It's been quite a challenge to identify the top five ways people are being hacked at the moment, because each industry has a different and very particular set of weaknesses that can be exploited to steal user credentials. Take for example the retail industry, where the majority of users are compromised via card skimming or POS intrusions. In contrast to healthcare, where those types of hacks are rarely seen.
The Verizon 2016 Data Breach Investigations Report (DBIR) came out earlier this year and the insights within it come from research gathered from 67 organisations across 82 countries, involving more than 100,000 security incidents and the analysis of 2,260 breaches. From this report, and other relevant articles, I have put together the top five ways users are getting hacked (in no particular order).
1. Password Reuse
We recently wrote about protecting users from password reuse attacks - that's when hackers use exposed credentials from a breach (like the LinkedIn one), to attempt to hack in to other services in the hope the user has re-used the same username/password combination in other places. In many cases, they have.
Make sure you have a unique and strong password for each login. It makes it harder for you to remember each one, so you should use a password manager. But the main objective is that it also makes it much harder for a hacker to get in.
2. Brute force attack
63% of confirmed data breaches involved leveraging weak, default or stolen passwords."
It takes less than a second to crack a simple password like '12345' or 'password', so it's no surprise that password hacking is one of the top ways people get hacked. Even Mark Zuckerberg recently proved he's not above using a simple password like 'dadada' (and not just on one site, he reused it across a few).
3. Social Engineering techniques - phishing, spear phishing, vishing, whaling, and privilege misuse.
Almost a third (30%) of phishing messages were opened...And 12% of targets went on to open the malicious attachment or click the link.'
Social engineering is a very common way for your users' credentials to be compromised at the moment. You may receive an email from what seems to be a service provider you use or a colleague you trust, asking you to click a link and login to your account, or asking for private information. It seems totally legit, so you hand over your credentials and: Account Compromised!
4. Physical Theft - work, car, and home
39% of theft is from victims’ own work areas, and 34% from employees’ personal vehicles.'
Not a high tech hack by any means but still ranking up there in the top five ways you can accidentally hand your login information over to the wrong people. Especially if you keep your passwords on a post-it note next to your PC.
5. Downloading malware - email attachments, websites serving up drive-by downloads, emails linking to pages with drive-by code installs
30,000 websites are infected with malware every single day' - Forbes
If you download malware via an email attachment, a link in an email, or by visiting the wrong website, you could end up with Ransomware, a key logger, or malicious code installed on your device. Best way to avoid this situation is to check with the person who sent the email that the link or attachment is okay before you open/click it, and don't download anything from a website you don't trust. (Just don't download anything.)
So there you have it! Hopefully you're following best practices, and none of the above is news to you. But share this with your colleagues, friends, and family, who may need a friendly reminder. And tell us your own experiences with online safety in the comments below!