The truth is that even though the threats might change, advice regarding mitigation in many ways stays the same:  

• Don't reuse passwords  

• Use a password manager to generate and maintain long, unique, and complex passwords 

• Keep your software updated  

• Enable multi-factor authentication for every account that permits it 

• Learn to identify and report phishing 

If we all put a premium on adopting these behaviors, we can take on today's cybercriminals together! 

Evolving Threats

One of the most prevalent issues you might hear about in the news is the continued rise of ransomware – This is when cybercriminals encrypt a victim's data and demand a ransom for its release. These attacks have become more sophisticated, often targeting critical infrastructure and organizations of all sizes, even very small businesses and individuals.  

Additionally, supply chain vulnerabilities have gained prominence, as attackers exploit weaknesses in third-party software and services to infiltrate their intended targets. This can result in more ransomware, and why we need to think about the security of our “Internet of Things” devices, like smart appliances.  

Although artificial intelligence and machine learning are becoming integrated into cybersecurity systems, there is a parallel rise in the potential for adversarial attacks, where AI models are manipulated to make incorrect decisions, posing a significant challenge for defenders. Large language models that use AI also make phishing emails far more sophisticated than even a year ago.

Understanding the Human Element

Why does cybersecurity remain such a challenge for so many of us, and what can we do to make it seem more achievable? We think it really comes down to three things: fear, uncertainty, and doubt.  

Our 2023 Oh Behave! survey of some 6,000 people in six different countries found that 37 percent of people said they felt intimidated, and 39 percent of people said they felt frustrated by cybersecurity. For many of us, cybersecurity can feel like a daunting challenge because it's a constantly evolving field. Attackers are always finding new ways to exploit vulnerabilities.  

The human factor always plays a significant role, but we don't want people to feel helpless. We can work together to make cybersecurity more achievable. Education is key – fostering a culture of cybersecurity awareness and teaching basic security habits goes a long way. Building software and devices with security in mind – a "secure by design" mindset – is also needed. Ultimately, a proactive and informed approach can make cybersecurity seem less daunting and more achievable for everyone. 

People know cybersecurity is important, but many employees don’t fully appreciate the fact that they are the biggest target in their organizations for cybercriminals. An example is an increasingly common threat we are seeing now are so-called "MFA fatigue attacks," where a bad actor tries to socially engineer employees to approve logins that weren't the employee. Criminals wouldn't target employees if employees weren't important! Even if you have MFA enabled, you then need to only approve logins that are actually you. There have been some instances of this happening, which is why we need to encourage people to think calmly and be transparent when a shady request heads their way. 

You Aren't Alone

Cybersecurity is not just a task for individuals, organizations of all sizes should make it a priority. Businesses should take multiple courses of action:  

• Use quality threat intelligence platforms to be proactive 

• Regularly update all of your software 

• Focus on quality employee training to combat social engineering attacks 

• Develop and audit an incident response plan  

Finally, support your security teams. They are working hard every day to actively seek out hidden threats!