How are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active Adversary Report for Business Leaders said criminals have used these credentials to log on and steal data. \n\nCompromised credentials were second only to unpatched vulnerabilities \u2013 the most common cause of attackers gaining initial access to targeted systems. In fact, in half of investigations included in the report, attackers exploited ProxyShell and Log4Shell vulnerabilities \u2014vulnerabilities from 2021 \u2014 to infiltrate organizations. \n\nIt\u2019s clear the threat environment related to these two factors has only grown in volume and complexity \u2013 to the point where there are no discernible gaps for defenders to exploit in their quest to protect the organization. \n\nWhy are so many vulnerabilities still going unpatched?\n\nBugs that date back years still linger \u2013 unpatched. That\u2019s why one of the primary areas security leaders should examine is how well their patching program works. So many vulnerabilities are still not getting the attention they require.\n\n\u201cI think there are several reasons why people still are not patching,\u201d said John Shier, field CTO, commercial at Sophos. \u201cFirst, I think there are some other business priorities that might get in the way of patching in a timely manner. It could be deploying a new system to enable the business takes priority.\u201d Other factors include a lack of defined process for patching within an organization. \n\n\u201cEvery month, there are patches released that need to be addressed, but for many teams it comes down to getting around to it. If there is little maturity in their patching program, there\u2019s often no defined cadence there, and it is of potentially little importance either.\u201d\n\nShier suggests defenders follow a few tips to enhance their patching process and to shore up defenses around credentials.\n\nSponsorship from the top down. Patching will always be low priority if executive leadership is not advocating for it. \u201cYou have to say, from the executive leadership: \u201cWe will have this patching program in place. We will define the patching timeframes; we will define the patching priorities.\u2019\u201d\n\nEnable multi-factor authentication (MFA). MFA for systems should be table stakes now, but for many it is still not in place. Shier says if your services are not protected with MFA they should be. If MFA is unavailable for the service, it should be protected by something capable. \u201cWe have seen credentials used in many attacks because authentication is not hardened enough. A lot of organizations are just not up to standards.\u201d\n\nMind your legacy systems. Shier says while some industries, like manufacturing, struggle with having older systems more than others, all organizations need to be mindful of updating older technology \u2013 which can often be behind attacks and breaches simply because they are so easy to exploit. \u201cFor example, Windows XP persisted for a very long time in some of these environments,\u201d said Shier. \u201cWhen you see that kind of thing it\u2019s both out of date technology but also the inability to take action on legacy systems.\u201d\n\nKeeping systems patched and credentials secure are some of the first essentials steps to preventing a data breach or an attack. Learn how Sophos can provide you with managed security to assist your organization with timely system updates by visiting Sophos.com.