Ransomware Attacks Rise 37% in 2025; Microsoft’s New Passwordless Strategy and Security Insights

[00:00:02] It's Friday, May 9th, 2025 and I'm Dave Solt for 4 things to know today. Ransomware Attacks Skyrocket with SMBs bearing the brunt, Browser Threats Emerges a Blind Spot in Endpoint Defense, Microsoft Pushes Pass Keys while Revealing the Cost of Poor Complexity Management, and Enables Earnings Offer a Reality Check on MSP Platform Growth.

[00:00:25] Plus, deeper questions. Are outdated security practices holding us back? And are you carrying the risk your clients don't see? This is the Business of Tech. Let's look at some security reports. Verizon's 2025 Data Breach Investigations Report reveals a significant surge in ransomware attacks and exploited vulnerabilities,

[00:00:47] with ransomware detected in 44% of over 12,000 data breaches examined, a 37% increase from the previous year. While the number of organizations paying ransoms has decreased, 64% did not pay compared to 50% two years prior, the prevalence of ransomware continues to rise, particularly among small and mid-sized businesses which experience ransomware in 88% of breaches.

[00:01:12] According to the FBI's annual report from the Internet Crime Complaint Center, complaints related to ransomware increased by 9% last year, making it the top threat to critical infrastructure. Overall, online crime losses surged by 33%, totaling $16 billion in 2024, with investment fraud linked to cryptocurrency accounting for the most significant financial losses at over $6.5 billion.

[00:01:42] And a recent report from KeepAware highlights significant security risks associated with employee use of web browsers in the workplace, noting that over 70% of modern malware attacks originate through these unmonitored endpoints. The report identifies that traditional security tools are ineffective at detecting threats within browsers, leading to increased vulnerabilities as employees frequently access sensitive information and applications.

[00:02:07] Key findings reveal that 70% of phishing campaigns impersonate trusted platforms like Microsoft's OneDrive, while over 150 popular services are being exploited to host phishing attacks. Additionally, 34% of file uploads from company devices are directed to personal accounts, often without detection. Why do we care? It's tempting to treat every new report as proof that clients need the full stack of AI-enhanced XDRs,

[00:02:36] SOCKs of service, browser isolation and insider threat analytics. But the reality for most SMBs is that basic hygiene still isn't in place. MFA gaps, unpatched systems and a lack of asset visibility remain persistent failures. Before layering more tech, providers should assess if their clients have covered the fundamentals, because advanced tools don't fix unmanaged risks. Be really great at the basics.

[00:03:05] This episode is supported by AFI.AI, MSP-focused backup reliable at petabyte scale. AFI.AI delivers intelligent backup for Microsoft 365, Azure, Google Workspace, Kubernetes and AWS. Its AI engine is designed to detect threats and act before damage is done. It performs pre-emptive backups during ransomware attacks, where immutable snapshots ensure data integrity.

[00:03:34] AFI.AI is the only solution offering full-text search across backups. It also features single management portal to manage all clients and workloads, granular access roles, automated reporting and APIs for integrations. Administrators can restore entire accounts or individual items with a single click, and cross-tenant recovery simplifies migrations between domains. With AFI.AI, organizations gain faster, more reliable protection and unparalleled visibility into their cloud data.

[00:04:05] Start your free trial at AFI.AI slash Office dash 365 dash backup. It was inevitable that someone researched this. Defense Secretary Pete Hedgeseth's reuse of passwords across multiple personal email accounts has raised significant security concerns following their exposure in cyber attacks. Experts warn that this practice could jeopardize sensitive information, particularly as Hedgeseth communicated details about military strikes via his personal phone.

[00:04:33] Cyber security experts have noted that the passwords used by Hedgeseth were discovered in data breaches dating back to 2017 and 2018, underscoring the risks associated with password reuse. With the ease of access to exposed passwords increasing, Kristen Del Rosso from DevSec highlighted that finding such data has become more routine, which could allow hackers to gain deeper insights into individuals.

[00:04:58] The implication of Hedgeseth's digital practices extend beyond personal security and implications for national security, as non-security communications could potentially endanger military operations. Microsoft has announced that new Microsoft accounts will now be passwordless by default, offering users multiple options for signing in, including passkeys. This change was unveiled on World Passkey Day, where the company emphasized its commitment to making passwordless authentication more accessible.

