Thoughts at the end of Cyber Security awareness month
October is Cyber Security Awareness Month, which the industry widely uses as an opportunity to talk about the advances and solutions in this space. Many companies launch security related features and plan their communication around this month.
The objective of this post is to share three thoughts I’d like you to think about and keep in mind beyond the month of October. I hope that this is relevant for both your personal and professional accounts.
- Everyone is at risk
- Bad actors are learning fast
- It’s your turn to take action
Everyone is at risk
Being on the Internet puts you at some level of risk. You might not be an elected official, famous crypto-currency investor, or a social media star. Most bad actors do their hacking activities for monetary reasons. Some go for high-value individuals like the ones mentioned above and others go for large volumes of relatively low profit victims.
If you consider yourself to be a “not interesting target” you’re still likely to get onto the target list of bad actors. Look at the work of these bad actors through the lens of “customer acquisition”. They keep it low to stay profitable.
As some hacked online-accounts are being sold for $1 or even less, it shows that the cost for the bad actors can be very low. Losing access to your emails, losing all loyalty points you accumulated over the past couple of years, having your social media account used to spam your friends, can cause financial ort other harm to you.
Even if you don’t think that anyone would target you specifically, there are enough bad actors out there that might be out for your accounts.
Bad actors are learning fast
Since most of the attackers are out for financial gains, their tactics need to be economically sound for the benefit they expect to get out of their activity. With that a whole ecosystem of tools and services, dedicated to make attacks of any scale cheaper and more effective has evolved. Bad actors benefit from this in two ways:
- They can make their work more effective and adapt faster to new protections and pivot to other avenues of account compromise.
- It makes their work more profitable by increasing their chance of success and attack reach.
Thinking that hackers only send out badly written emails with spelling mistakes and you just need to use your common sense to stay safe is not enough.
It’s your turn to take action
The Internet is “unsafe at any click” — to apply artistic freedom to Ralph Nader’s book from 1965. While the industry has made significant progress in increasing the default security baseline everyone gets, there’s still work to be done for you, and it often requires you to understand more about the subject than you might care to know.
The good news is that most online platforms give you the tools to significantly increase your defense mechanism and make it uneconomical for most of these attacks. The bad news is that, most of the time, you need to take action to benefit from them.
If you enable 2-Factor Authentication to all accounts (where available), make sure to use reasonably strong and unique passwords for each service, and keep your software up to date, you have made big steps to be safer on the internet.
