I spent some time with the CrowdStrike team last month going through their annual Global Threat Report. If you haven’t seen it, please do. This should be required reading for every cyber operator - https://go.crowdstrike.com/2025-global-threat-report.html
79 is the percentage of breaches that occurred without malware. Hence the much-used quote, “hackers don’t break in, they log in.”
For years a quick explanation of cyber-attacks read as follows:
- Software has vulnerabilities.
- Hackers figure out how to use these vulnerabilities to gain control of your computer, typically through malware.
- Once in, they do bad things to you.
And on defense –
- Identify vulnerabilities and patch to limit exposure.
- Look for and stop malware.
- Be resilient so you can recover from bad things.
No more. Or at least only 20% of the time.
Identity is our problem now.
But our defense hasn’t shifted. We are running a defense designed to stop the running game as the attackers throw passes over our heads. 79% of the time.
We need to adjust. Everyone has EDR. Few have identity protection. Why would anyone own Falcon EDR but not Falcon Identity? 79%!!!!
For goodness’ sake, why do passwords still exist in your network when we’ve all been aware that passwords are the weakest link for decades. HYPR, anyone?!?!
We need a wake-up call. The ball is going over our heads.