Analysis of cyber incidents demonstrates the ineffectiveness of targeted defense and requires companies to implement integrated security systems.
Cyberattacks are rarely limited to hacking a single system—once they gain access to a network, attackers begin to move between resources to expand their penetration and inflict maximum damage. Understanding these movement vectors allows companies to build a more effective, layered defense.
Based on data from the Unit 42 Global Incident Response Report, visualcapitalist.com explains the most common attack vectors for hackers during cyberintrusions, according to Dengi.ua. PromPolitInform reports.
The analysis shows that 87% of incidents affect at least two different attack surfaces, and 67% affect three or more. Since these categories often overlap, a single successful hack can simultaneously affect several layers of a company’s IT infrastructure. Digital identity (credential) compromise occurs in 89% of cases, making it the most common attack surface. At the same time, endpoints (61%) and corporate networks (50%) remain the primary launchpads for hackers to move laterally within the system.
Email (27%) and various applications (26%) occupy the middle positions in the threat rankings, while cloud service vulnerabilities account for 20% of incidents. Experts emphasize the importance of even the “lower” categories, as attackers often combine a series of small successes to gain greater access. Humans are involved in 45% of incidents—it’s often careless user actions that allow hackers to advance further.
The fact that hackers are active across multiple surfaces simultaneously means that the use of point-based security solutions is ineffective—they can simply miss the overall context of the attack as attackers move between layers. Cybersecurity teams need integrated solutions that gather common signals across identities, endpoints, networks, applications, and the cloud to detect suspicious activity patterns early.
In 10% of cases, attackers specifically target and learn from security operations (SecOps) tools and workflows. Therefore, integrated detection and rapid response help block hackers before they reach critical databases (which only account for 1% of successful incidents).
Below is a list of the nine main cyberattack surfaces:
Identity (credentials) — 89%
Endpoints — 61%
Networks — 50%
Human Factor — 45%
Email — 27%
Applications — 26%
Cloud Services — 20%
SecOps — 10%
Databases — 1%
We previously reported that Abank announced that fraudsters had debited several clients’ accounts as a result of a large-scale hacker attack.
We also previously reported that most modern security breaches begin not with the search for rare software bugs, but with the compromise of an identity.
