For a small business, the biggest cybersecurity threats often don’t target you directly. They target your vendors. A single vulnerability in your software provider, a data breach at your CRM vendor, or an exploit in a tool you use every day can quickly become your crisis.
July 2025 was a stark reminder of this reality. We saw several significant security incidents that highlight just how interconnected our business ecosystems are. Let’s break down three of the month’s most important breaches and what they mean for your business.
1. The Third-Party CRM Breach: The Allianz Life Incident
-
What Happened: On July 16th, insurance giant Allianz Life disclosed that attackers had gained unauthorized access to their systems. The root cause wasn’t a flaw in their own core infrastructure, but a vulnerability in a third-party, cloud-based Customer Relationship Management (CRM) system they used. Attackers exploited this vendor’s weakness to access sensitive customer data.
-
The Data Exposed: The breach was severe, exposing a combination of full names, Social Security numbers, policy numbers, and contact information for a large number of their clients.
-
Why It Matters to an SMB: This is a classic third-party risk scenario. You might have world-class security, but if your sales team uses a cloud CRM vendor that gets breached, your customer list, sales pipeline, and confidential notes could be stolen. This incident is a critical lesson in understanding the security posture of the software vendors who handle your most sensitive customer data.
-
Source: Cyber Management Alliance
2. The Software Vulnerability Exploit: Microsoft SharePoint
-
What Happened: Throughout July, Microsoft reported active attacks against on-premise SharePoint servers. Threat actors, including state-sponsored groups, were exploiting two specific vulnerabilities (CVE-2025-49706 and CVE-2025-49704) to gain initial access to company networks and, in some cases, deploy ransomware.
-
Why It Matters to an SMB: Many SMBs rely on external IT providers or managed service providers (MSPs) to host their file servers or internal websites on platforms like SharePoint. If your IT vendor was slow to apply the security patches released by Microsoft, their servers could have been compromised, giving attackers a direct backdoor into your business’s shared files and internal data. It’s a powerful reminder that you’re not just trusting your vendor’s service, but also their diligence in maintaining and patching their own systems.
-
Source: Microsoft Security Blog
3. The New Ransomware Threat: BQTLOCK
-
What Happened: Security researchers at CYFIRMA identified a new ransomware strain in mid-July called BQTLOCK. This malware is particularly concerning because of its methods: it not only encrypts a company’s files but also attempts to steal saved credentials from the Windows Credential Manager and can spread through connected USB devices.
-
Why It Matters to an SMB: The rise of a new, aggressive ransomware variant is always a threat. For an SMB, this could come from a variety of vendor-related sources. An employee at a vendor you work with could get infected, and the malware could spread through a shared document. Or, more directly, if a contractor plugs an infected USB drive into one of your office computers, it could quickly compromise your entire network. This highlights the importance of both cyber hygiene and understanding the security awareness of the partners and contractors you work with.
You Can’t Control Your Vendors, But You Can Control Your Awareness
These incidents all share a common theme: the risk originated outside the primary victim’s walls. As an SMB, you simply don’t have the resources to personally audit every vendor you work with. But you can—and must—have a system for monitoring their risk posture.
The first step is to understand where your risks are today. Use our free tool to add your vendors and get an instant, prioritized list of your most critical relationships.
