With work, education, e-commerce, and relationships increasingly being conducted, managed, and transacted online, it's no wonder that data security has become an urgent concern. As people share data insecurely for a host of reasons, they increase the likelihood of that data, at some point, being compromised. The method in which it could become compromised varies, but before diving in let’s start with basics.
According to the US National Institute of Standards and Technology (NIST), a cyberattack has multiple definitions. For the purposes of this blog, the two most useful are as follows:
“Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself”
“An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.”
There are many different strategies for carrying out a cyberattack. Three of the most popular and most effective include:
Ransomware: Also according to NIST, “a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access.” Some high-profile recent ransomware attacks include those against Entrust Corporation, the Los Angeles Unified School District, and Rackspace Technology.
Phishing: As Bitwarden notes in this blog, fake reach-outs, or phishing, frequently attempt to exploit users’ social and psychological states, sometimes relying on an element of urgency to compel action. Phishing attacks can have different objectives. They may try to trick people into divulging sensitive information like logins, health information, or SSNs, or redirect victims to websites that are embedded with malware. According to AAG It Services, phishing is the most common form of cybercrime and the use of stolen credentials the most common source of data breaches.
Social engineering: In a recent article, The Evening Standard’s Alan Martin defined social engineering as “psychologically manipulating someone to do what you want. Anything from flirting your way out of a speeding ticket to flattering your way to a pay raise is technically social engineering — albeit mostly harmless. In the context of cybersecurity, social engineering is a blanket term for non-technical tactics used by hackers to get something they want — be it access to private accounts or money sent their way.”
For more on the complex and calculated world of social engineering, check out ethical hacker Rachel Tobac’s Bitwarden blog, which is focused around the information cyber criminals capitalize on, how they select targets, and how users and organizations can stay secure.
The 2023 Bitwarden World Password Day Survey found that 20% of respondents had experienced a data breach. Both numbers are still exceptionally high.
While these statistics and facts may be daunting, there are many practical steps you can take to keep yourself secure against cyberattacks. They include:
Using a password manager and 2-step login. Password managers are one of the most simple and effective tools available for creating a secure profile online. To stay safe from data breaches, you need to create strong and unique passwords for every account, but remembering them all without help gets tricky. Using a password manager lets you easily protect yourself and your data.
Bitwarden, for example, generates, stores, and secures user data in an end-to-end encrypted vault that works across a multitude of devices and platforms. You should prioritize password managers that offer some form of two-factor authentication (2FA) because it helps increase user security for websites and applications. The name refers to requiring users to utilize two separate methods of verifying their identity in order to access an account. A useful definition for 2FA is that logging into a service involves something that you know, such as a password, and something that you have, such as your phone, hardware token, or other authentication code.
Creating random and unique passwords. Once you begin using a password manager, ensure your passwords are random (they don’t rely on easily identifiable personal information) and unique. They should also be long enough to ensure the necessary level of complexity. Strong passwords can be randomly generated for free using the Bitwarden Strong Password Generator.
Staying alert to phishing attempts. When it comes to phishing, the basics of internet safety apply. They include checking emails to ensure they’re coming from the institution in question; hovering over links to confirm they lead to the right website; not opening attachments from people you don’t know; and verifying URLs to ensure you are in the right place.
Messaging with encryption. WhatsApp may be one of the most commonly used messaging services in the world that offers end-to-end encryption. That doesn’t mean it's the most secure. In the linked article, The Guardian’s privacy reporter makes the case for Signal, which is singularly privacy-focused and does not rely on an advertising-based business model for profit. Bitwarden also recommends Threema, Element, and Session.
If you find yourself asking “what is a cyberattack” there are chances you’ve never experienced one. If so, you’re lucky - but in a world of increasingly sophisticated cyberattacks, it is better not to rely on luck. Although the general increase in cyberattacks is a given, their success is not. Using a password manager and two-step login; creating random and unique passwords; staying alert to phishing attempts; and messaging with encryption will equip you with the tools needed to greatly mitigate data loss and prevent privacy incursions.