If you’re a customer of, or have followed the Arctic Wolf journey along, you’ll know that we believe that cybersecurity has an effectiveness problem.
Every year new technologies, vendors, and solutions emerge claiming to be the final piece of the puzzle. Yet, despite this constant innovation, we continue to see high-profile breaches in the headlines. All organizations know they need better security, but the dizzying array of tools leaves resource-constrained IT and security leaders wondering how to proceed.
We also believe that solving this problem does not mean adding more tools to the environment. That just adds complexity, more alerts, and frustration for fatigued IT and security teams. To solve this challenge requires a focus on security operations, and we have built our company around this.
It’s also why we’ve created the first ever Arctic Wolf Security Operations Report.
Leveraging insight from our experiences, this report highlights security trends that our security operations team is seeing, along with advice on how to advance your own security operations capabilities.
We reveal, that despite the number of publicly disclosed data breaches being down year over year, the amount of corporate credentials with plaintext passwords exposed on the dark web has increased by 429 percent since March. For a typical organization, this means there are now on average 17 sets of corporate credentials available on the dark web for hackers to execute credential stuffing and brute-force attacks against.
Figure 1: Average number of account takeover exposures per customer, per month (March-June)
This sharp increase in corporate credential leaks underscores the need for organizations to have dedicated 24x7 monitoring of their network, endpoint, and cloud environments. Of all of the high-risk security incidents observed by Arctic Wolf, the report also reveals that 35% occur between the hours of 8:00 PM and 8:00 AM, and 14% occur on weekends; times when most employees and contractors are not online.
The Arctic Wolf Security Operations Report also provides insight on how COVID-19 has increased the number of security operations challenges facing organizations, some of which include:
- A 64 percent increase in phishing and ransomware attempts – Hackers have created new phishing lures around COVID-19 topics and modified traditional lures seeking to take advantage of remote workers.
- Critical vulnerability (CVE) patch time has increased by 40 days - A combination of higher CVE volumes, more critical CVEs, and the emergence of a remote workforce has significantly slowed down the patching programs many organizations.
- Connections to open and unsecured WIFI networks is up by over 240 percent - Remote workforces connecting to open and unsecured WiFi networks outside of the office or home are now facing increased risks of malware exposure, credential theft, and browser session hijacking.
Organizations that embrace security operations are more secure, more resilient, and better able to adapt to changing circumstances like we saw this year. Even as the pandemic completely changed the target environment and impacted the people responsible for protecting it, Arctic Wolf customers experienced no outages in coverage.
For more detailed information and analysis, download the Arctic Wolf Security Operations report.
-Matt Duench, Product Marketing Manager at Arctic Wolf