VPN vulnerabilities
Cyberattacks are not getting more sophisticated, they’re just getting better at exploiting the same weak points. Coalition’s Cyber Threat Index for 2025 makes it clear: VPN vulnerabilities are the top entry point for ransomware. Perimeter security devices, especially firewalls and VPNs, account for more than half of reported incidents. This means companies that rely on outdated or misconfigured VPNs are effectively rolling out a welcome mat for attackers.
The way forward is obvious. Businesses need continuous monitoring of their attack surfaces, patching known vulnerabilities, and enforcing stringent access controls. Many companies still treat VPNs as a “set it and forget it” tool, assuming that once they’re connected, they’re secure. That’s a mistake. Attackers are constantly scanning for weaknesses in these systems, and the cost of ignoring this risk is steep—ransomware can cripple operations, disrupt supply chains, and erode customer trust overnight.
Taking action isn’t complicated. Prioritize updating outdated VPN software, enforce multi-factor authentication, and monitor for unusual activity. The reality is simple: hackers go after the easiest targets. Companies that act now to strengthen their remote access security won’t just lower their attack risk—they’ll position themselves as industry leaders in resilience.
Coalition reports that VPNs and firewalls accounted for 58% of ransomware incidents in 2024, with remote desktop products trailing at 18%.
Anticipated surge in software vulnerabilities
Cyber threats are scaling faster than most companies can react. Coalition’s Cyber Threat Index for 2025 projects more than 45,000 new software vulnerabilities this year, up 15% from 2024. That’s nearly 4,000 fresh attack opportunities appearing every month. If security teams aren’t keeping up, they’re falling behind.
Many businesses lack the staff or infrastructure to manage this growing threat volume. Leadership needs to rethink security as an ongoing, dynamic investment. That means staying ahead through real-time monitoring, automated patch management, and strong vulnerability prioritization. Organizations that reactively patch only when convenient will inevitably be exposed.
C-suite executives should focus on efficiency. Not every vulnerability is a critical risk, and drowning in alerts won’t help. Smart security strategies assess which flaws are most likely to be exploited and deal with those first. Investing in better intelligence, whether through AI-driven threat detection or dedicated security response teams, will provide faster, more targeted defenses.
Stolen credentials and software exploits as primary attack vectors
Most ransomware attacks don’t rely on complex techniques. They start with stolen credentials or software exploits. Coalition’s Cyber Threat Index for 2025 reveals that nearly half of ransomware cases (47%) begin with stolen login credentials, while another 29% are triggered by software vulnerabilities. Attackers don’t need to invent new tactics when organizations fail to secure known weaknesses.
The solution is straightforward. Strong authentication practices, such as multi-factor authentication (MFA) and password managers, drastically reduce the effectiveness of stolen credentials. Yet, too many companies still rely on weak or reused passwords, making themselves easy targets. On the software side, patching known vulnerabilities quickly is essential. Threat actors consistently target products from major vendors like Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft, knowing that unpatched systems provide an open door to corporate networks.
Business leaders should focus on enforcing security at scale. MFA should be mandatory across all critical systems, and companies must routinely scan for credential leaks. Proactive patch management is non-negotiable—delays in applying fixes give attackers time to exploit known flaws. Organizations that treat authentication and patching as core business priorities will eliminate two of the most significant ransomware entry points.
The overlooked risk of exposed login panels
Internet-exposed login panels are a major cybersecurity blind spot. Businesses focus heavily on perimeter security, firewalls, VPNs, and endpoint defenses, but often leave login portals open to the public internet. Coalition’s Cyber Threat Index for 2025 highlights this as a critical weakness, with over 5 million exposed remote management solutions detected. Alarmingly, more than 65% of businesses applying for cyber insurance have at least one exposed web login panel, essentially giving attackers an easy way in.
This is an avoidable risk. Attackers scan the internet for exposed logins, and when they find one, they test stolen or weak credentials to gain access. Companies that fail to secure these entry points are making it easier for ransomware groups to operate. Basic countermeasures, requiring multi-factor authentication, restricting access to known IP addresses, and disabling unnecessary remote management interfaces, should be standard practice.
Executives need to treat exposed login panels as a top security priority. Security teams should audit all external-facing services, enforce strict access controls, and use monitoring tools to detect unauthorized access attempts. A single exposed login can undermine even the most advanced security infrastructure, but organizations that take decisive action can close this gap before attackers exploit it.
Coalition detected over 5 million internet-exposed remote management solutions and thousands of exposed login panels. Additionally, more than 65% of businesses applying for cyber insurance had at least one publicly accessible web login panel.
The role of targeted threat alerts in reducing alert fatigue
Cybersecurity teams are overwhelmed with alerts, most of which don’t require immediate action. Coalition’s Cyber Threat Index for 2025 shows that refining alert systems is critical. Instead of flooding businesses with notifications, Coalition leverages AI, honeypots, and human expertise to focus only on the most pressing vulnerabilities. This keeps security teams efficient while ensuring that real threats get addressed in time.
Most vulnerabilities will never be actively exploited, but some pose immediate risks. Coalition’s data shows that only 0.15% of vulnerabilities discovered in early 2024 triggered alerts, with 90% of policyholders never receiving any warnings. This method makes sure that companies aren’t overwhelmed by unnecessary noise and can focus their resources where they matter most.
For executives, prioritization is key. Cybersecurity spending should go toward meaningful threat detection and response, not just compliance checkboxes. Businesses that adopt intelligent alert-filtering systems will see fewer distractions, faster response times, and overall stronger security postures. The goal is to act on the right ones.
Main highlights
- VPN vulnerabilities drive ransomware attacks: VPNs and firewalls account for 58% of ransomware incidents, making them the primary attack vector. Leaders should mandate continuous monitoring, timely patching, and multi-factor authentication to reduce risk.
- Software vulnerabilities will surge in 2025: With over 45,000 new vulnerabilities expected, a 15% increase from last year, businesses must adopt real-time threat monitoring and automated patch management to stay ahead of evolving exploits.
- Stolen credentials and software exploits remain top threats: Nearly half of ransomware attacks stem from stolen login credentials, while 29% exploit known software flaws. Leaders must enforce stricter authentication policies and accelerate vulnerability patching to close these entry points.
- Exposed login panels are a hidden security risk: Over 65% of businesses applying for cyber insurance have at least one exposed web login panel. Executives should prioritize internal audits to identify and secure exposed remote access points before attackers exploit them.
- Smarter threat alerts reduce security overload: Coalition’s AI-driven alert system issued warnings for only 0.15% of vulnerabilities, helping companies avoid alert fatigue while fixing over 32,000 risks. Investing in targeted threat prioritization ensures security teams focus on the most critical threats.
