Cyber security
Related Links

Cybercriminals are increasingly targeting vulnerabilities outside traditional corporate networks, focusing on third-party vendors and employees' personal devices to bypass organizational defences, according to SoSafe's 2025 Cybercrime Trends Report.

The comprehensive survey of 500 security professionals across nine countries reveals trends in how attackers are expanding their focus beyond direct corporate targets.

Internal network security

"Organizations can no longer rely solely on internal network security," says Andrew Rose, CSO at SoSafe. "Even with robust measures in place, the risk from external partners remains significant if they don't uphold the same level of protection."

"The same applies to employees – when they act without security in mind outside the workplace, it creates vulnerabilities that can compromise the organization's overall security posture."

Potentially vulnerable third parties

The report reveals that 93% of corps depend on third-party services to deliver their core value proposition

The report reveals that 93% of organizations now depend on third-party services to deliver their core value proposition. Each additional provider introduces new dependencies, data exchanges, and potential entry points for cybercriminals.

"Attackers are increasingly targeting software and service supply chains to amplify the scale and impact of their attacks – knowing these often lack the robust defences and resources of larger organizations," notes Rose. "This concentration strategy creates more opportunities for criminals, more leverage against victims, and more frequent breaches and service outages for customers."

The challenge is further compounded by fourth-party risks – the vendors of an organization's vendors – creating an extended web of exposure that many security teams find difficult to monitor effectively.

Employees' personal devices

SoSafe’s study reveals that cybercriminals are moving outside the traditional corporate domain, with 83% of organizations reporting their employees have fallen victim to cyberattacks on personal devices that caused security issues for the organization.

"Cybercriminals are blurring the lines between personal and professional spheres," says Niklas Hellemann, CEO of SoSafe. "While employees may be protected by their organization's technical controls, their personal devices and accounts are often left vulnerable. They have become prime targets for attackers looking to gain access to corporate information." The message is clear: if it’s connected, it’s a threat vector. And personal is now professional.

Multi-channel attack strategies

Report highlights that 95% of organizations report an increase in multi-channel attacks over the past year

As a related trend, the report highlights that 95% of organizations report an increase in multi-channel attacks over the past year. These sophisticated approaches can combine email, messaging apps, social media, and voice calls to create more convincing and harder-to-detect attacks.

With the aid of AI technologies, these attacks have evolved into "3D phishing attacks" that seamlessly integrate multiple communication channels to manipulate trust and exploit every possible entry point.

Aid of AI technologies

A notable incident occurred in 2024 involving the CEO of WWP, who was targeted in a sophisticated cyberattack. Attackers used AI-driven voice cloning to impersonate the executive and deceive employees into disclosing sensitive information and transferring funds.

Attackers used AI-driven voice cloning to impersonate the executive and deceive employees

This case illustrates how cybercriminals are using multi-channel tactics: Leveraging WhatsApp to build trust, Microsoft Teams for ongoing interaction, and an AI-generated deepfake voice call to execute the final stage of the fraud.

With the aid of AI technologies, these attacks have evolved into "3D phishing attacks" that seamlessly integrate multiple communication channels to manipulate trust and exploit every possible entry point.

Identify potential threats

Multi-channel attacks are sophisticated tactics to trick users into becoming unwitting accomplices to criminal activities. To protect against these threats, organizations must provide regular, scenario-based training to their staff."

"The training not only helps employees identify potential threats but also reinforces positive security behaviours, fostering a security-first culture and empowering them to service as the first line of defense for the business,” said Hellemann.

From facial recognition to LiDAR, explore the innovations redefining gaming surveillance

Related white papers
Aligning Physical And Cyber Defence For Total Protection

Aligning Physical And Cyber Defence For Total Protection

Download
Combining Security And Networking Technologies For A Unified Solution

Combining Security And Networking Technologies For A Unified Solution

Download
System Design Considerations To Optimize Physical Access Control

System Design Considerations To Optimize Physical Access Control

Download
Related articles
How Physical Security Consultants Ensure Cybersecurity For End Users

How Physical Security Consultants Ensure Cybersecurity For End Users
How Managed Detection And Response Enhances Cybersecurity Management In Organizations

How Managed Detection And Response Enhances Cybersecurity Management In Organizations
Drawbacks Of PenTests And Ethical Hacking For The Security Industry

Drawbacks Of PenTests And Ethical Hacking For The Security Industry