Outdated network devices are the hidden backdoors for Cyberattacks

A new threat intelligence report from cybersecurity leader Sophos underscores a harsh reality for India’s small and mid-sized businesses (SMBs): their own outdated infrastructure is becoming their greatest vulnerability. According to Cybercrime on Main Street: Sophos Annual Threat Report 2025, misconfigured and aging edge devices—firewalls, routers, VPNs—accounted for nearly 30% of initial network compromises in 2024.

The report identifies what Sophos calls “digital detritus”—end-of-life (EOL) devices still exposed to the internet—as a growing problem in the SMB ecosystem. These devices, often overlooked in patching schedules, are a low-hanging fruit for cybercriminals. “Over the past several years, attackers have aggressively targeted edge devices,” said Sean Gallagher, principal threat researcher at Sophos. “Because these devices are exposed to the internet and often low on the patching priority list, they are a highly effective method for infiltrating networks.”

The numbers are sobering. VPNs alone were responsible for more than a quarter of all cybersecurity breaches and featured in 25% of ransomware and data exfiltration cases. This illustrates a critical disconnect: while VPNs are deployed for secure remote access, many organizations continue to run them on outdated firmware or with default configurations—effectively leaving the front door wide open.

Ransomware Dominates, But Attackers Evolve

Despite the emergence of AI-led threats and sophisticated malware, ransomware remains the most persistent and damaging threat, making up over 90% of incident response cases for midsized businesses and 70% for smaller firms. The report reveals that attackers are becoming increasingly nimble, often eschewing custom malware altogether in favor of exploiting built-in, trusted business tools.

Remote access solutions—tools used by legitimate IT teams—have become a favorite among cybercriminals. These were abused in 34% of all monitored incident response and managed detection cases, pointing to a troubling trend where trust in common IT tools is being weaponized.

Social Engineering Gets Smarter

Adding to the complexity is the attackers' growing comfort with advanced social engineering techniques. Traditional phishing has evolved into “quishing” (QR code phishing), “vishing” (voice phishing), and even email bombing—a tactic where thousands of emails are sent in a short burst to overwhelm and distract recipients.

Worryingly, multi-factor authentication (MFA)—long considered a cybersecurity staple—is no longer a reliable last line of defense. Sophos reports that attackers are now using phishing platforms that mimic authentication portals to capture session tokens in real time, bypassing MFA altogether.

The Indian Context: Budget Constraints and Legacy Tech

For Indian SMBs, this report is more than just a wake-up call—it’s a mirror. Many businesses continue to operate on thin IT budgets, often prioritizing expansion over security upgrades. Legacy hardware, lean cybersecurity teams, and delayed software patching form a perfect storm.

Sophos’ findings suggest that investing in basic cyber hygiene—regular patching, retiring EOL devices, and reviewing remote access policies—could drastically reduce exposure. For organizations without dedicated IT security teams, managed detection and response (MDR) services are becoming not just advisable, but essential.

Bottom Line

The Sophos report reinforces that cybersecurity today is less about perimeter fortification and more about internal vigilance. As the edge becomes the new battleground, the cost of ignoring digital detritus could be far greater than upgrading old equipment. For India’s SMBs looking to grow sustainably, securing the network edge is no longer optional—it’s urgent.