• A Distributed Crisis
  • Data and Methodology
  • Data Sprawl in the Cloud Era
  • Data Complexity in the Cloud Era
  • Threat Actors have Changed with the Times
  • Moving from Chaos to Confidence: A Plan of Action
  • Recommendations

  • Share

    •

    THREAT ACTORS
    have changed

    with the times

    Today's adversaries operate with purpose, discipline, and business-like precision, constantly adapting their tradecraft to exploit modern enterprise environments.

    The highly distributed computing world has enabled them to be more sophisticated and persistent. Cryptocurrencies, in the meantime, have made it easier to expand their "business" of ransomware.

    "Access broker activity surged in 2024, with advertised accesses increasing by nearly 50% over 2023. Meanwhile, valid account abuse was responsible for 35% of cloud-related incidents, reflecting attackers' growing focus on identity compromise as a gateway to broader enterprise environments." 1

    (Crowdstrike)

    Microsoft noted the eye-watering number of identity-based attacks in their Microsoft Digital Defense Report, where the company said that it blocks over 600 million identity-based attacks daily.2

    (Microsoft)

    "In 2024, malware-free activity accounted for 79% of detections, a significant rise from 40% in 2019."1

    (Crowdstrike)

    And finally, they also observed a dramatic decrease in the amount of time it takes for a threat actor to move from the area they initially compromised to other systems (aka breakout time).

    In 2024, the average breakout time for interactive eCrime intrusions fell to 48 minutes, down from 62 minutes in 2023

    These stats are alarming for any organization with data in cloud or SaaS environments.

    And with the growth in identity-based attacks, opponents are logging in, not breaking in, something that is a lot harder to detect and stop in any environment. That initial foothold also makes it much easier to move quickly across IT systems.

    Here's what IT and security leaders said about how these circumstances are affecting them on the front lines:

    IT and security leaders said that the types of cyberattacks they were experiencing are

    coming from
    all directions.

    (Wakefield)

    cloud

    IT and security leaders most often experienced the following results after a cyberattack

    (Wakefield question)

    However, it's worth noting that as a whole, their experience ran the gamut from increased security measures and costs to unrecoverable data loss.

    1 CrowdStrike - 2025 Global Threat Report 2 Microsoft - Microsoft Digital Defense Report
    Continue to next chapter