Top Cybersecurity Threats To Avoid

Cybercrime is a monumental and growing threat, but there are things to be done to protect yourself from fraud and losses due to cyberattacks.
 

October is Cybersecurity Awareness month, and a good time to remind ourselves that anyone—individuals, small businesses, even local governments—can be vulnerable to cyberattacks. Cybercrime is a monumental and growing illegal industry. According to the Center for Strategic and International Studies, global losses from cybercrime are reaching $1 trillion annually. We’ve also lost quite a lot in our own area of Wisconsin and Illinois, too. As the FBI reports, residents of Wisconsin lost over $36 million in 2020, while Illinois, which falls in the top 10 for both number of victims and victim losses, lost a total of over $150 million. 

Despite these stark figures, there are things to be done to protect yourself—and your assets—from fraud,
identity theft, and other losses due to cyberattacks. In this post we’ll discuss the top threats and vulnerabilities to avoid to keep your family and your business safe from cybercrime.  

Top Cybersecurity Threats to Watch Out For

1. Malicious Apps and Malware

In tech language, any software or application whose purpose is to harm the user is said to be ‘malicious’. There are dozens of specific varieties of malware for both computers and other devices, like smartphones and tablets, but the main ones include viruses and worms, spyware, rootkits, and ransomware (more on this one below).

• Viruses and Worms: These forms of malware are often downloaded through high-risk websites and emailed links and attachments. They insert code into your computer or device and its software programming to make systems inoperable, or otherwise compromised, leaving you susceptible to cybercrimes including financial loss and identity theft.
• Spyware: This software allows scammers to spy on everything you do on your device, catching your sensitive data and login information in order to access your bank accounts, credit cards, and open new accounts in your name using your personal information.  
• Rootkits: A form of malware that allows hackers to gain control of your computer or device, logging into your accounts and stealing data.

2. Ransomware

Ransomware is one of the fastest growing forms of cyberattacks and deserves specific recognition—occurrences grew 300% between 2019 and 2020. Ransomware is a specific kind of malware that, like a virus, can be spread through means like phishing email links and attachments (more on this below), downloads from suspicious sites, and links on social media platforms. It locks you out of your computer, network, or even individual files. In order to gain back access, a ransom is demanded. 

These schemes affect both individuals and businesses, including many large companies. In fact, according to Forbes, about 80% of major corporations have been hit by these attacks, with about 60% of them choosing to pay. As an individual or small business, regular backups can help diminish the impact of ransomware. If you do fall victim, remember that there is no guarantee that your files or access will be returned once you pay the ransom—the reason why many choose not to pay.

3. Social Engineering Scams

We’ll take some time to discuss these particular cybersecurity scams, as they are exceptionally common and can affect anyone, regardless of age or socioeconomic status. In social engineering scams, criminals manipulate their victims into giving away money or divulging personal information to obtain access to a person’s financial accounts (or even open credit accounts in their names!). There are many ways that scammers can do this, from preying on people’s emotions or sense of trust to simple trickery. Here are a few common social engineering schemes to look out for:

• Phishing: Scammers contact their victims through email, text (SMS), social media messaging, popular payment apps, and phone calls. They will use a number of different approaches to obtain your financial or personal information, such as posing as a legitimate organization to get you to log into a fake website or pretending to be a colleague or loved one in need of urgent financial assistance. Whenever you receive an unexpected request for money or are contacted about an account that needs immediate action, pause and verify that the request is legitimate before clicking on any links, downloading any files, sending money, or giving away any personal or account information.
• Money Mule: In this scam, victims are the ‘money mule’, asked to accept sums of money and transfer them directly to another individual, or even (temporarily) into their own accounts. Mules are recruited through ads for easy money—often through social media accounts, but sometimes through actual signs and ads. Victims end up with a new “job” that has left them open to criminal liability.
• Romance Scams/Catfishing: Using social media and dating sites and apps, scammers pretend to fall in love with their victims, playing on their emotions or desire for a romantic connection. Eventually scammers will begin asking for money, using many different fraudulent excuses, from needing a plane ticket to visit their romance victim to dealing with a personal emergency. Read more about Romance Scams. 
• Nigerian Prince: Nigerian Prince scams are possibly one of the oldest email scams out there, and they are still alive and kicking. In the original scam, you would be emailed by supposed Nigerian royalty who needed your bank account or credit card information to help them out of a crisis situation—and of course, you would be paid back with huge financial rewards. Today, victims are still contacted via email, as well as text, phone call, or social media messaging platforms, and ask for urgent financial assistance for high-ranking international individuals, from many different exotic locations.
• Winner Scams:  Common on, but not limited to social media, potential victims are informed that they won a prize—but to retrieve it they must send money or share personal account information. Once they do, the scammer vanishes, and no prize is ever given.

4. Data Breaches and Third-Party Exposures

Many cybersecurity threats happen through no fault of your own by your data being leaked by hackers’ infiltration of trusted platforms that store your sensitive information. Many of these attacks are direct, when the computer systems of an institution or company—for instance your loan servicer or cell phone service provider—is compromised by cyber criminals. Locally, the personal information of some Wisconsin Southwest Health Center employees and their beneficiaries was possibly accessed by an unauthorized actor. 