[00:05:27] According to Microsoft, signing in with passkeys is eight times faster than using a password or multi-factor authentication. The company reports nearly one million passkeys registered daily, with users of passkeys experiencing a 98% success rate when signing in, compared to just 32% for traditional password-based accounts. Microsoft is also renaming World Password Day to World Passkey Day to to emphasize this shift in user authentication strategy.

[00:05:55] Speaking of Microsoft, the company has reported significant progress in its security initiatives one year after a major data breach that compromised government data. In a recent update, the company revealed that it has dedicated the equivalent of 34,000 engineers working full-time for 11 months to strengthen its systems and train employees. Among the key changes, Microsoft has migrated cryptographic keys for its Azure confidential virtual machines and eliminated over 550,000 outdated systems from its infrastructure.

[00:06:25] Additionally, nearly 100% of devices connected to Microsoft's internal networks are now managed in a central repository for better lifecycle management. Why do we care? While the shift to passkeys is promising, and one I'm very much behind, it doesn't solve the root problem – human negligence. Headset's blunder wasn't due to lack of technology, it was poor decision-making.

[00:06:50] Culture and behavior are still the weakest link, and no biometric or passkey eliminates that. Providers shouldn't oversell passkeys as a silver bullet. Without ongoing user training, executive accountability, and secure communication policies, the surface is just polished, not protected. Post-breach, Microsoft mobilized what amounts to 34,000 engineering years to remediate weaknesses, a luxury most IT providers will never have.

[00:07:17] But the actions they took – as decommissioning of legacy systems, central management of connected devices, and key migration – should be the baseline roadmap for any mature IT operation. The takeaway? Complexity is the enemy of security. If Microsoft had to eliminate half a million obsolete systems, what unmanaged legacy tech still lurks in S&B client environments?

[00:07:39] Helping clients reduce sprawl, sunset old infrastructure, and centralized control should be core to every QBR and roadmap conversation. Enable reported its first quarter 2025 results showcasing a revenue of $118.2 million, reflecting a 3.9% year-over-year growth.

[00:08:01] The company exceeded its revenue in adjusted earnings before interest, taxes, depreciation, and amortization guidance with a total annual recurring revenue of $492.7 million, representing a year-over-year growth of 10.3%. Enable's president and CEO John Pagliuca noted significant progress in advancing cyber resiliency for businesses worldwide, highlighting the launch of new security capabilities and the addition of channel partners.

[00:08:26] Enable reported a loss of $7.2 million in its first quarter, despite that 3.9% year-over-year revenue growth. The company, which provides data protection and security software to over 25,000 managed service providers, has experienced a decline in revenue growth, with its net retention rate dropping from 110% in 2023 to 101% this year.

[00:08:49] Enable highlighted that the loss was attributed to increased costs associated with revenue, operating expenses, and acquisitions. In their earnings call, he noted that the company has signed its largest new bookings deal ever, indicating ongoing efforts to innovate and secure its position in the market. Despite the challenges, Enable maintains a positive outlook, projecting a revenue target of $126 million for the second quarter, reflecting a 5.5% increase year-on-year. Why do we care?

[00:09:20] Enable's earnings are more than just one vendor's story. They're the closest thing we have to a public market readout on the MSP software market. Disclosure, I am a shareholder. As one of the only publicly traded pure-play MSP platform companies, it serves as a proxy for investor sentiment around the managed services software ecosystem.

[00:09:39] The company's Q1 2025 results paint a picture of slowing growth, margin pressure, and softening customer expansion, even as the broader tech market shows resilience. Revenue up 3.9% year-over-year sounds fine until you compare it to 10.3% ARR growth, which signals some churn and a less-than-stellar quarter in bookings and expansions.

[00:10:03] Net retention, falling to 101%, down from 110% in 2023, is a red flag for a subscription software business and reflects either slowing upsell or increased customer contraction. A net loss of 7.2 million, despite exceeding guidance, underscores how Enable is still struggling to scale efficiently, limiting costs related to growth and acquisitions.

[00:10:27] Now, this isn't catastrophic, but for a business supporting 25,000 MSPs globally, the muted growth should raise questions about market saturation, pricing pressure, and platform fatigue. Since its spin-out from SolarWinds in July 2021, Enable's public performance has lagged the broader tech sector. Enable's stock has seen modest depreciation, trading mostly sideways post-IPO, while tech indices like the NASDAQ composite are up over 30% at the same period.

