Security and risk (S&R) pros face the challenge of using finite budgets to protect their business from every type of attack in the threat landscape. Adversaries commonly use public-facing vulnerabilities, phishing, and brute-forced remote access credentials to infiltrate organizations. Review critical processes to determine if these are gaps within your organization. One strategy for approaching this challenge is to use historical trends to prioritize protections against attacks that are the most probable. This report analyzes common attack patterns responsible for 2019 breaches.