Not all trend analysis reports are created equal, but occasionally some stand out. Nonetheless, many such reports are often useful for lessons learned and an enlightening nugget or two. One such report is Sophos’ 2023 Active Adversary Report for Business Leaders, which provides a picture of how threat actors are operating. The report is derived from over 150 incident response engagements selected from its 2022 workload. Undoubtedly most key takeaways won’t be surprising, but some of the perspectives/observations are enlightening and confirming and are useful for understanding the threat landscape.

Sophos’s data reveals that exploited vulnerabilities continue to be the highest root cause of a cyber incident at 37 percent. Fifty-five percent of those incidents were related to the ProxyShell or Log4Shell vulnerabilities, demonstrating how easily avoided many incidents are as patches have been available for these vulnerabilities since 2021. The second most common root cause is compromised credentials at 30 percent, demonstrating an increased preference for attackers to just log in to target networks.

One of the major takeaways is that the amount of time attackers spend on the network has decreased, which has interesting implications. It could imply that network defender detection capabilities have improved in tracking attackers, or it could imply that attackers are becoming more efficient in exfiltrating data. Read more at Sophos.