Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Verizon: Stolen Credentials Tops the List of Threat Actions in Breaches

    Verizon: Stolen Credentials Tops the List of Threat Actions in BreachesVerizon's DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks.

    This year's Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere.

    So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of “Other” (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches.

    According to Verizon, stolen credentials were the “most popular entry point for breaches.” As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike.

    And it’s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised – something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim.

     

    Return To KnowBe4 Security Blog

    The world's largest library of security awareness training content is now just a click away!

    In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

    You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

    ModStore01-1The ModStore Preview includes:

    • Interactive training modules
    • Videos
    • Trivia Games
    • Posters and Artwork
    • Newsletters and more!

    Start Your Preview

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/training-preview

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews