Cyber crooks are making almost 1,000 attempts to hack account passwords every single second – and they're more determined that ever, with the number of attacks on the rise.
The figures come from Microsoft's Digital Defense Report 2022 and are based on analysis of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services.
It warns that cyberattacks are on the rise, with account passwords still very much the main target of hackers – particularly as many accounts are vulnerable because they lack any additional layers of protection beyond the password itself to help keep them secure.
According to Microsoft, the volume of password-based attacks has risen to an estimated 921 attacks every second – representing a 74% increase in just one year for what's the primary method through which accounts are compromised.
The report suggests that 90% of accounts that get hacked aren't protected by 'strong authentication' – meaning that the vast majority of accounts that get breached only have one layer of protection as opposed to having an additional layer of multi-factor authentication (MFA) for added verification.
But according to figures from Microsoft, the number of accounts protected by MFA remains low, even for administrator accounts, with under one in three protected with an additional layer of authentication – although the number of accounts protected in this way is slowly rising.
"Many cyberattacks are successful simply because basic security hygiene has not been followed," said Microsoft – and the company urges organizations and users to apply minimum standards to help protect accounts as even basic security hygiene still protects against 98% of attacks.
It's also recommended that zero-trust cybersecurity principals are applied across networks and devices, so it's difficult for an attacker to gain full access to systems with a single login using a compromised account.
And in the event of suspecting that your password has been hacked, you should change it immediately – and consider using a password manager to help ensure each of your accounts is secured with a password that's both strong and unique to help protect your data from hackers.