The prevalence of cyber-attacks is almost unavoidable. Some cyber-attacks are so large or significant that they can make the TV news but if you are anything like me you have had your friends tell you their Facebook account was hacked, or you have received a data breach notification email from some website to which you signed up. Sadly, this is the trend with cyber-attacks increasing 50% over last year. An estimated 30,000 websites are hacked every day and a company falls victim to a cyber-attack every minute. The estimated total cost of data breaches in 2021 was $6 trillion. Research estimates that 300,000 pieces of malware are generated daily. If you have ever wondered why some of the spam you get to your junk folders looks so bizarre is that it is almost certainly generated by a program or a bot. Such things are now on an automated almost industrial scale.
Tellingly 80% of the attacks are phishing. Phishing are those emails designed to entice you to click on a link, and more significantly give away your ID and password. This percentage is so high because it is the most effective method for the attackers with 90% of data breaches coming from such phishing attacks. In the digital world our weakest link is and always will be the people. This is not because people are inherently “weak” it is simply the unavoidable consequence of people having to have sufficient access to systems in order to do their job. If the hacker can steal your credentials, they can do anything that you can do. Which is why it is important that everyone has the level of access appropriate to their role. There was an incident in 2021 of a company who provided video security services being hacked and because too many of their users had elevated access it gave the hackers access to browse live feeds of over 150,000 cameras installed in factories, hospitals, classrooms, jails, and other locations.
Having said that people are not weak, we can do all what we can to be stronger. Appropriate cyber-security training is a must. Equally important is the use of a password manager app such a 1Password, PasswordBoss, or LastPass. It is true that these put all of your proverbial eggs into one basket, but it is a very secure basket, and they enable and encourage you to use a unique password for every system you use. You might not be that concerned if some minor site you signed up to years ago gets hacked, but if you have reused that password everywhere then all of your accounts are exposed. Two factor authentication is also incredibly useful when it is available. Many sites offer this through email, text or the use of an authenticator app on your phone. Both Microsoft and Google have authenticator apps that you can use for accounts outside of Microsoft and Google. They authenticate with either a tap or an ever-changing six-digit code. Sadly, you also have to maintain a pretty high level of suspicion and paranoia about any email that you receive. For all the blatantly obvious scams there are some incredibly sophisticated ones also. Particularly if someone you know and trust is being impersonated by the hacker. The moment you take to verify an email you are remotely suspicious of is time and money saved.