[00:10:57] Compared to peers in adjacent spaces like CrowdStrike or SentinelOne, Enable lacks the high-growth multiples due to its S&P-heavy base and slow-moving market. Now, it's worth noting, the MSP market doesn't operate like SaaS unicorns. Churn is sticky, expansion is slow. Security product launches require training, not just shipping code. From this view, Enable is building a durable, if unspectacular, business.

[00:11:23] 10% ARR growth with 25,000 partners may be good enough if paired with disciplined cost control and meaningful product innovation. Their biggest opportunity may be to expand their wallet share within their base rather than acquiring new customers. The reason for my detailed analysis? Don't believe the hype about the MSP market that vendors may pitch. While acknowledging that for most entrepreneurs, a durable, if unspectacular business sounds fantastic.

[00:11:55] Let's do some big ideas. This one's a difficult read, but the big idea is concerning what impact to customers' tariffs will have. News Not Noise did a great piece highlighting the severe impact of tariffs on small businesses across the U.S., revealing how abrupt policy changes threaten their survival.

[00:12:12] Many entrepreneurs, including Jamie Knowles of Roverland, face crippling tariffs as high as 168.5% on essential products, forcing them to make unsustainable financial decisions, such as leaving shipping containers stranded in China due to prohibitive costs. The narrative includes various personal accounts from small business owners who've poured years of efforts and investment into their operations, only to confront unprecedented challenges.

[00:12:39] For instance, Caitlin, a military spouse and healthcare brand owner, expresses frustration over rising tariffs that enter her ability to manufacture a patented product in the United States. Rachel Solomon, a merchandise consultant, points out that small apparel brands may lose significant inventory investment due to the 145% tariffs imposed on goods arriving from China.

[00:13:02] And with all the discussion about Secretary Hedge, I did want to highlight some coverage in the Washington Post, illustrating flaws in the current system for handling classified data known as sensitive compartmented information facilities, or SCIFs. The article highlights that outdated government technology hampers military and intelligence operations, pushing personnel toward insecure alternatives.

[00:13:26] Critics, including former CIA officer Aaron Brown, argue that SCIFs, which are often cramped and lack Internet access, restrict personnel's ability to act swiftly in critical situations. Brown notes that the SCIF system has not evolved in over 20 years and fails to meet the demands of modern communication needs.

[00:13:44] He contends that innovation is stifled by outdated security practices and inefficient acquisition processes, leaving personnel with no choice but to resort to unapproved communication methods to keep pace with operational requirements. There are calls for adopting modern technology that could provide secure mobile communications tailored for national security professionals, but change has been slow within the Pentagon.

[00:14:07] And relevant to MSP risk, chief information security officers, often referred to as chief scapegoat officer, are advised to secure personal liability insurance and negotiate a golden parachute when starting new positions to protect themselves against potential scapegoating after security breaches. At the recent RSA conference, industry experts highlighted the necessity of these precautions, noting that many CISOs find themselves unfairly blamed for incidents beyond their control.

[00:14:36] A former CISO at Marathon Oil emphasized the importance of maintaining integrity even at the risk of losing a job, while Andrew Wilder, CISO of Veterinary Network Vector, stated that personal legal liability insurance should be standard for new hires in security roles. He referenced high-profile cases, including that of Joe Sullivan, a former CISO of Uber who faced legal consequences for his actions during a security breach incident.

[00:15:01] Wilder noted that the average salary for North American CISOs has reached $565,000, indicating the high stakes and pressures within the role. The panel unanimously agreed that documentation of interactions and decisions is crucial as it protects CISOs in the event of disputes and contributes to overall organizational accountability in cybersecurity. Why do we care? I want to leave you with some questions to ponder.

[00:15:26] Have you considered how geopolitical and trade policies affect your clients' tech supply chains? Could your own service costs shift under changing international regulations? And are you proactively communicating that risk to clients? Are you clinging to outdated security models simply because that's how it's always been done? What would a secure-by-design approach look like if you built from scratch today for how clients actually operate?

[00:15:53] Have you clarified the difference between shared responsibility and assumed liability in your contracts? And are you helping your clients create a risk-sharing model? Or are you implicitly taking the fall if something goes wrong? Thanks for listening. Today is National Butterscotch Brownie Day, National Military Spouse Appreciation Day, and apparently, tear the tags off the mattress day. Go be a rebel.

[00:16:20] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash mspradio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:16:49] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage.

[00:17:17] Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.