The growing dangers of multi-channel attacks and third-party risks
Cybercriminals are targeting beyond corporate walls, according to SoSafe’s 2025 Cybercrime Trends Report
Cybercriminals are targeting beyond corporate walls, according to SoSafe’s 2025 Cybercrime Trends Report
Cybercriminals are increasingly targeting vulnerabilities beyond traditional corporate networks, according to SoSafe’s newly released 2025 Cybercrime Trends Report.
The report highlights a growing shift in attack strategies, with cybercriminals focusing on third-party vendors and employees’ personal devices to exploit organizational weaknesses.
The survey, which gathered insights from 500 security professionals across nine countries, reveals significant shifts in how cybercriminals are approaching their targets. As businesses become more reliant on third-party vendors, the risk to their security has escalated.
SoSafe’s Chief Security Officer, Andrew Rose, emphasized the importance of expanding security beyond internal networks.
“Organisations can no longer rely solely on internal network security,” said Rose.
“Even with robust measures in place, the risk from external partners remains significant if they don’t uphold the same level of protection. The same applies to employees – when they act without security in mind outside the workplace, it creates vulnerabilities that can compromise the organisation’s overall security posture.”
One of the key findings from the report is that 93% of organisations rely on third-party services to deliver core business functions. While these partnerships provide essential services, they also increase the attack surface for cybercriminals, providing new entry points into corporate systems.
“Attackers are increasingly targeting software and service supply chains to amplify the scale and impact of their attacks,” noted Rose.
“These often lack the robust defenses and resources of larger organisations, creating more opportunities for criminals, more leverage against victims, and more frequent breaches and service outages for customers.”
The report also highlights the challenge of “fourth-party risks” – the potential vulnerabilities introduced by a vendor’s own suppliers, which many organizations find difficult to track and secure effectively.
A troubling trend identified in the report is the increasing use of employees’ personal devices in cyberattacks. SoSafe found that 83% of organisations reported security breaches through personal devices.
While businesses have invested heavily in securing their corporate networks, personal devices often remain unprotected, creating an easy target for attackers.
“Cybercriminals are blurring the lines between personal and professional spheres,” said Niklas Hellemann, CEO of SoSafe.
“While employees may be protected by their organisation’s technical controls, their personal devices and accounts are often left vulnerable. They have become prime targets for attackers looking to gain access to corporate information.”
Another concerning trend identified in the report is the rise of multi-channel attacks.
SoSafe’s findings indicate that 94% of organisations have observed an increase in the use of multi-channel attack strategies, which combine various communication methods—such as email, messaging apps, social media, and voice calls—to exploit weaknesses in security protocols.
“These sophisticated tactics create harder-to-detect attacks that manipulate trust across multiple channels,” said Hellemann.
“To protect against these threats, organisations must provide regular, scenario-based training to their staff. The training not only helps employees identify potential threats but also reinforces positive security behaviors, fostering a security-first culture and empowering them to serve as the first line of defence for the business.”
A striking example of this new wave of attacks occurred in 2024 when the CEO of WWP was targeted in a highly sophisticated cyberattack. Using AI-driven voice cloning technology, attackers impersonated the executive to deceive employees into disclosing sensitive information and transferring funds.
The attack unfolded across several channels, including WhatsApp, Microsoft Teams, and AI-generated voice calls.