Sometimes, however, your data can be stolen in less direct ways. Many major companies and services will use third-party vendors to help them with some specialized aspects of their operations. Cyber criminals will attack these third-party vendors, who have been given access to account information, possibly from many different places. This threat of data breaches can be experienced by anyone. For example, in 2021, the health plan and personal information of Major League Baseball players and their families was stolen in an attack targeting Horizon Actuarial, a consulting firm that partnered with the MLB Players Benefits Plan. 

The Wisconsin Department of Agriculture, and Consumer Protection keeps an up-to-date list of data breaches that could affect Wisconsin residents, with information about who to contact if you are affected. Residents of Illinois can contact the Attorney General if you have been the victim of identity theft associated with a data breach.

5. Cloud Vulnerabilities

Clouds are excellent services for storing and backing up data, without having to maintain your own servers or external hard drives. They are easy to use and remarkably safe from data loss due to hardware failures (unlike your personal equipment). However, they are vulnerable to data breaches, since the payoff for hackers accessing platforms with such vast amounts of data can be huge. 

Additionally, cloud storage companies can be affected by Denial-of-Service (DoS) attacks. Sites are flooded with traffic, crashing the system and preventing users and the companies themselves from accessing accounts. For instance, this past June Google faced an attack of 100,000 requests per second on one branch of its cloud services. Fortunately, they were able to block the traffic before any data theft damage was done.

6. Lost or Stolen Devices

A ‘low-tech’ problem for your high-tech devices. If your smartphone, tablet, or laptop is lost or stolen, the information found on it could leave you susceptible to cybercrime. When device passwords or passcodes are easy to guess—or you have no lock screen or required password at all—any information, accounts you are logged into, or sites where your password is stored that don’t require a secondary method of verification (two-factor authentication, 2FA) are at risk. Anyone who gets your device can instantly access them, drain your funds, make purchases, or change the login credentials. 

7. Configuration Mistakes

According to internal analyses by Microsoft, 80% of ransomware attacks could be attributed to configuration mistakes either in software or in the devices themselves. Hackers can exploit these misconfigurations. Threatpost points out that the most common configuration errors include leaving default passwords or usernames, reusing passwords, using Remote Desktop Services (RDS) without proper firewalls, and failing to keep operating systems up to date. With more and more employees working remotely, businesses must work extra hard to make sure all that equipment at home is properly configured.

8. Poor Password Protection

For some accounts, a password is all you have protecting your assets and personal information from cyber criminals. Choosing strong passwords for these accounts is key to keeping them safe. Strong passwords are long, include uppercase and lowercase letters, numbers, and special characters. Weak passwords are ones you’ve used before, contain important dates, names, or personal information, or are otherwise easily guessable (for example: Password123). Even a strong password can be vulnerable if you write it down and keep it near your device. Opting out of two-factor authentication is another way of leaving yourself and your online accounts vulnerable.

9. Inadequate Patch Management

The chances that a piece of software or firmware that is released is completely without bugs, or security vulnerabilities, is rare. In fact, ‘zero-day’ attacks—attacks on devices the day new software comes out—are common cybersecurity threats. However, all attacks certainly don’t happen on the first day. Sometimes it takes months for software engineers to spot and fix the vulnerabilities. Even if they catch them right away, and you choose not to download the suggested patches for the software, your system will still be at risk. 

For individuals, it might be as easy as accepting those security and software updates your computer prompts you to install. For businesses, having proper patch management is essential. Checking to be sure all employee software and operating systems are up to date and still supported by their publisher, as well as replacing outdated devices that are no longer able to use the latest software, are important aspects of patch management for your business networks. 

10. Unprotected Wi-Fi

While public Wi-Fi is generally safer than it used to be, there are some security risks that still accompany its use. Hackers can spoof legitimate public Wi-Fi accounts, setting up their own malicious networks that allow malware to spread to all connected devices. Additionally, some unsecured networks can allow hackers to see your activity, and if you visit non-secure sites (URLs that begin with “http”, instead of “https”), they could even steal your passwords and personal information. 

Protect Yourself from Cybersecurity Threats

Protecting yourself and your business from cybersecurity threats is essential to keeping your identity and your assets safe in today’s digital world. Avoiding the top ten threats listed above through awareness and proactive measures is key. Here are a few basic takeaways to keep in mind:

• Use a password manager to generate and store strong passwords safely. Utilize two-factor identification and facial ID to keep devices and accounts secure.
• Update your devices and their operating systems regularly.
• Download software and apps from official platforms only.
• Watch out for social engineering scams and be wary of any requests for login information, personal information, or money.
• Avoid public Wi-Fi but if you need to use it, use a VPN.
• Follow these tips on “Protecting Your Financial Data” from cybersecurity threats.
• If you own a business, take extra precautions with your networks and configurations. See our post “Top 5 Ways to Protect Your Business from Cybersecurity Threats” for more tips.
• Check out our tips for "How to Safely Manage Your Bank Accounts on the Go."

And lastly, understand that cybersecurity attacks and losses are common, and not all are avoidable, no matter how careful you are. If you find yourself a victim of cybercrime, know that you are not alone and there are steps you can take to protect yourself from further loss, recover your information or assets, or help prevent future attacks. Visit FNBT’s Security Tips and Fraud Prevention web page for additional resources and guidance.

To learn more about cybersecurity or to report a crime, check out the FBI's guide to cybersecurity,
Wisconsin Department of Public Instruction's Cybersecurity Resources, and this collection of resources from the Illinois Department of Innovation and Technology.