Phishing is often first step in complex, multi-stage attacks. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Barracuda.

Work computers have played many roles during the pandemic – hosting everything from social gatherings to workouts, online learning sessions, home shopping and Netflix streams. Family members have borrowed Mom’s computer to play online games, and passwords have been passed around. Cyber diligence has taken on a lower priority than it should have.

Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials.

Highlighting the threat that compromised passwords pose, a survey by HYPR identified that nearly a third of respondents had experienced a credential stuffing attack wherein cybercriminals attempted to employ a large number of stolen user logins and passwords to compromise applications and systems. Adding to the challenges already plaguing IT teams, hackers also use stolen passwords for personal emails.