SK Shieldus said on Thursday, marking Small and Medium Enterprise Week, it released an analysis of the cybersecurity situation and major threat trends facing small and medium-sized and mid-sized firms, based on intrusion incident analysis data from the past five years.

SK Shieldus analysed cyberattack types and response levels affecting small and medium-sized and mid-sized firms using intrusion incident analysis data on domestic companies from 2021 to 2025 held by its incident response team, Top-CERT.

The analysis showed that major types of cyber intrusions at small and medium-sized and mid-sized firms over the past five years were ransomware, data leakage and cryptocurrency mining, in that order. Ransomware accounted for 44.9 percent and data leakage 42.9 percent, making up most incidents.

Hacking attacks mainly took the form of intrusions targeting system vulnerabilities and a limited security operating environment. For initial intrusions, application vulnerabilities were the most common at 20.8 percent, followed by file upload vulnerabilities at 18.9 percent and VPN vulnerabilities at 15.4 percent. Malicious emails, watering-hole attacks and externally exposed URLs were also identified as major routes.

Major incident cases in 2025 also showed various attacks occurring in industrial settings, including internal data leakage via malicious emails and watering-hole attacks, ransomware infections using brute-force attacks, and cryptocurrency mining based on supply-chain attacks.

Small and medium-sized and mid-sized firms tended to take a considerable amount of time after a security incident to recognise signs and begin an actual investigation. Based on analysed cases, it took an average of 106.1 days from the initial intrusion to recognising the breach and requesting and starting an investigation when a security incident occurred.

By industry, manufacturing accounted for 47.4 percent of total damage among analysed intrusion incident cases, the highest share. Information services followed at 15.8 percent, and finance at 10.5 percent.

An SK Shieldus official said, "As AI technology spreads, cyberattacks are becoming increasingly sophisticated and advanced, and the environment continues where it is difficult to respond to every threat with limited personnel and resources." The official added, "SK Shieldus will continue to expand support so that small and medium-sized and mid-sized firms can operate a professional security response system while reducing their burden."