Businesses and even governmental organizations once thought they were too small to target. Now they face relentless attempts from increasingly sophisticated criminal groups.
The number of weekly cyberattacks on small businesses nearly doubled in the first half of 2025 compared to the same period last year. Over 80% of attacks targeted credentials, according to a new report from cybersecurity firm Guardz. The rate of these attacks against SMBs is accelerating at an unprecedented pace.
Do not rule out being victimized by the growing cyber menace of ransomware. Easily accessible attack-as-a-service offerings on the dark web have lowered the barrier to entry, enabling even inexperienced threat actors to launch highly effective campaigns, Guardz noted.
The first half of 2025 has been a stark reminder of just how quickly the cyberthreat landscape is evolving. The message is clear, warned Dor Eisner, CEO and co-founder of Guardz. No business is too small to be a target.
“Hackers are going after SMBs with the same force as large enterprises, but these businesses often lack enterprise-level defenses. That’s why it’s so important for SMBs to adopt solutions that make it simple to manage, detect, and respond to threats, with MSPs providing the expertise and proactive support necessary to stay secure and resilient,” he urged.
Municipal officials and operators of regional facilities face similar risks. Consider a recent cyberattack on the City of St. Paul, Minn., and the nearby Aspen Policy Academy’s efforts to pick up the pieces after such an attack. Officials there described the attack as a “deliberate, coordinated, digital attack” that severely disrupted public services, resulting in the complete shutdown of municipal information systems.
Minnesota Attack Not an Outlier
Minnesota Governor Tim Walz activated the National Guard, including its cyber protection component, to support the city’s response, as the attack “exceeded the city’s response capacity.” Mayor Melvin Carter reported that officials detected suspicious activity on July 25 and contacted two national firms to assist with recovery, along with the FBI.
While officials have not disclosed the precise nature of the attack, it bears similarities to ransomware operations. Although Eisner’s comments were not in response to the St. Paul and Policy Academy incidents, they reflect the growing concern about shoring up cyber defenses, as bad actors can easily target any organization.
Ransomware hack and leak numbers were at an all-time high in Q1 this year, increasing by 28% over the previous quarter, according to cybersecurity firm NCC Group. Its report was released this spring.
St. Paul Cyberattack Fallout
Published news accounts cited the recently formed ransomware group Interlock as the threat actor claiming credit for the attack, which leaked 43 gigabytes of stolen data from multiple files and folders.
To contain the attack, the city shut down its information systems. Disruptions included Wi-Fi outages in public buildings, interruptions in library services, and the shutdown of many internal networks. However, emergency services such as 911 remained operational. About 3,500 city employees had to reset their credentials in person at a central location.
As of late August, repair crews were slowly restoring city services in prioritized order. Restoration prioritized public safety first, followed by financial stability, then daily operations.
According to reports, the city refused to pay the ransom, opting instead to restore data from backups made on July 25 that were not compromised. The restoration process only brought back systems after testing and validation.
More than 90% of the city’s systems had advanced security tools installed following the incident.
Aspen Academy Investigation Continues
Betsy Cooper, founding director of the Aspen Policy Academy, told TechNewsWorld that the investigation there is still ongoing.
The Aspen Policy Academy is an initiative of the Washington, D.C.-based Aspen Institute and provides leadership development programs within its Workforce Leadership Academies.
The cyberattack appears to be related to a phishing scam targeting a business account. As far as the city knows, only one account was affected, according to Cooper.
She identifies some of the factors that make municipal governments more vulnerable to attack, including limited resources for IT and cybersecurity infrastructure compared to more sophisticated governments or private sector actors. Another factor is the large repositories of sensitive data on citizens.
“In many cases, a lack of longstanding investment in cybersecurity infrastructure, including limited funds and insufficient staffing, [creates] an attractive attack vector, she added.
Municipal Cyber Defenses Falling Short
Local government agencies and SMBs have few options for defending outdated legacy systems and insufficient IT resources, especially when facing budget constraints and difficulties in attracting top cybersecurity talent. But some opportunities for improvement exist.
“There is no panacea to help municipalities upgrade their cybersecurity infrastructure,” Cooper said.
Four recommended options:
- Consider public-private partnerships that will augment city capacity through the private sector
- Reevaluate procurement to enable more nimble approaches
- Prioritize talent, for instance, through fellowship programs that bring tech talent into government
- Work with communities of practice such as Information Sharing and Analysis Centers (ISACs)
Immediate Steps for Cities to Take
Cooper also suggested that cities’ immediate steps include raising awareness of potential attack points.
Begin by auditing the existing infrastructure to help the municipality identify its weaknesses and determine where to prioritize options. Ensure all systems are patched and updated. Then, compartmentalize where possible so incidents cannot spread between systems.
As a recovery layer, have a clear incident response plan in place, including when to involve legal counsel and specific steps to contain the issue, such as shutting down IT systems if necessary.