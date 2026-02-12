Global cybersecurity leader, Sophos, has revealed that compromised credentials are the leading cause of cyberattacks in 2025, accounting for 42.06 per cent of incidents according to its upcoming Active Adversary Report.

The company emphasised that the trend continued to dominate as attackers employ ever-increasing ingenuity and new tools to breach security. Speaking in commemoration of Safer Internet Day, Field CISO Threat Intelligence at Sophos, John Shier, contextualised the findings within the rapidly evolving threat landscape.

He stated: “The way attackers are using automation and generative AI to massively increase the speed and volume of their attacks suggests that attacks will become faster and more sophisticated.

He emphasised that a reactive security posture was no longer tenable, advising that “the best approach to protecting our identities and digital data is to take a proactive stance on defense.” “This shift is partly driven by a fundamental change in criminal strategy.

Criminals are increasingly targeting people rather than devices, and this trend is expected to continue and even accelerate,” he explained. The human element has become the critical vulnerability, with advanced technology serving as a force multiplier for deception.

“Once again, AI is being used as a weapon to create highly detailed phishing lures to entice people to disclose passwords or financial information through well-designed emails, text messages, and WhatsApp messages,” he added, noting that these AIcrafted communications are often indistinguishable from legitimate correspondence.

In response to this persistent threat, Sophos outlined a clear, multi-layered set of defensive actions for all internet users. The foundational step, described as both the most important and simplest, is to diligently keep all connected devices updated with the latest security patches.

“This includes not only computers and laptops but also smartphones, tablets, and home internet routers. Cybercriminals systematically scan for and exploit unpatched vulnerabilities, making regular updates a crucial barrier. “The second imperative is the adoption of a dedicated password management tool.

These tools, whether built into an operating system or provided by a third party, automate the creation and storage of unique, complex passwords for every account. This practice, known as account isolation, prevents a single breached password from compromising multiple services.

“The third and most robust layer of defense involves moving beyond passwords altogether. Sophos strongly advocates for the use of phishing-resistant Multi-Factor Authentication (MFA).

While many websites offer MFA via one-time codes from an authentication app, a significant improvement over passwords alone, the gold standard is now the adoption of ‘passkeys.’ “This newer technology typically utilizes biometric verification, such as a fingerprint or facial scan on a user’s own smartphone, to grant access without a password ever being transmitted or stored.

This method fundamentally neutralizes credential-based attacks,” Shier added. Concluding his advice, Shier reinforced the necessity of enduring vigilance, saying: “Criminals will never stop trying to steal from us, so we must remain vigilant.

“We know that they are constantly improving and becoming more skilled at deceiving us, so it’s up to us to move forward and improve our protections to stay safe.”