Cybersecurity Awareness Month has drawn to a close and once again, the industry – including My1Login – used the period to educate organisations on malicious activity, report on the growth of cybercrime and help organisations become more aware of, and better armed against, attacks.
The conclusion from the month is clearly that cybercrime is wreaking havoc on an unprecedented scale and organisations must prioritise their defences. Attack frequency is increasing, losses are surging, and the army of malicious actors organisations face every day continues to explode.
What’s more, today criminals are relying on technology to attack technology. With ChatGPT becoming the cyber weapon of choice, it’s never been easier to generate sophisticated phishing scams, lure an employee into handing over their workforce credentials, and then launch a devastating ransomware attack against an organisation, all in a matter of minutes.
But if this thought isn’t enough to induce fear in organisations, this Halloween, to mark the end of Cybersecurity Awareness Month, My1Login is releasing a summary of the most frightening cybercrime statistics from 2023 that have been haunting our nightmares all year.
These worrying statistics reinforce the realities of cybercrime, revealing how employee credentials are still the number one weakness that continue to spook organisations.
Isn’t it time we put a nail in that coffin and shore up our cyber defences for good?
1. 24 billion username and password combinations are available for sale on dark web sites
2. 74% of breaches include a human element – whether through social engineering or stealing a credential
3. Between July 2022 – July 2023, Microsoft saw 4,000 password attacks per second targeting its customers’ Microsoft cloud identities
4. In the month of June 2023 alone, Microsoft detected 158 million instances of password reuse across sites
5. 5% of Global GDP is Laundered on the Dark Web
6. 57% of people reuse the same password across their workplace and personal accounts online
7. The recent cyberattack against MGM Resorts that was executed via a social engineering attack on an employee cost the organisation $100 million
8. 99% of cyberattacks could be prevented by adopting good security hygiene
“The clear link between each of these statistics is that user credentials feature in almost all breaches and are the number one target for attackers,” said Mike Newman, CEO of My1Login. “Criminals understand that by stealing one valid employee password they can infiltrate a corporate network, steal data, or execute ransomware.
“Organisations must improve their defences against credential-breaches, and this should be the number one takeaway from this year’s Cybersecurity Awareness Month. Even when organisations practice good security hygiene, unsecured user credentials can still pose a serious threat.
“To make real improvements to security, organisations can rely on modern workforce identity management solutions that provide Single Sign-On and enterprise password management, enabling passwords to be used where applications rely on them, but have them hidden from the workforce.
“This prevents employees giving away credentials in phishing scams and removes the need for them to create their own passwords, which are often easy to guess via brute force attacks.
“It also reduces the chances of credentials being stolen and then used against an organisation in a data breach or extortion attack. It’s time we fight back against this attack vector, otherwise organisations will always be on the backfoot, and breached, weak or stolen passwords will continue to haunt enterprise security efforts.”