- Over 4 in 5 reported security breaches from the past year were due to weak passwords.
- Multi-Factor Authentication is pivotal for online security. 90% of accounts targeted did not have MFA installed.
- Not a single client with an MFA password was attacked repeatedly whereas those who did not have this added layer of protection were often attacked more than once.
- Cryptoscams were the most popular scam email, accounting for 72% of recorded scams.
- 58% of employees targeted work in the accounts department.
New research has revealed the most prolific hacks and scams that businesses have experienced this past year.
Recent research carried out by Custard Technical Services, a UK based IT support and security company, looked into their internal data on security breaches and hacks.
The team at Custard discovered that most of the hackers were motivated by money, targeting employees that had access to the company’s funds, 58% of those targeted worked in the accounts department.
They found that weak passwords are accountable for 82% of security breaches where Multifactor Authentication (MFA) systems were not in place.
In fact, hackers are constantly attacking the passwords of non-MFA businesses using automated systems. 90% of people targeted did not have MFA.
Security application provider, North Pass, investigated password trends and uncovered 2021’s most hacked passwords. If you are using any of these passwords, Custard IT Services advise you to change them immediately, including any consecutive numbers such as 123456. This was the most commonly hacked password affecting a staggering 103,170,552 users.
To turn on multi-factor authentication simply visit your device settings under security and login and select how you would like to receive your second form of authentication, whether this be a text message or security key.
The study found that the most common type of scam detected by Custard Technical Services was the cryptoscam, amounting to 72% of the crimes recorded. This involves a scammer pressuring the individuals into transferring money via cryptocurrency, often threatening to leak material that doesn’t actually exist.
Most cryptocurrency payments are irreversible and generally are not protected by The Financial Conduct Authority. As a result, it is very unlikely that victims of these scams could recover any money lost.
Robert Hinds, Security Specialist at Custard Technical Services, stated: “Installing an MFA system hugely diminishes the vulnerability of a business by creating a multi-layered security system that requires users to follow several verification steps before gaining access to any resources. This defends from automated software that tries hundreds of thousands passwords to breach your systems.
“For employees targeted by scammers asking for payments, ignore these emails. The worst thing you can do is respond to the email, as the scammer will know your email is active, so you’ll receive further messages. If possible, don’t open the email as many have tracking attached that detects when you’ve seen it.
“There’s been a rise in scammers impersonating a colleague or messaging from an email that looks familiar, so call that person or IT whenever you receive a message like this. Don’t reply to the original email or action whatever they request.”
A previous study by gov.uk found that 39% of businesses reported cyber security breaches or attacks between 2020 and 2021.
As soon as cybercriminals ascertain credentials, they can attack data continuously without detection, making it almost impossible to decipher what information has been compromised.
Custard’s findings show that companies are getting scammed irrespective of size, sector or remote/in-office status.
Custard Technical Services is an award-winning IT support and security company that offers market-leading solutions to UK and international partners. The organisation is headquartered in Nottingham and London and has been assisting businesses with everything from IT infrastructure to disaster recovery planning for over two decades.
Custard Technical Services collected data on clients’ cyberattacks and scam emails January 2021 – January 2022.
Visit Custard Technical Services for more information