Flux IT

If you run a business in Perth or anywhere across Australia and you think your size makes you uninteresting to cybercriminals, the latest CrowdStrike threat intelligence threat will change your mind.

CrowdStrike has just released its 2026 Global Threat Report, and the headline finding is brutal: the average time from an attacker gaining a foothold to moving laterally across a network has dropped to 29 minutes. The fastest breakout observed last year was just 27 seconds. In one incident, data exfiltration started within four minutes of initial access.

For Australian small and medium businesses, this isn’t a distant, enterprise-only problem. It’s a fundamental shift in how attacks happen — and most SMB security setups are built for a slower, noisier era.

 

The Shift: Attackers Aren’t Hacking In, They’re Logging In

The single most important number in this year’s report is this one: 82% of detections in 2025 were malware-free. That’s up from 51% in 2020.

Translation: the modern attacker doesn’t drop a virus that your antivirus can catch. They steal a legitimate username and password, log into your Microsoft 365 or your VPN like any normal user, and move through your environment using the tools that are already there.

For SMBs, the implications are significant:

  • Traditional antivirus alone is no longer enough. It was already inadequate, but the gap is now enormous.
  • Multi-factor authentication (MFA) is no longer optional — and basic SMS-based MFA is increasingly being bypassed.
  • Identity has become the new perimeter. Your Entra ID (formerly Azure AD) tenant and your SaaS logins are now the front door.

 

AI Is Making Attackers Faster, Not Smarter

There’s been a 89% year-over-year increase in attacks by AI-enabled adversaries. But here’s the nuance that matters: AI isn’t creating brand new attack types. It’s making existing ones cheaper, faster, and more convincing.

What this looks like in practice for Australian businesses:

  • Vishing (voice phishing) calls that sound exactly like your bookkeeper, your IT provider, or your accountant. AI voice cloning needs about 30 seconds of audio.
  • Phishing emails with no spelling errors, written in fluent Australian English, referencing your actual suppliers and projects.
  • Fake job applications and LinkedIn approaches — North Korean operators have been infiltrating Western companies as fake remote IT workers, with AI-generated CVs and AI-assisted interview answers.

The CrowdStrike report notes that one ransomware group, CHATTY SPIDER, calls law firm staff, persuades them to grant remote access via Microsoft Quick Assist, and starts exfiltrating data within four minutes. The whole intrusion is over in under an hour.

 

The Three Things That Should Worry SMBs Most

Stripping away the enterprise-scale incidents, three trends in the report directly affect businesses of every size:

1. Edge devices are the soft underbelly. Firewalls, VPN appliances, and routers were targeted in 40% of China-nexus intrusions. These devices often run outdated firmware, lack monitoring, and are forgotten until they break. If your firewall hasn’t been patched recently, it’s a candidate.

2. Supply chain attacks bypass everything. When attackers compromise a trusted software vendor or a popular code library, your patching policy actually works against you — you faithfully install the poisoned update. In November 2025 alone, 690 npm packages were compromised to distribute self-replicating malware.

3. SaaS and identity are now primary targets. Microsoft 365 tokens, OAuth integrations between SaaS apps, and SSO sessions are being stolen and reused. Most SMBs have very little visibility into what’s actually happening inside their cloud tenants.

 

What This Actually Means for Your Business

If you take one thing from the 2026 report, make it this: the gap between businesses that detect attacks early and businesses that don’t is now measured in minutes, not days.

Practically, that means:

  • Phishing-resistant MFA (authenticator apps or hardware keys — not SMS) on every account, every time
  • Endpoint Detection and Response (EDR) that watches behaviour, not just signatures — antivirus is no longer enough
  • Patch internet-facing devices within 72 hours of a critical vulnerability disclosure
  • Backups that are tested, offline, and immutable — assume ransomware will get through eventually
  • Visibility into your Microsoft 365 tenant — sign-in logs, conditional access policies, and anomaly alerts
  • An incident response plan you’ve actually rehearsed, with someone to call at 2am

 

This is the foundation of the Essential Eight, the Australian Cyber Security Centre’s baseline cybersecurity framework. For most Perth SMBs we work with, the honest answer is that they’re somewhere between Maturity Level 0 and Level 1 — and that’s the gap attackers are walking through.

 

Where Flux IT Fits

We’re a Perth-based managed IT and cybersecurity provider, and we work with Australian SMBs to translate threat intelligence like this into practical, affordable controls. That includes Essential Eight gap assessments, managed EDR, Microsoft 365 security hardening, and 24/7 monitoring through partnerships with vendors like CrowdStrike.

The good news in the CrowdStrike report is that none of these threats are unstoppable. The bad news is that doing nothing is no longer a survivable strategy — even for small businesses.

If you’d like a straightforward conversation about where your business sits against the threats described in this report, get in touch with the Flux IT team. We’ll give you an honest read of your current posture and a clear, prioritised path forward.


Source: CrowdStrike 2026 Global Threat Report. All statistics cited are from CrowdStrike’s published research.

Crowdstrike 2026

 

Leave a Reply

Your email address will not be published. Required fields are marked *