top of page

Most organisations are not being defeated by unknown magic

  • Writer: Stephen Oke
    Stephen Oke
  • Jun 25
  • 1 min read

Recent threat reports show that successful attacks are still commonly driven by known and preventable weaknesses. Verizon’s 2026 DBIR says 31% of breaches now start with software vulnerabilities, while Mandiant found exploits were the leading initial infection vector for the sixth consecutive year, accounting for 32% of intrusions. Sophos also found that 67% of investigated incidents were rooted in identity-related weaknesses, with missing MFA present in 59% of cases.


Questions leaders should ask:


1. What are our most exposed internet-facing systems?

2. Which known vulnerabilities remain unpatched on critical systems?

3. Are all privileged and remote-access accounts protected by Multi-Factor Authentication?

4. Can we detect and respond outside business hours?

5. Have we tested recovery, not just prevention?


The message for business leaders is clear: resilience depends less on buying more technology and more on knowing what is exposed, patching what matters, protecting identity, and rehearsing response.




 
 
bottom of page