Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Cybercriminals eye passwords and cloud vulnerabilities

Issue 1 2023 Information Security, Security Services & Risk Management


Carey van Vlaanderen.

“The cybercriminal is relentless, often sophisticated, and extremely persistent. In a constantly evolving threat landscape in which cloud adoption continues to grow and passwords are highly coveted by nefarious actors, attacks are expected to increase sharply in the coming year. However, this is being met with incredible advances and innovation from the cybersecurity industry,” says Carey van Vlaanderen, CEO of ESET South Africa.

Microsoft published its Digital Defence Report for 2022, which found a 74% increase in password attacks resulting in approximately 921 attacks per second. “Passwords remain an easy win for threat actors, but that is often because users give this attack vector to them on a plate. Attackers are cleverly compromising business networks prior to their phishing campaigns in order to look authentic, and even when victims believe they are carrying out their due diligence on a site, they can still be duped into believing they are in communication with the real deal,” Van Vlaanderen explains.

While nearly 1000 attacks per second is an astonishing amount, people and businesses can do much more to reduce this number. “Passwords continue to be something of an inconvenience in people’s lives, which is often down to not knowing or even trusting the free security layers on offer. Implementing password managers, on personal and work devices, can help force unique and strong passwords for all accounts applicable. Most importantly, introducing two-factor authentication on every account will hugely help reduce the impact of phishing campaigns,” she adds.

The past year has seen a tremendous increase in businesses and consumers embracing cloud and in 2023, this space will yet again, be the target of cybercriminals. Van Vlaanderen says the seismic shift from traditional on-premises to cloud hosting applications and infrastructure elevates cybersecurity risk.

While cloud services offer incredible benefits, it is imperative, from a risk mitigation perspective, to assign thought and attention to the following:

• Using a reputable cloud service provider – a fundamental first step

• Optimising and configuring using best practices

• Making use of best-of-breed cybersecurity software

• Multi-factor authentication (which should be standard)

• Encryption (which should be employed wherever possible)

• Strong password policies

• Assigning credentials and rights only to those that require access

• Redundancy is essential, backup and a disaster recovery plan should be enforced

• Test for vulnerabilities timeously

In 2022, spoof emails and ransomware defined the year and look set to remain a leading concern for people, businesses, and cybersecurity teams in 2023. “The damage caused by emails sent by cybercriminals that convincingly look like they originate from people within an organisation is real and extensive. These types of fraud usually try to create a sense of urgency, or employ scare tactics to coerce the victim into complying with the attacker’s requests. Emails with requests for quick payment should be handled with caution as emails can be spoofed with legitimate invoices but using cybercriminal banking details,” says Van Vlaanderen.

Despite ransomware reaching record levels this year, Van Vlaanderen says many organisations still do not understand where their most valuable data and systems lie, and therefore have inadequate data and protection. “A good starting place is to build an understanding of exactly all the data points that exist in your business. This enables clear strategy formulation on the data collected and stored. Irrespective of the size of your organisation, data protection is essential, and can be in the form of staff training, following compliance guidelines, utilising appropriate software, as well as ensuring data storage security combined with backups. There should always be a data or disaster recovery strategy in place.”

Van Vlaanderen predicts the continued innovation and adoption of smart technologies, IoT devices, car connectivity and infotainment, will present new attack vectors for cybercriminals in 2023. “Given the reality of attacks becoming more sophisticated and personalised, people and organisations cannot afford to be without some form of a protective solution in place, regardless of where the infrastructure is located or what device it is on.”




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
Your Wi-Fi router is about to start watching you
News & Events Surveillance Security Services & Risk Management
Advanced algorithms are able to analyse your Wi-Fi signals and create a representation of your movements, turning your home's Wi-Fi into a motion detection and personal identification system.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.