If you read the headlines this year, you might think the threat landscape is becoming more sophisticated. From state-sponsored attacks to election campaign hacks to new forms of ransomware, the threat landscape appears to be a minefield of sophisticated cyberattacks.
However, those headlines don’t reflect reality.
The truth is that bad actors either buy already stolen credentials or use tried-and-true techniques to gain access, like phishing and password spraying. Once in your environment, attackers overwhelmingly target data to exfiltrate or ransom.
To highlight how cyberattacks are occurring and how organizations can prevent catastrophic breaches, Varonis compiled The Identity Crisis report. Our researchers examined 35 cyberattacks from the first half of 2024 and found that bad actors typically don’t hack in using sophisticated techniques or malware. Instead, they log in.
In more than half (57%) of the cyberattacks examined, attackers compromised an identity to gain access to protected environments.
An analysis of cyberattacks in 2024
In our report, we reviewed 35 SEC Form 8-K filings disclosed between January and August 2024 and cross-referenced them with news sources, threat reports, and insights gathered by the Varonis’ Managed Data Detection and Response (MDDR) team.
The result is a clearer picture of how cyberattacks occur, what the consequences are, and how to protect your organization.
The identity crisis: The entry point for cyberattacks
What we found was that most cyberattacks start with an identity. In some cases, attackers used already compromised credentials, as in the targeted campaign against Snowflake customers. In other instances, attackers compromised an identity to gain access to the environment with techniques that included:
- Compromised accounts
- Compromised credentials
- Data exposure
- Insider threats
- Password sprays
- Phishing
- Privilege escalation
Once attackers have access, they overwhelmingly target data. “Data exfiltration” was the most common reported consequence of cyberattacks, more prevalent even than “business disruption.”
While bad actors target various data types, our research found that customer data was by far the most targeted type.
How Varonis prevents cyberattacks and secures data
In this threat environment, organizations must protect themselves at every phase of a cyberattack’s lifecycle, from the initial breach to data exfiltration.
Varonis enables security teams to stay ahead of bad actors with a unified approach to data security that can stop attackers at every step.
Safeguarding identities and right-sizing permissions
Most cyberattacks start with an identity. With that in mind, the first step is to unravel permissions structures and ensure that only the right people can access important files, folders, and mailboxes.
Varonis' identity protection capabilities seamlessly map identities and users across cloud, SaaS, and data centers in a single interface. Automated policies effortlessly eliminate stale users, excessive permissions, and misconfigured roles, and groups that bad actors can exploit.
Detecting abnormal behavior and insider threats
Once a bad actor with legitimate credentials is in your environment, it can be incredibly challenging to identify the threat.
Varonis uses behavior-based detections to alert you to abnormal behaviors that indicate a bad actor in your environment. Hundreds of expert-built threat models automatically detect anomalies, alerting you to unusual file access activity, email send/receive actions, permissions changes, and geo-hopping.
You can track threats and conduct advanced investigations with a complete forensics log of actions, including file access, email activity, and permissions changes.
Securing data and preventing data exfiltration
Varonis enables you to create granular policies to fit your organization’s needs, automatically fix gaps, and re-label files as your data changes — making downstream DLP controls more effective.
The Varonis access graph factors in entitlements, group memberships, sharing links, muting permissions, and more, giving you the most accurate view of sensitive data risk and ensuring that automated policies don’t break business processes.
Curious to see how the Varonis unified platform can help your organization? Request a free Data Risk Assessment. We’ll show you where your sensitive data is at risk and provide you with actionable information to help you strengthen your data security.
