Cyber attacks enabled by basic failings, Palo Alto analysis finds

Source: Cyber attacks enabled by basic failings, Palo Alto analysis finds | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4133342/cyber-attacks-enabled-by-basic-failings-palo-alto-analysis-finds.html

ONE SENTENCE SUMMARY:

Palo Alto’s 2026 IR report finds AI accelerates attacks, but most breaches stem from identity, visibility, and configuration failures.

MAIN POINTS:

1. Unit 42 analyzed 750 incidents across 50 countries for the 2026 report.
2. Fastest intrusions reached data exfiltration within 72 minutes, down from 2024.
3. AI compresses attacker reconnaissance, phishing, scripting, and execution timelines.
4. Common root causes remain weak authentication, poor visibility, and misconfigurations from tool sprawl.
5. Identity and trust issues contributed to 90% of investigated incidents.
6. Social engineering appeared in 33% of cases; identity phishing in 22%.
7. Credential abuse and brute force drove 21% of incidents; insiders accounted for 8%.
8. Excessive privileges affected 99% of 680,000 analyzed cloud identities, including long-unused accounts.
9. Machine, shadow, and siloed identities expand attack surfaces across hybrid environments.
10. Third-party SaaS exploitation occurred in 23% of incidents, often with limited customer visibility.

TAKEAWAYS:

1. Treat identity governance and least privilege as the highest-impact defensive investment.
2. Build real-time, cross-domain visibility spanning endpoints, networks, cloud, SaaS, and identity.
3. Reduce misconfiguration risk by simplifying security stacks and hardening defaults continuously.
4. Prioritize third-party SaaS risk management, including exposure assessment and shared-responsibility readiness.
5. Evaluate SOC modernization and managed detection/response for faster action, not just more alerts.