Increase in cyber-attacks expected this year
Following Microsoft’s recent Digital Defence report indicating a 74% increase in password attacks, resulting in about 921 attacks per second, cyber-attacks are expected to increase this year.
ESET South Africa CEO Carey van Vlaanderen says passwords remain an easy win for threat actors, but that is often down to users lending this attack vector to them on a plate.
“Attackers compromise business networks prior to their phishing campaigns to look authentic, and even when victims believe to be carrying out diligence on a site, they still can be duped into believing they are in communication with a real deal,” van Vlaanderen says.
She adds that passwords continue to be an inconvenience in people’s lives, often down to not knowing or even trusting free security layers on offer.
“Implementing password managers on devices can help force unique and strong passwords for all accounts. Introducing two-factor authentication on every account helps reduce the impact of phishing campaigns,” she adds.
The past year saw a tremendous increase in businesses and consumers embracing cloud, and this space will yet again be a target for cybercriminals.
Van Vlaanderen says the shift to cloud hosting applications and infrastructure elevates cybersecurity risks.
While cloud services offer incredible benefits, it is imperative to use a reputable cloud service provider; optimising and configuration using best practices; using the best cybersecurity software; multi-factor authentication; encryption; strong password policies and assigning credentials and rights only to those who require access.
“The damage caused by emails sent by cybercriminals that look like from within an organisation is extensive. This fraud tries to create a sense of urgency or use scare tactics to coerce the victim into complying with the attacker’s requests. Emails with requests for quick payment should be handled with caution, as emails can be spoofed with legitimate invoices but with cybercriminal banking details,” says Van Vlaanderen.
She adds that many organisations still do not understand where their most valuable data and systems lie, and have inadequate protection.
“Build an understanding of all data points in your business, enabling a clear strategy on the data that is collected and stored. Irrespective of the size of the organisation data protection is a must. It can be in the form of staff training, following compliance guidelines, using appropriate software and ensuring data storage is secure and backed up, and a data recovery strategy in place,” she says.
She predicts that adoption of smart technologies, IOT devices, car connectivity and infotainment will also present new attack vectors for cybercriminals this year. “Given attacks becoming more sophisticated and personalised, people and organisations can’t afford to be without protective solutions in place,” she adds.