Picus Security Alerts Businesses to Increasing Incidents of Password Breaches in Enterprises

ByAdmin

Picus Security has released the Blue Report 2025, which reveals concerning findings from over 160 million attack simulations conducted in enterprise environments. The report highlights a significant deterioration in password security, with researchers discovering that passwords were cracked in 46% of the tested environments, nearly double the 25% figure from the previous year. This alarming trend is attributed to the ongoing reliance on weak or outdated password policies. Weak passwords and inadequate password management were central to the report’s most troubling statistics, indicating that enterprises are increasingly falling behind adversaries in maintaining secure authentication processes. Dr. Süleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, emphasised the need for an “assume breach” mindset, which encourages organisations to detect the misuse of valid credentials more swiftly and to enhance their identity controls and behavioural detection.

The report also found that attacks using valid credentials were successful in 98% of cases, allowing threat actors employing techniques such as MITRE ATT&CK T1078 (Valid Accounts) to evade defences with minimal resistance. This alarming statistic suggests that stolen credentials have become “practically unstoppable.” Compounding the issue, only 3% of data exfiltration attempts were thwarted by security systems, a sharp decline from the 9% prevention rate observed in 2024. This decline points to an escalating risk of large-scale data theft for many enterprises. Additionally, the Blue Report highlighted the persistent threat of ransomware, with certain strains, such as BlackByte, proving particularly challenging for organisations to counter, achieving a prevention effectiveness rate of only 26%. Overall, Picus Security observed a decline in overall prevention effectiveness across tested enterprise environments, dropping from 69% in 2024 to 62% in 2025, indicating a worrying erosion of defence capabilities. 

Categories: Password Vulnerability, Stolen Credentials and Data Exfiltration, Ransomware Trends 

Tags: Blue Report, Cyber Defence, Password Security, Weak Passwords, Stolen Credentials, Data Exfiltration, Ransomware Trends, Detection Gaps, Prevention Effectiveness, Enterprise Environments 

Leave a Reply

Your email address will not be published. Required fields are marked *