Enterprise passwords have become more vulnerable, with 46% of environments yielding cracked password hashes, up from 25% in the previous year. Research involved over 160 million attack simulations, revealing a decline in cyber defense effectiveness while cyberattacks evolve. Only 3% of environments with cracked hashes could prevent data exfiltration, down from 9%. Notably, ransomware strains like BlackByte, BabLock, and Maori present significant challenges. Credential-dependent attacks succeeded 98% of the time, and preventative measures fell from 69% effective in 2024 to 62% in 2025, with 86% of attacks going undetected.
A report from Picus Security reveals that enterprise passwords have become increasingly vulnerable in the past year, with 46% of environments yielding at least one cracked password hash.
Performing over 160 million real-world attack simulations, research found that cyber defense effectiveness is declining while cyberattacks continue to evolve.
When cyberattacks leveraged valid credentials, the attacks were successful 98% of the time, highlighting the severe risk of credential theft.
Prevention effectiveness declined from 69% in 2024 to 62% in 2025, illustrating a worrying trend in cybersecurity preparedness.
Collection
[
|
...
]