Sophos, a leading provider of innovative cybersecurity solutions, shared practical advice to help internet users safeguard their credentials and maintain continuous protection online.
Sophos
According to the upcoming Sophos Active Adversary Report, compromised credentials were the leading cause of attacks (42.06%) in 2025.
This is a strong trend that continues to dominate the scene, with cyber attackers demonstrating ever-increasing ingenuity and relying on new tools to compromise the security and privacy of internet users.
Read Also: Sophos Warns: Data Theft Now the Top Threat in Manufacturing Cyberattacks
John Shier, Field CISO Threat Intelligence at Sophos, said: “The way attackers are using automation and generative AI to massively increase the speed and volume of their attacks suggests that attacks will become faster and more sophisticated. The best approach to protecting our identities and digital data is to take a proactive stance on defense.”
“Criminals are increasingly targeting people rather than devices, and this trend is expected to continue and even accelerate. Once again, AI is being used as a weapon to create highly detailed phishing lures to entice people to disclose passwords or financial information through well-designed emails, text messages, and WhatsApp messages.”
1. Keep your devices up to date: the most important and simplest measure you can take to protect yourself in the long term.
Cybercriminals are constantly on the lookout for computers that don’t have all the latest security patches, making them easy targets for compromise. This includes computers, laptops, smartphones, tablets, and home Internet/Wi-Fi routers. In most cases, you just need to click “Check for Updates” or “Update Now” and allow the device to restart.
2. Use a password management tool, whether it is built into an operating system or a third-party tool.
Password uniqueness and complexity are then managed automatically, greatly facilitating account isolation and protection.
3. Enhance protection with phishing resistant (MFA).
Many websites offer the option of using an “authentication app,” a smartphone app that displays a unique code for a short period of time, which must be entered after the password, making it much more secure than simply using a password.
Also Read: Sophos Expands Portfolio with Workspace Protection to Secure Hybrid Work and Govern Employee AI Use
Better still, there is a new solution called “passkeys,” which generally uses biometric authentication on your smartphone (face scan, fingerprint) to log in without any password. This is the best choice when available.
John Shier concludes: “Criminals will never stop trying to steal from us, so we must remain vigilant. We know that they are constantly improving and becoming more skilled at deceiving us, so it’s up to us to move forward and improve our protections to stay safe.”
For more information, please visit: https://www.sophos.com
