I’ve been working hard these past few months marketing Virus Bomb and Bullseye Breach. But after some people called me a paranoid, condescending fear monger, I spent a long time soul-searching. I’m done soul-searching. I’ll wear that label as a badge of honor.
Back in June, 2019, I pitched to a group planning a May, 2020 meeting in Kansas City. I live near St. Paul, and Kansas City is about 400 miles and six hours away by car. Any trip would also need one or two overnights in a hotel, and all the expensive restaurant food that goes with that. And I was willing to take on that expense for the opportunity to get in front of a few hundred people and talk about cybersecurity and my books.
But not anymore, not with this group. One person said her husband works in an IT department and so she already knows everything there is to know about cybersecurity. Another one questioned why I was even allowed to pitch to this group at all.
That made me stop and think. Am I overly paranoid? Maybe all this hullabaloo over cybersecurity is just another way for paranoid, condescending fear-mongers like me to get rich quick.
While I’ve cleaned up more computer viruses than I can remember, maybe all that malicious software I removed was just an inconvenience for the people involved. And watching automated probes hit hundreds of firewalls I built over fifteen years – what’s the harm in all those probes?
What about all the data breaches we read about all the time? With every data breach, the credit card companies just send us different credit cards and somebody signs us up for free credit monitoring for a year. What’s the big deal?
And if Amazon, Google, Facebook, and others build elaborate profiles about every detail of our lives, so what? Small price for today’s conveniences. Besides, doesn’t the government regulate all those internet privacy issues for us?
Who do I think I am anyway? Maybe I really am just a paranoid, condescending fear-monger trying to stir up trouble. Maybe I should just shut up and crawl back under the rock I came out from under.
But then articles like this one come along. It seems a group of security threat hunters found evidence of attackers trying to plant malicious code into airport and hotel WiFi routers. Connect to an airport WiFi, buy something online, and lose your credit card number. And then this article and this one, about Amazon employees listening to Alexa conversations caught my eye. Just a few samples of the stuff I see every single day.
And then I think about the identity theft victims I know first-hand. A few told their stories, here, here, and here. And I think about the common thread that runs through every identity theft story I’ve seen – no help from law enforcement. Which is consistent with my own first-hand fraud story. Read about it right here. While we’re at it, here’s another first-hand story about a cyberattack and law enforcement. It’s what made me care about cybersecurity, way back in November, 2000.
But those are all just anecdotal stories. Maybe I made it all up to sell books. Let’s look up some statistics for a more global picture. It took me about fifteen seconds to find these numbers. Here is the source for the list below.
- In 2017, 6.64 percent of consumers became victims of identity fraud — that’s about 1 in 15 people
- Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average
- One in five victims of identity theft have experienced it more than once
- Over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses
- There’s a new victim of identity theft every 2 seconds
- Identity theft is one of the most common consequences of data breaches, and exposed consumer records jumped 126 percent in 2018
- Emotional distress is reported by 77.3 percent of identity theft victims
Beyond identity theft, here are a few overall cybersecurity statistics. Read details from this Cyber Defense Magazine article.
- There were 8,854 recorded breaches between January 1, 2005 and April 18, 2018. (Source: Identity Theft Resource Center)
- In 2017, 61% of data breach victims were companies with less than 1000 employees. (Source: Verizon)
- 43% of cyber attacks are targeted at small businesses. (Source: Small Business Trends)
- IoT attacks were up by 600% in 2017. (Source: Symantec)
- 31% of organizations have experienced cyber attacks on operational infrastructure. (Source: Cisco)
- DDoS attacks account for 5% of monthly traffic related to gaming. (Source: Cox BLUE)
- Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack (Source: IBM)
- Over 24,000 malicious mobile apps are blocked from the various app stores each day. (Source: Symantec)
- $2.4 million is the average cost of a malware attack in 2017. (Source: Accenture)
- There was an 80% increase in malware attacks on Mac computers in 2017. (Source: Cisco)
- 75% of the healthcare industry has been infected with malware at some point in time. (Source: CISION: PR Newswire)
- Around 60% of malicious web domains are associated with spam campaigns. (Source: Cisco)
- 38% of malicious files came in formats used by the Microsoft Office suite of products. (Source: Cisco)
- A business falls victim to a ransomware attack every 13.275 seconds. (Source: Cyber Defense Magazine)
- Reported system vulnerabilities went up by 16% in 2017. (Source: Varonis)
- 95% of data breaches have cause attributed to human error (Source: Cybint Solutions)
- 30% of U.S. users open phishing emails. (Source: Verizon)
- 12% of those who opened phishing emails later opened the infected links or attachments. (Source: Verizon)
- In the last year, 76% of businesses reported that they had been a victim of a phishing attack. (Source: Wombat)
Full disclosure – I wrote an article for the Nov. 2019 edition of Cyber Defense Magazine. Here is a link. My article starts on page 81.
Here is my message for people who think they know everything there is to know about cybersecurity. You don’t. And you would be smart to listen to people who do know more about it than you.
One more thought – I plan to share this blog post with the people who called me a paranoid, condescending fear monger. If you want to leave a comment and tell me how wrong I am, feel free. I’ll publish it. I’ll probably reply. And I’ll publish your reply to my reply and the whole discussion thread until it runs its course. Vigorous discussion is a good thing. But I have a few ground rules. Keep it civil. Keep it on topic. Keep profanity out of it. And stand behind what you say and identify yourself.