Capstone Technologies Group LLC Capstone Technologies Group LLC
  • Home
  • Services
    • Managed IT Solutions
    • Cybersecurity Services
    • Data Protection & Recovery
    • VoIP Solutions
    • Website Solutions
  • Industry Solutions
    • Legal IT Solutions
    • Medical IT Solutions
    • Financial IT Solutions
    • SMB IT Solutions
    • Non Profit IT Solutions
  • Resources
    • Blog
    • White Papers
    • Threat Intelligence Center
  • About Us
    • Who We Are
    • Client Testimonials
    • Case Studies
  • Threat Intelligence Center

Expert Solutions at Your Fingertips: Call (937)319-1211

Facebook
LinkedIn
Mastodon
Bluesky
Capstone Technologies Group LLC Capstone Technologies Group LLC
  • Home
  • Services
    • Managed IT Solutions
    • Cybersecurity Services
    • Data Protection & Recovery
    • VoIP Solutions
    • Website Solutions
  • Industry Solutions
    • Legal IT Solutions
    • Medical IT Solutions
    • Financial IT Solutions
    • SMB IT Solutions
    • Non Profit IT Solutions
  • Resources
    • Blog
    • White Papers
    • Threat Intelligence Center
  • About Us
    • Who We Are
    • Client Testimonials
    • Case Studies
  • Threat Intelligence Center

Contact Us

Weekly Briefing- May 8, 2026

Network security dashboard showing authentication monitoring and patch status across managed endpoints

Weekly Briefing • June 08, 2026

Brian here. SonicWall released their 2026 Cyber Protect Report this month, and the findings line up with what we see across the practices we manage in Ohio: the firms that get breached aren't failing because of sophisticated attacks. They're failing because of predictable, preventable gaps.

SonicWall makes the firewalls we deploy in every managed environment. Their data comes from the same class of hardware sitting in your server room right now. So when their report identifies the most common ways businesses get compromised, it's directly relevant to how your network is protected — and where the gaps tend to hide.

The Number That Should Change How You Think About Email

Cysurance — the warranty provider behind the coverage that comes with your managed services — reports that 98% of their claims are from business email compromise and funds transfer fraud. Not ransomware. Not data breaches. Someone gets a convincing email, updates payment details, and money goes somewhere it shouldn't.

Key Insight

98% of cyber insurance claims are business email compromise and funds transfer fraud — not ransomware, not malware. Just someone deceived into sending money to the wrong account. — Cysurance, via SonicWall 2026 Cyber Protect Report

In many of those cases, no system was actually compromised. No credentials were stolen. No malware was deployed. An employee was simply deceived into wiring money to the wrong account. Cysurance is now seeing employees lose their jobs over authorizing these payments — people who were acting in good faith, following what looked like legitimate instructions.

The fix costs nothing: any change to payment information gets verified by a phone call to a known number. Every time. No exceptions. Not by email. Not by chat. A voice call to a number you already have on file — not the number in the email.

If your firm handles client funds — trust accounts, escrow, patient billing, vendor payments — this is the conversation you need to have with your staff this week.

85% of Alerts Start with Stolen Credentials

SonicWall's data shows that identity, cloud, and credential compromise account for 85% of actionable security alerts. The most common way attackers get into environments isn't through some exotic vulnerability. It's a stolen password.

Two numbers from the report frame the problem. Exploits appear within 48 hours of a vulnerability becoming public in 61% of cases. But the average organization takes over 100 days to patch a high-severity vulnerability. That gap — hours on the attacker's side versus months on the defender's — is a process failure, not a technology failure.

What we see in practice is simpler than a sophisticated attack. End users suspend or disable Windows updates because restarting in the middle of the workday is inconvenient. And that's just the operating system — BIOS, drivers, firmware, and peripheral updates almost never get touched at all. Every one of those is a door left unlocked, sitting open for months.

The report also found that 66% of small and mid-size businesses globally haven't implemented multi-factor authentication at all. We enforce MFA on every admin account, every remote access connection, and every cloud application across our managed environments — no exceptions. The SonicWall data shows exactly why that policy exists.

"We're Too Small to Be a Target"

Ransomware was involved in 88% of small business breaches in 2025, compared to 39% at large enterprises. Small businesses aren't safer because they're small. They're more exposed because they've traded complexity for convenience — flat networks, broadly shared admin credentials, and VPN connections that grant access to everything once someone logs in.

Automated scanning tools don't filter by company size. They filter by vulnerability. SonicWall measured over 36,000 vulnerability scans per second across the internet in 2025. If your systems are exposed, you're a target regardless of your revenue or your headcount.

The SonicWall report found the same pattern in post-incident reviews of compromised SMB environments: a single admin account was the entry point, and from there, the attacker moved without resistance. Default credentials on network devices, shared admin passwords, and accounts that hadn't been reviewed in years gave attackers immediate, broad access.

