Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cybercriminals eye passwords and cloud vulnerabilities

Issue 1 2023 Information Security, Security Services & Risk Management


Carey van Vlaanderen.

“The cybercriminal is relentless, often sophisticated, and extremely persistent. In a constantly evolving threat landscape in which cloud adoption continues to grow and passwords are highly coveted by nefarious actors, attacks are expected to increase sharply in the coming year. However, this is being met with incredible advances and innovation from the cybersecurity industry,” says Carey van Vlaanderen, CEO of ESET South Africa.

Microsoft published its Digital Defence Report for 2022, which found a 74% increase in password attacks resulting in approximately 921 attacks per second. “Passwords remain an easy win for threat actors, but that is often because users give this attack vector to them on a plate. Attackers are cleverly compromising business networks prior to their phishing campaigns in order to look authentic, and even when victims believe they are carrying out their due diligence on a site, they can still be duped into believing they are in communication with the real deal,” Van Vlaanderen explains.

While nearly 1000 attacks per second is an astonishing amount, people and businesses can do much more to reduce this number. “Passwords continue to be something of an inconvenience in people’s lives, which is often down to not knowing or even trusting the free security layers on offer. Implementing password managers, on personal and work devices, can help force unique and strong passwords for all accounts applicable. Most importantly, introducing two-factor authentication on every account will hugely help reduce the impact of phishing campaigns,” she adds.

The past year has seen a tremendous increase in businesses and consumers embracing cloud and in 2023, this space will yet again, be the target of cybercriminals. Van Vlaanderen says the seismic shift from traditional on-premises to cloud hosting applications and infrastructure elevates cybersecurity risk.

While cloud services offer incredible benefits, it is imperative, from a risk mitigation perspective, to assign thought and attention to the following:

• Using a reputable cloud service provider – a fundamental first step

• Optimising and configuring using best practices

• Making use of best-of-breed cybersecurity software

• Multi-factor authentication (which should be standard)

• Encryption (which should be employed wherever possible)

• Strong password policies

• Assigning credentials and rights only to those that require access

• Redundancy is essential, backup and a disaster recovery plan should be enforced

• Test for vulnerabilities timeously

In 2022, spoof emails and ransomware defined the year and look set to remain a leading concern for people, businesses, and cybersecurity teams in 2023. “The damage caused by emails sent by cybercriminals that convincingly look like they originate from people within an organisation is real and extensive. These types of fraud usually try to create a sense of urgency, or employ scare tactics to coerce the victim into complying with the attacker’s requests. Emails with requests for quick payment should be handled with caution as emails can be spoofed with legitimate invoices but using cybercriminal banking details,” says Van Vlaanderen.

Despite ransomware reaching record levels this year, Van Vlaanderen says many organisations still do not understand where their most valuable data and systems lie, and therefore have inadequate data and protection. “A good starting place is to build an understanding of exactly all the data points that exist in your business. This enables clear strategy formulation on the data collected and stored. Irrespective of the size of your organisation, data protection is essential, and can be in the form of staff training, following compliance guidelines, utilising appropriate software, as well as ensuring data storage security combined with backups. There should always be a data or disaster recovery strategy in place.”

Van Vlaanderen predicts the continued innovation and adoption of smart technologies, IoT devices, car connectivity and infotainment, will present new attack vectors for cybercriminals in 2023. “Given the reality of attacks becoming more sophisticated and personalised, people and organisations cannot afford to be without some form of a protective solution in place, regardless of where the infrastructure is located or what device it is on.”




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Claude Mythos wake-up call
Technews Publishing AI & Data Analytics Information Security
AI has crossed a critical cybersecurity threshold and frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
957 women killed in three months
News & Events Security Services & Risk Management
Despite years of summits, task teams and public commitments, South Africa’s femicide rate remains around five times higher than the global average, and too few are using the legal lifelines available.

Read more...
Africa’s opportunity to shape the future of human-centred AI
AI & Data Analytics Security Services & Risk Management
Across the Global South, countries are not yet locked into decades of legacy AI systems, energy-intensive infrastructure, or governance frameworks designed for a different technological era. That creates something rare in technology development: a cleaner slate.

Read more...
AURA appoints Taryn Winer as global head of people
News & Events Security Services & Risk Management
Following its €13,5 million Series B funding round last year and accelerating international expansion, particularly across the United States, AURA has appointed Taryn Winer as global head of people.

Read more...
95% do not have full trust in cybersecurity vendors
Information Security Security Services & Risk Management
Trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels. Lack of verifiable transparency undermines cybersecurity decision-making, according to Sophos-backed research.

Read more...
Understanding the Shared Responsibility Model
Infrastructure Security Services & Risk Management
While the cloud can certainly be a growth enabler in many ways, it can also introduce new security risks. Companies want to have a clear understanding of where their security duties end and where their cloud service provider’s begin.

Read more...
Africa’s largest Zero Trust platform
NEC XON Information Security Commercial (Industry)
Africa has reached a significant cybersecurity milestone with the successful deployment of the continent’s largest Palo Alto Networks Prisma Access and Prisma Access Browser Zero Trust environment, supporting secure remote access for more than 40 000 users for a large enterprise in Africa.

Read more...
Supply chain attacks top threat over 12 months
Information Security
Supply chain attacks have become the most prevalent cyberthreat confronting businesses over the past year, according to a new Kaspersky global study, with nearly one-third of companies worldwide experiencing a supply chain threat in the past year.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.