Unprecedented wave of cyberattacks puts Brazilian SMEs in digital war

Small and medium-sized businesses (SMBs) are at the epicenter of an unprecedented wave of cyberattacks. According to the Annual Threat Report 2025 from N-able (NYSE:NABL), the number of incidents surged from 48.7 thousand in June 2024 to 13.3 million in June 2025, a 273-fold increase in just one year. The study shows that 88% of confirmed breaches involved ransomware or data extortion, led by groups such as Play, Qilin, and Tycoon 2FA, responsible for attacks against companies in over 40 countries. “SMBs have become the weakest link in the digital chain. For criminals, it's where they find more vulnerable defenses, critical operations, and a greater propensity to pay ransoms,” warns Rodrigo Gazola, CEO and founder of Addee, a company specializing in security solutions for IT service providers and the exclusive representative of N-able in Brazil.

In Brazil, where SMBs represent about 96% of companies, the impact is potentially devastating. Many organizations still operate with basic IT infrastructure, without multi-factor authentication or business continuity plans. According to Kaspersky data, in 2024, 43% of Small and Medium-sized Businesses (SMBs) in Latin America fell victim to phishing attacks last year, a type of digital fraud that seeks to deceive users into providing confidential information such as passwords, banking details, or access to corporate systems. In Brazil's case, there was a 267% increase in phishing scams, with over 309 million fake messages blocked, equivalent to 588 attack attempts per minute. 

Gazola reinforces that the issue is no longer “if” a company will be attacked, but “when.” “The most alarming data point in the report is not just the 273-fold growth in attacks, but the fact that over 80% of them could be prevented with simple measures, such as multi-factor authentication, tested backups, and continuous vulnerability management. This is the blind spot for SMBs: the basics are still not in place,” he states.

He further highlights that the sophistication brought by artificial intelligence has increased the urgency of reviewing processes. “We are facing phishing emails that are virtually indistinguishable from real ones, fake videos impersonating managers, and even voice manipulation to authorize financial transactions. If before the doubt was about investing in security, today the question is about surviving without it,” he adds.

In this scenario, the importance of SSPs (Security Service Providers), who offer managed security services tailored to the reality of small businesses, is growing. “SSPs act as an outsourced defense force, monitoring environments 24x7, applying threat intelligence, and ensuring continuous updating of defenses, something many SMBs would not be able to maintain on their own,” emphasizes Gazola. In addition to providing technology, SSPs play an educational role, helping managers and employees understand risks and adopt basic cybersecurity practices.

“Criminals have realized they no longer need to target only large corporations. An SMB with 20 employees can be as profitable as a bank if its operations stop for a few days. This is where the responsibility of IT service providers and SSPs comes in, to educate, protect, and monitor. Security has ceased to be a cost and has become a business continuity factor,” concludes Gazola.