ensuring that all of these solutions work in a fully coordinated and cooperative manner.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.