The Cabinet Division also warned users against storing data on cloud-based services or using online tools that require uploading official documents.
Week Security Practices Behind Majority of 2024 Cyberattacks: Govt Advisory. The Cabinet Division has issued a cybersecurity advisory based on the Cisco Talos Annual Cybersecurity Attack Report for 2024.
The report highlights major threats emerging from human negligence, weak digital practices, and growing reliance on insecure systems, urging all government and private sector organizations to implement best practices to protect digital assets and prevent unauthorized access.
According to the Cabinet Division advisory, the Cisco Talos report revealed that many cyberattacks in 2024 occurred due to the absence of multi-factor authentication (MFA), weak identity control systems, use of insecure VPNs, and exploitation of stolen credentials. Hackers managed to access sensitive systems and applications primarily by targeting vulnerabilities created by lax user behavior and insufficient security protocols.
The advisory emphasized that unauthorized access and data breaches could have been prevented through basic cyber hygiene, including strong password policies and avoiding the use of common credentials such as dates of birth or vehicle numbers. Additionally, users were warned not to configure official emails on personal mobile phones or use personal devices for storing official data.
According to the advisory, all email attachments must be encrypted and password-protected, with passwords shared through separate channels like SMS or secure messaging apps. Use of two-factor authentication (2FA) was strongly recommended, along with the installation of licensed anti-virus software, firewalls, and robust anti-spam filters.
The advisory explicitly discouraged reliance on default spam filters of free email platforms like Gmail and Yahoo.
The Cabinet Division also warned users against storing data on cloud-based services or using online tools that require uploading official documents. Sharing sensitive material via WhatsApp, Telegram, or other messaging apps hosted outside Pakistan was also discouraged due to data security risks. Officials were instructed to use hardened scanners and avoid cracked software or unverified third-party applications.
In its concluding recommendations, the advisory called for extra vigilance while using public Wi-Fi networks, as these are more susceptible to interception and credential theft.
Users were reminded to regularly apply system and application security updates, and organizations were advised to share sensitive data with vendors strictly on a need-to-know basis using obfuscated formats.
Global Data Breach Hits over 180mln Users
Earlier this year, a massive global data breach has exposed sensitive information of over 180 million users, including those in Pakistan, prompting an urgent advisory from Pakistan’s National Cyber Emergency Response Team (N-CERT). The breach affects data from major platforms like Google, Facebook, Apple, and government portals.
N-CERT has warned that the stolen data, now stored in an unsecured database, could be used in automated cyberattacks, risking identity theft and system intrusions. Users are urged to change passwords, enable two-step verification, avoid sharing credentials via email, and use secure password managers. The advisory stressed immediate action to protect both individual and institutional digital infrastructure.
