SonicWall today released a new threat brief, revealing that misconfigurations have fueled more than 9.5 million cyberattacks in the first half of the year. The report highlights how basic errors such as directory access misconfigurations, accidental data exposure and authentication failures continue to drive breaches.
According to the report, nearly 70 percent of organizations faced at least one authentication bypass attempt between January and June. Many incidents were linked to long-standing vulnerabilities like Fortra GoAnywhere MFT, which attackers continue to exploit years after its initial discovery.
âWhile the cybersecurity industry often focuses on zero-day exploits and advanced persistent threats, attackers are still finding success through simple missteps,â said Doug McKee, Executive Director of Threat Research at SonicWall. The threat brief notes that approximately 88 percent of misconfigurations fall into three categories:
- Directory access misconfigurations (45 percent).
- Accidental data exposure (24 percent).
- Authentication failures (19 percent).
Gartner projects that 99 percent of cloud security failures will be customer-side misconfigurations by year-end, further underscoring the urgency for organizations to address configuration drift and operational discipline.
âMisconfigurations are not obscure technical flaws; they are operational challenges that persist because they are difficult to manage at scale,â continued McKee. The full September 2025 Threat Brief is available here.
