According to a study by the United Nations, cybercrime has increased over 600% since the beginning of the pandemic. [1] This increase is due to the growing number of people relying on the internet for daily tasks. The pandemic ignited a shift towards a more digital economy — people use the internet to work, study, or buy home necessities. So cybercriminals saw the opportunity to take advantage of these new, vulnerable users.
If you’re interested in learning more about safeguarding your security and privacy while using the internet, this article is for you. I’ll discuss the threats to personal cybersecurity, the attacks you can expect, and tips you can use to avoid becoming a victim.
Digital Gold
In 2017, The Economist published an article titled “The world’s most valuable resource is no longer oil, but data.” [2] It explains how corporations utilize private information about their users to sell for millions of dollars. Most users are unaware of this trade-off — and that corporations like Facebook and Google harvest their data.
The value and importance of data lead cybercriminals to focus on attacking these digital assets. Attackers are also getting more sophisticated, developing better strategies to access some of our most private data. They target sensitive data including login credentials, banking information, smart home management devices, health records, and much more.
Attacks on Our Data
Now that we understand what cybercriminals are after, it’s essential to understand their attack methods. One of the most popular attacks on personal information is ransomware — the digital version of kidnapping. Cybercriminals use malicious software to encrypt their target’s data, and only release it once the victim pays the ransom.
In the past year, we’ve seen how ransomware has had real-world consequences and affected millions. In September of this year, a ransomware attack on a hospital resulted in the death of a newborn. [3] The number of ransomware attacks will likely continue to grow if users don’t protect themselves.
Attacks on Our Privacy
Malware developers usually design their code to cause damage or steal data from their targets. One type of malware that exploits users’ privacy is spyware, which tracks the user’s activity on their device. These attacks record images from the device’s camera, capture keystrokes, and may exfiltrate sensitive data.
The number of cyberattacks that use malware, including spyware, is rising annually. In 2009 the number of malware attacks was recorded at 12.4 million, ballooning to 812 million in 2018. [4] Of those attacks, 92% initiate through email. [5] This indicates a lack of cyber awareness among users.
How Does This Impact Me?
Cybercriminals are aware that most computer users lack basic digital literacy, which makes users low-hanging fruit. An average of 60% of Americans answer simple digital literacy questions incorrectly. [6] To combat this, technology professionals must educate users on safe practices for navigating the digital world.
Whether you know the difference between HTTP and SMB or barely understand how to search on Google, these are the common types of threats you face in the digital world:
- Availability attacks: When an attacker gains access to your accounts or devices, they can lock you out — eliminating the availability of your personal information. Ransomware falls into this category.
- Integrity attacks: An attack on the integrity of your data can result in a loss of money and assets — for example, a criminal gaining access to your banking information to deplete your balance. Cybercriminals use password attacks to compromise the integrity of sensitive information.
- Confidentiality attacks: Criminals may release private information about their targets — including government identification numbers, banking information, sensitive images, and more. Attackers use spyware and other malware like Trojan horses to exfiltrate sensitive data.
Practical Ways to Protect Yourself
Passwords are like underwear — change them often and don’t let anyone see them
Most users choose easy-to-remember passwords. This is convenient, but it also increases the risk of a breach. Cybercriminals use software that can “guess” thousands of password combinations in seconds. Security professionals recommend long, complex passwords of at least 12 characters, including uppercase letters, numbers, and special characters. Rotate your passwords regularly to reduce the risk of your accounts being breached.
But how are you going to remember all this? Instead of using our brains to store complex passwords, we should opt for password managers — software applications that store a user’s credentials, secured by a single master password.
Authentication… authentication… authentication
Multifactor authentication (MFA) is a common way to combat password attacks. MFA requires an extra step during the authentication process, drawn from one of five types: something you are (biometric), something you have (token-based), something you know (password-based), something you do (behavior-based), and somewhere you are (geolocation-based). This added layer helps reduce the risk of a cybercriminal impersonating an authorized user. A standard tool is the Google Authenticator app, which provides a secure token to add a layer of defense during authentication.
Stranger danger
A typical lesson we teach our children is not to take candy from strangers. The same lesson applies to the digital world: when interacting on the internet, keep a level of skepticism. Don’t click links from untrusted sources — including friends and family.
When you click a link, you send a request to a server to provide the file that holds the requested information. That file is where attackers place malicious code to trigger a cyberattack, so only click trusted links.
Another common method is bundling malware with a “normal” application. A Trojan horse provides a function to the user — such as an image editor or keyboard app — while also containing malicious code that executes on the target system. Only install applications from trusted sources such as the Microsoft Store, Google Play Store, and Apple App Store. Installing an untrusted application (sideloading) can drastically increase the chances of a breach.
Free WiFi is not free
Restaurants, malls, and coffee shops commonly provide free public WiFi. While convenient, it’s important to be aware of the dangers. Attackers often set up fake public access points to monitor traffic on the network — which is why you should never use a public network to send sensitive information or conduct sensitive transactions. If using a public network is necessary, use a Virtual Private Network (VPN), available on your device’s app store. A VPN encrypts your internet traffic, so even if an attacker monitors your activity, they can’t decipher what you’re doing.
Update your device
Cybercriminals are constantly finding exploits, which requires software developers to patch their applications. I know how annoying constant updates are, but they’re necessary. When we skip upgrading our devices, we leave doors open for cybercriminals to walk straight in. Make sure you’ve installed anti-malware software, too — these scan for common vulnerabilities and help keep your device up to date.
Conclusion
People are not always aware that we currently live in a world with two realities — one physical and the other digital. People already understand the rules needed to be safe in the physical world. It’s up to security professionals to provide users with the knowledge and tools to protect themselves in the digital one.
References
- Top UN official warned of cybercrime spike during the pandemic — Business Insider
- The world’s most valuable resource is no longer oil, but data — The Economist
- Ransomware hackers, hospital, first alleged death — The Wall Street Journal
- Cyber Security Statistics — PurpleSec
- Cybersecurity Statistics — Hosting Tribunal
- Digital Literacy in the United States — Statista