Skip to main content

Introducing the 2020 Annual Arctic Wolf Security Operations Report

If you’re a customer of, or have followed the journey of Arctic Wolf, you’ll know that we believe that cybersecurity has an effectiveness problem.  

Every year new technologies, suppliers and solutions emerge, claiming to be the final piece of the puzzle. Yet, despite this constant innovation, we continue to see high-profile breaches in the headlines. All organisations know they need better security, but the dizzying array of tools leaves resource-constrained IT and security leaders wondering how to proceed. 

We also believe that solving this problem does not mean adding more tools to the environment. That just adds complexity, more alerts and frustration for fatigued IT and security teams. Solving this challenge requires a focus on security operations, and we have built our company around this. 

This is also why we created the first ever Arctic Wolf Security Operations Report.  

Leveraging insight from our experiences, this report highlights security trends that our security operations team is seeing, along with advice on how to advance your own security operations capabilities. 

We reveal that, despite the number of publicly disclosed data breaches falling year on year, the amount of corporate credentials with plaintext passwords exposed on the dark web has increased by 429 per cent since March. For a typical organisation, this means that there are now on average 17 sets of corporate credentials available on the dark web for hackers to execute credential stuffing and brute-force attacks against.  

Account Takeover Exposures Detected Bar Graph goes from 3.3 to 17.44 from March to June

Figure 1: Average number of account takeover exposures per customer, per month (March-June)

This sharp increase in corporate credential leaks highlights the need for organisations to have dedicated 24x7 monitoring of their network, endpoint and cloud environments. Of all of the high-risk security incidents observed by Arctic Wolf, the report also reveals that 35% occur between the hours of 8:00 PM and 8:00 AM, and 14% occur on weekends – times when most employees and contractors are not online.  

Incidents detected per day. From 8am-8pm, there is a striking rise in the number.

The Arctic Wolf Security Operations Report also provides insight on how COVID-19 has increased the number of security operations challenges facing organisations, some of which include:  

  • A 64 per cent increase in phishing and ransomware attempts – Hackers have created new phishing lures around COVID-19 topics and modified traditional lures seeking to take advantage of remote workers.  
  • Critical vulnerability (CVE) patch time has increased by 40 days – A combination of higher CVE volumes, more critical CVEs and the emergence of a remote workforce has significantly slowed down the patching programs of many organisations.  
  • Connections to open and unsecured WIFI networks have increased by over 240 per cent – Remote workforces connecting to open and unsecured WiFi networks outside the office or home are now facing increased risks of malware exposure, credential theft and browser session hijacking.  

Organisations that embrace security operations are more secure, more resilient and better able to adapt to changing circumstances like we saw this year. Even as the pandemic completely changed the target environment and impacted the people responsible for protecting it, Arctic Wolf customers experienced no outages in coverage.  

For more detailed information and analysis, download the Arctic Wolf Security Operations report.