Poor Security Habits Caused Most Cyberattacks in 2024: Govt Advisory

The Cabinet Division has issued a cybersecurity advisory based on the Cisco Talos Annual Cybersecurity Attack Report for 2024. The report highlights major threats emerging from human negligence, weak digital practices, and growing reliance on insecure systems, urging all government and private sector organizations to implement best practices to protect digital assets and prevent unauthorized access.

According to the Cabinet Division advisory, the Cisco Talos report revealed that many cyberattacks in 2024 occurred due to the absence of multi-factor authentication (MFA), weak identity control systems, use of insecure VPNs, and exploitation of stolen credentials. Hackers managed to access sensitive systems and applications primarily by targeting vulnerabilities created by lax user behavior and insufficient security protocols.

The advisory emphasized that unauthorized access and data breaches could have been prevented through basic cyber hygiene, including strong password policies and avoiding the use of common credentials such as dates of birth or vehicle numbers. Additionally, users were warned not to configure official emails on personal mobile phones or use personal devices for storing official data.

According to the advisory, all email attachments must be encrypted and password-protected, with passwords shared through separate channels like SMS or secure messaging apps. Use of two-factor authentication (2FA) was strongly recommended, along with the installation of licensed anti-virus software, firewalls, and robust anti-spam filters. The advisory explicitly discouraged reliance on default spam filters of free email platforms like Gmail and Yahoo.

The Cabinet Division also warned users against storing data on cloud-based services or using online tools that require uploading official documents. Sharing sensitive material via WhatsApp, Telegram, or other messaging apps hosted outside Pakistan was also discouraged due to data security risks. Officials were instructed to use hardened scanners and avoid cracked software or unverified third-party applications.

Read more: YouTuber Rajab Butt summoned by Cyber Crime Agency in another Blasphemy Case

In its concluding recommendations, the advisory called for extra vigilance while using public Wi-Fi networks, as these are more susceptible to interception and credential theft. Users were reminded to regularly apply system and application security updates, and organizations were advised to share sensitive data with vendors strictly on a need-to-know basis using obfuscated formats.