Adam Yeomans98% of Attacks Are Preventable

But weak security foundations give threat actors a real chance

To put it simply: the gap between simply having security tools and having assurance that they are protecting everything is where preventable attacks succeed.

Microsoft's latest research confirms that basic security hygiene still protects against 98% of attacks. The fundamentals do work when properly implemented. Yet here's the misalignment I see daily: enterprise-level companies actively deploy cutting-edge security tools while remaining fundamentally unaware of what they're actually protecting.

This disconnect: where organisations invest heavily in sophisticated technology yet lack visibility into their own digital assets, defines what our CEO Jon Abbott has coined as the 'Cybersecurity Sophistication Paradox'. Companies can tell you about their latest threat detection platform but can't tell you if their security agents are actually running on every device they're supposed to protect.

The Elementary Attack Vectors That Still Work

Despite advancing technology, the most successful attack vectors remain remarkably basic:

Credential-Based Attacks: These attacks take an average of 292 days to identify and contain; the longest of any attack vector. Attackers don't need sophisticated techniques when users employ identical passwords across personal and professional accounts, and when organisations struggle to implement comprehensive multi-factor authentication.

Missing Security Updates: Attackers predominantly strength-test older, vulnerable areas and breach through them. While attackers do target the brief window between patch availability and installation, they know that legacy systems remain unpatched for years.

Human Engineering: The Verizon 2024 Data Breach Investigations Report shows that 68% of breaches involved non-malicious human elements. Inescapable human error leaves us prey to social engineering attacks. Manipulative psychology hasn't changed despite technological advancement.

These attacks succeed because complete cyber hygiene breaks down at enterprise level. Based on these statistics, it's clear we need to return to basics and ensure they are done properly. However, this requires manual supervision across disparate consoles and multiple dashboards, leaving us with a painful amount of work to do…

The Current Approach Isn't Working

Most security teams we speak with approach asset discovery through a patchwork of solutions: Microsoft Intune for cloud-managed endpoints, Active Directory for on-premise discovery, and third-party scanners deployed across network segments. EDR platforms attempt to provide endpoint visibility across the estate.

And yet this layered approach creates significant blind spots. Even "successful" deployments reach only a fraction of endpoints, missing network equipment, IoT devices, and stealth devices that bypass traditional discovery methods. The result? Large portions of assets sit unmonitored with vulnerabilities on each one.

Security teams find themselves managing up to 20 different cyber security technologies, creating integration complexity and data silos that reduce response times and weaken the overall security posture. Alert fatigue overwhelms analysts whilst critical threats slip through the coverage gaps.

The Real Challenge: Tool Sprawl Without Foundation

For security teams already stretched thin, I understand this presents an enormous challenge. It's difficult enough maintaining operational security by reacting to alerts and manually patching end-user devices. The fundamental issue isn't the lack of tools. It's a lack of foundational visibility and control.

Your EDR agents may be deployed, but are they properly configured and functioning across every device they're supposed to protect? Your vulnerability scanners may be licensed, but do you really know which assets they're missing? Your patch management may be automated, but can you prove it's working on devices that truly exist in your environment?

Without answering these basic questions, sophisticated threat detection becomes meaningless. You cannot protect what you don't know exists, and you cannot trust tools you cannot verify are working.

The Prevention Stack That Works

Organisations with the lowest breach rates implement four foundational controls systematically:

Comprehensive Asset Visibility: Every active, end-of-life, and stealth device operating in your environment must be identified and continuously monitored. This includes devices that bypass traditional discovery methods and assets that exist outside your expected inventory.

Verified EDR Deployment: Beyond purchasing licences and installing agents, successful EDR requires proving deployment health across your entire estate. This means identifying whenever agents fall out of policy or aren't deployed where they should be, enabling immediate remediation.

Risk-Based Patch Management: Systematic patch management with automation transforms patching from a manual burden to a controlled process. The critical vulnerabilities affecting internet-facing systems demand patches within days, but you need to prioritise exactly which systems require attention and verify that the patches have truly been applied.

End-of-Life Equipment Control: Legacy systems accumulate vulnerabilities without remediation options. Threat actors target EOL systems and software with ceased security updates because these create permanent attack vectors. Security teams need granular insight into where these vulnerabilities reveal themselves and systematic plans for replacement or isolation throughout the device's lifecycle.

Implementation That Doesn't Break Your Team

The challenge isn't understanding what needs to be done. It's implementing comprehensive controls without overwhelming already stretched resources. Modern security platforms should automate the repetitive tasks that consume your team's time whilst providing the visibility needed for strategic decision-making.

Starting comprehensive asset discovery across your entire environment shouldn't require another project that burns out your team. The right approach combines automated discovery methods: network-based scanning, agent-based reporting, and API integrations, with intelligent analysis that identifies gaps and inconsistencies across your security tools.

Deploy EDR systematically with continuous health monitoring rather than hoping agents remain functional after initial installation. Consider it sustainable progress with verification that your tools are working as intended.

Establish automated patch management with verified deployment and risk-based prioritisation. The key is having systems that provide confidence rather than crossing fingers and hoping for the best.

Beyond Technology: Supporting Your Security Team

The Cybersecurity Sophistication Paradox persists because organisational culture still celebrates detecting sophisticated attacks rather than preventing basic ones. Let's be honest: we're all after a bit of glory in our day-to-day roles and typically, security teams gain recognition for impressive incident response rather than the unglamorous work of incident prevention.

Exceptional security professionals have explained to me that they are burnt out because their organisations reward firefighting over fire prevention. This must change if we want our best heads to stay in the industry.

Security teams need platforms that multiply their effectiveness rather than adding to their workload. They need tools that automate repetitive tasks and provide clear visibility into whether their security controls are actually functioning as intended.

The Path Forward

Microsoft's research confirming that 98% of attacks are preventable represents an achievable reality when organisations implement proven fundamentals consistently. But implementation requires tools that act as co-pilots for your security professionals rather than overwhelming them with yet another dashboard.

Your team shouldn't choose between comprehensive protection and sustainable workload. The question isn't whether prevention works because we know it does. The question is whether your organisation is ready to invest in platforms that make prevention achievable for the people actually doing the work.

Your security team faces enough pressure. Give them the tools to succeed without burning out.

Ready to see how the prevention stack can work in practice? ThreatAware provides security teams with automated asset discovery, EDR health verification, and risk-based patch management through a single platform.

Secure Every Device in Your Network

Instantly uncover and protect every asset in your IT estate with ThreatAware.

Identify unknown devices, reconcile asset data across platforms, and eliminate security gaps to ensure continuous cyber hygiene.

Request a Trial
App screenshot