TL;DR: 2022’s most common security failures included delayed patching, weak password reuse, poor backup discipline, phishing exposure, and thin identity protection, according to SentinelOne. The pattern is clear: identity, monitoring, and recovery controls fail together, so resilience depends on reducing trust in credentials and improving detection speed.
NHIMG editorial — based on content published by SentinelOne: 2023 review of the biggest cybersecurity mistakes from 2022
By the numbers:
- In the second quarter of 2022, the Anti-Phishing Working Group observed over 1 million phishing attacks, its worst quarter on record.
- Threat actors attempted access to publicly exposed AWS credentials in an average of 17 minutes, and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What fails when organisations rely on weak passwords and reused credentials?
A: Weak and reused credentials let attackers turn one compromised password into multiple valid logins, often across email, cloud, and admin systems.
Q: Why do cybersecurity mistakes often become identity problems first?
A: Because attackers usually need a valid identity before they can move quietly inside a network.
Q: How do teams know whether integrated security is actually working?
A: Look for fewer ad hoc exceptions, less manual rework, and more consistent handling of identities, secrets, and policy across delivery teams.
Practitioner guidance
- Prioritise patching by exploitability and exposure Rank remediation for externally reachable systems, known exploited vulnerabilities, and internet-facing admin paths before lower-risk internal updates.
- Remove password reuse from privileged access paths Require phishing-resistant MFA for admin, remote, and cloud access, and block shared or reused credentials from privileged workflows.
- Build identity telemetry into threat hunting Feed account changes, token use, impossible travel, privilege changes, and delegated access into hunting workflows so analysts can spot identity abuse before payloads execute.
What's in the full article
SentinelOne’s full article covers the operational detail this post intentionally leaves for the source:
- Specific examples of how the vendor frames identity protection, detection, and deception controls in practice.
- The full discussion of legacy antivirus limitations and the shift toward modern detection approaches.
- SentinelOne’s explanation of how its identity and monitoring capabilities are positioned against the mistakes highlighted in the article.
👉 Read SentinelOne’s review of the biggest cybersecurity mistakes from 2022 →
Cybersecurity mistakes in 2022: what identity teams should fix first?
Explore further
Identity protection is the missing control layer in many “basic” cybersecurity failures. The article groups together patching, passwords, phishing, and monitoring, but the common denominator is identity trust. Once credentials or sessions are accepted too easily, attackers do not need to defeat every other control. For IAM and PAM teams, that means the boundary between user security and enterprise security is much thinner than many programmes still assume.
A question worth separating out:
Q: Who is accountable when identity compromise causes operational disruption?
A: Accountability typically sits with the teams responsible for identity governance, infrastructure resilience, and incident response, because the failure spans all three disciplines. In hybrid estates, restoring endpoints is not enough if the identity layer is still compromised. Governance must define who owns trust restoration and recovery validation.
👉 Read our full editorial: 2022's common cybersecurity failures expose identity control gaps