Microsoft has published its Digital Defense Report for 2022, finding a 74% increase in password attacks that resulted in approximately 921 attacks per second.

“Passwords remain an easy win for threat actors, but that is often down to users handing this attack vector to them on a plate,” explains Carey van Vlaanderen, CEO of the cybersecurity expert ESET South Africa. 

“Attackers are cleverly compromising business networks prior to their phishing campaigns in order to look authentic, and even when victims believe they are carrying out their due diligence on a site, they can still be duped into believing they are in communication with the real deal,” she continues. 

While nearly 1 000 attacks per second is an astonishing number, people and businesses can do much more to reduce this number. “Passwords continue to be something of an inconvenience in people’s lives, which is often down to not knowing or even trusting the free security layers on offer,” says Van Vlaanderen. “Implementing password managers on personal and work devices can help force unique and strong passwords for all accounts applicable. Most importantly, introducing two-factor authentication on every account will help reduce the impact of phishing campaigns hugely.”

Spoof emails and ransomware defined 2022 and look set to remain a leading concern for people, businesses, and cybersecurity teams in 2023. “The damage caused by emails sent by cybercriminals that convincingly look like they originate from people within an organisation is real and extensive. These types of fraud usually try to create a sense of urgency or employ scare tactics to coerce the victim into complying with the attacker’s requests,” notes Van Vlaanderen. “Emails with requests for quick payment should be handled with caution, as emails can be spoofed with legitimate invoices but using cybercriminal banking details.”

Despite ransomware reaching record levels this year, Van Vlaanderen says many organisations still do not understand where their most valuable data and systems lie, meaning their data and protection are inadequate.

“A good place to start is to build an understanding of exactly all the data points that exist in your business, enabling a clear strategy to be formulated on the data being collected and stored,” she advises. “Irrespective of the size of your organisation, data protection is a must and can take the form of staff training, following compliance guidelines, utilising appropriate software (as well as ensuring data storage is secure and backed up), and ensuring there is a data or disaster recovery strategy in place.”

Leave a Reply

Your email address will not be published.