Last updated at Fri, 10 Nov 2023 00:09:53 GMT

We've gone a little Halloween-crazy this year over here at Rapid7 Towers. Check out this week's Whiteboard Wednesday video to hear how organizations are like the protagonists of horror movies; making decisions that may ultimately make them vulnerable to attack. In addition, while we were carving our pumpkins and sewing our costumes, we got to thinking about one of the most horrifying realities in information security: many organizations keep falling victim to the same tricks they've seen in the past. We saw this reflected in Verizon's 2013 Breach Investigations report, which revealed that a terrifying 78% of initial intrusions were rated as low difficulty, while 75% were considered opportunistic attacks.

So we looked into a number of specific threats and security concerns and found a huge amount of data that highlighted the issue, both from our own original research, and from 3rd parties in the industry. For example, 55% of people are still reusing passwords across multiple sites (source), despite the number of high-profile breaches that compromised credentials in the past few years [Life's a Breach, for example]. This is particularly chilling given that 76% of network intrusions in 2012 exploited weak or stolen credentials (again, according to Verizon's brilliant breach report).

We compiled some of the stats we found into a Halloween-inspired infographic, below. This includes a sneak peak at some upcoming mobile risk research, which updates the research conducted last year

When it comes to learning the lessons and mitigating known threats, one of the biggest challenges security professionals face is the awareness and interest of users.  It's incredibly challenging for security professionals to mitigate the risk represented by users, who are frequently unaware of the threats, or don't take them seriously, as the passwords stats above, and many others in the infographic highlight.  We've been trying to help tackle this throughout October – which is National Cyber Security Awareness Month – with a series of short primer emails you can send around your organization to help you educate users on major threats they may face.