How are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active Adversary Report for Business Leaders said criminals have used these credentials to log on and steal data.

Compromised credentials were second only to unpatched vulnerabilities – the most common cause of attackers gaining initial access to targeted systems. In fact, in half of investigations included in the report, attackers exploited ProxyShell and Log4Shell vulnerabilities –vulnerabilities from 2021 — to infiltrate organizations.