According to the report, unmanaged or rogue endpoints were present in every security incident analysed, highlighting how devices operating outside standard security monitoring frameworks remain a major vulnerability.
Matt Caffrey (pictured), Senior Solutions Architect for Australia and New Zealand at Barracuda Networks, said attackers often target routine operational weaknesses.“Cyber attackers don’t always need intricate exploits to break into an organisation,” Caffrey said.
“In many cases, they simply look for the operational gaps that appear in busy environments, such as an unmanaged device, an old account that was never disabled or a security control that was switched off.”
The report found identity-based attacks are now among the most common methods used by threat actors to gain initial access. Analysis identified more than 42,000 anomalous Microsoft 365 login alerts over the past year, often indicating credential theft or compromised accounts.
Security monitoring systems also detected more than 22,000 “impossible travel” alerts, where a user account appears to log in from widely separated geographic locations within an unrealistic timeframe, a strong indicator of account compromise.
Once attackers gain access, the ability to move laterally within a network significantly increases the risk of serious damage. The report found that 96 percent of incidents involving lateral movement ultimately resulted in ransomware attacks.
For many organisations, particularly those with limited security resources, detecting these warning signs across endpoints, cloud services and identity systems can be difficult.
The challenge is especially pronounced for mid-sized organisations in Australia, where rapid adoption of cloud platforms and remote working technologies has increased the complexity of IT environments while cybersecurity skills remain in short supply.
“Many organisations are trying to manage complex technology environments with limited security resources,” Caffrey said.
“Attackers know this and focus on the gaps that appear between systems, tools and teams.”
Barracuda recommends that organisations prioritise identifying unmanaged devices, strengthening identity protections and monitoring unusual login behaviour to reduce the risk of attackers gaining a foothold inside corporate networks.
The report’s findings are based on analysis of more than two trillion IT events recorded during 2025, including nearly 600,000 security alerts across more than 300,000 monitored endpoints, firewalls, servers and cloud assets.
