The report reveals that ransomware attacks have surged, tripling over the past two years, with attackers increasingly employing social engineering tactics to infiltrate organizational networks.

It also notes a staggering 2.75 times increase in human-operated ransomware incidents year-over-year, often initiated through unmanaged devices.

Digital fraud is on the rise, with phishing attacks, especially those utilizing QR codes, increasing by 58% in 2023, leading to projected financial losses of USD 3.5 billion in 2024.

Phishing attacks are now frequently leveraging QR codes to trick users into disclosing sensitive information, although Microsoft Defender has successfully reduced such phishing emails by 94% between October 2023 and March 2024.

Password-based attacks remain a critical concern, with over 600 million identity attacks occurring daily, primarily targeting user passwords.

In response, Microsoft has blocked an impressive 7,000 password-based attacks per second over the past year, underscoring the urgent need for stronger authentication methods like passkeys.

To address these challenges, the Secure Future Initiative (SFI), launched by Microsoft in November 2023, emphasizes key principles such as 'Security by Design', 'Secure by Default', and 'Secure Operations'.

The SFI has mobilized 34,000 engineers and established the Security Skilling Academy to educate employees on best practices in cybersecurity.

Panji Wasmana, National Technology Officer for Microsoft Indonesia, stressed that effective cybersecurity requires a collective effort from all individuals within an organization, not just the IT department.

To mitigate phishing risks, organizations are advised to utilize trusted QR code generators and verify URLs before accessing them.

Additionally, to combat ransomware, organizations should monitor device usage and restrict access to unmanaged devices.

On October 31, 2024, Microsoft unveiled its Digital Defense Report 2024, which highlights significant changes in the global cybersecurity landscape, particularly concerning ransomware, fraud, and social engineering.