Almost every client we onboard arrives with a flat network and shared admin credentials. Network segmentation has never come up — not because anyone made a bad decision, but because it never made the priority list. And if they have a firewall at all, it usually hasn't been updated since the day it was installed, along with most of the other devices on the network.

What the Patch Gap Actually Looks Like

SonicWall found that 32% of ransomware incidents in 2025 started with an exploited vulnerability — making it the single most common technical cause, ahead of compromised credentials and phishing. The Log4j vulnerability, discovered four years ago, was still targeted over 825 million times last year.

Old vulnerabilities don't retire. They accumulate. Every unpatched system is a door that attackers already have the key to — they just need to find it, and automated tools make that search almost instantaneous.

This is why patch management isn't a quarterly project in our managed environments. N-Sight runs automated patching on a continuous cycle, prioritizing internet-facing and critical systems. The window between "vulnerability disclosed" and "patch applied" is where breaches happen, and our job is to keep that window as small as possible.

N-Sight monitoring dashboard showing patch management status and device monitoring across a managed environment of 71 endpoints

A live view from one of our managed environments — patch status, device monitoring, and unmonitored-device tracking across 71 endpoints. Continuous patching keeps the disclosure-to-patch window as small as possible.

One Thing to Do This Week

Talk to your office manager or bookkeeper and establish one rule: any request to change payment information — whether it comes from a vendor, a partner, or an internal email that looks like it came from leadership — gets verified by a phone call to a number you already have on file. One conversation. One rule. It addresses the single largest category of financial loss that the warranty provider backing your coverage sees across their entire book of business.

Brian Sammons has managed IT environments for Ohio professional service firms since 2002. He writes the Weekly Briefing to help practice managers understand what's happening in cybersecurity and what it means for their firms.

Questions about how this affects your environment? Schedule 15 minutes and I'll walk you through it.

Schedule Your Security Assessment

Popular Articles

  • AI-Driven BEC Attacks: A New Cybersecurity Challenge
  • Capstone Launches Threat Intelligence Center
  • Capstone Technologies Group Achieves Gold Partner Status with Brother Authorized Partner Program
  • Capstone Technologies Group Joins Forces with SonicWall as SecureFirst MSSP Partners
Intro Image
Threat Intelligence Center

AI Red Teaming Matures as Nation-States and APT Groups Weaponize Adversarial Testing

Red teaming—the practice of simulating adversarial attacks to identify AI system...
10 Jun, 2026
Intro Image
Threat Intelligence Center

AI-Enabled Threat Intelligence Moves Beyond IOCs to Stop Qakbot and Scattered Spider

Indicators of compromise alone are no longer sufficient to detect advanced threat actors like...
26 Jun, 2026
Intro Image
Threat Intelligence Center

AI-Powered Tools Lower Barriers for Unskilled Hackers to Execute Sophisticated Attacks

Artificial intelligence is fundamentally changing who can conduct advanced cyberattacks....
05 Jun, 2026
Intro Image
Threat Intelligence Center

Amadey and StealC Malware Network Disrupted, 27M Credentials Recovered

Law enforcement agencies have successfully disrupted a significant malware distribution network...
24 Jun, 2026
Intro Image
Threat Intelligence Center

APT 36 Deploys Xeno RAT Against Afghan Finance Ministry via HTA

Cybersecurity researchers have documented a targeted espionage campaign in which APT 36, also...
04 Jun, 2026
Intro Image
Threat Intelligence Center

Arch Linux Package Repository Compromised to Distribute Rootkit and Infostealer

Security researchers have uncovered a large-scale supply chain attack targeting the Arch Linux...
12 Jun, 2026

About Us

  • Privacy Policy
  • Code of Ethics
  • Who We Are
  • Sitemap

Services Near Me

  • Managed IT Services in Springfield
  • Dayton Business Data Backup Solutions
  • Managed IT Support in Columbus, OH
  • Professional IT Support in Springboro
  • Comprehensive Computer Support Services
  • IT Services in Cincinnati for Small Businesses
  • Remote IT Support for Distributed Teams
  • Legal IT Support for Law Firms
  • Medical IT Support and HIPAA Compliance
  • Cybersecurity Services Near Me
  • Network Security and Data Protection in Columbus
  • Business Continuity and Disaster Recovery in Cincinnati
  • IT Support for Kettering, OH
  • Server Management and Monitoring for Grandview
  • Medical Practice IT Services in Beavercreek
  • Law Firm IT Solutions in Upper Arlington
  • Accounting Firm IT Support in West Chester
  • Advanced Cybersecurity & Ransomware Protection
Address: 2071 N Bechtle Ave, Box 143, Springfield, OH 45504-1583
Phone: (937) 319-1211
Email: info@captechgroup.com
SUBSCRIBE To Our Newsletter

Get the latest news!

Copyright © 2026 Capstone Technologies Group. All Rights Reserved.
Customized & Hosted by Capstone Technologies Group Great Hosting