In the 21st century, we're constantly surrounded by cyberthreats. From Nigerian princes trying to give us millions to the new facebook friend who is wearing a little fewer clothes than normal, threats to our online security seem like an almost constant affliction.
While many companies have taken drastic security steps to try and make the internet a safe place – things like 2-step verification, hashing of data, proxy servers – there are still certain hotbeds that pose the most risk. So what are these hotbeds, and what are the risks that they pose?
Essentially everyone on the planet has a social media account, with Facebook alone having 2.37 billion active users.
Reports that have studied American interaction with social media note that the typical U.S. resident visits around 3 of the top social media sites each day, depending upon their app usage patterns. All this equates to humans thinking life on social media functions pretty similarly to real life, even on the security front. But we need to be treating social media as a constant security threat, obviously within reason.
Social media platforms have roughly 20% more avenues that malware can be transmitted to a user through, such as strange friend requests, plug-in requests from, say, a mobile game, or even malicious ads that Facebook's algorithm didn't ban. 20% more may be a number hard to quantify, but here's one that's much easier: $3.25 Billion USD. That's the amount of money that social media cybercrime makes each year in revenue.
If you're like me, at this point you're probably trying to figure out what you can watch out for then after learning how big of a market social media cybercrime is. Here are the top types of social media attacks.
Your biggest threat on social media is... yourself. Modern social media has created an air of safety for users where they can share the most personal of information, often open to the public. Reconnaissance attacks are those where malicious actors are able to collect and analyzed overshared user data that can then be compiled to create a holistic picture of the actual person.
This is the type of data that would let hackers get past your security questions on sites, like the name of your dog, the street you live on, or who your first crush was.
Social engineering is no longer just something that scam artists on the side of the street use, rather they now have a wealth of online means to steal your data. Through fake profiles or user information, hackers can slide into your DMs and toy with your emotions.
This is a fairly common social media attack, where through personal messages or through legitimate-looking links, cybercriminals are able to get a small percentage of people to follow up and provide them with desired financial or personal information.
These two methods are the most common and overarching techniques for the social media cybercrime threat, but there are also very many prominent threats out there, such as business phishing.
58 percent of cybercrime victims are small businesses. That is a sobering statistic when you consider that most small businesses are usually people massively in debt pursuing a dream they've had since they were kids. The other unfortunate truth is that most cybercrimes done to small businesses are easily preventable and protectable against.
The most common reasons that businesses fall victims to cybercrimes are:
- Untrained employees
- Using personal devices for work
- One single IT person, rather than a team
- Data loss
61% of all business data breaches fall on the heads of an untrained or non-observant employee. Most commonly, through employees falling victim to easily detectable phishing scams.
A good example is an email sent to the head of HR, posing to the CEO of the company, asking for the W-2 forms of every single employee at the company for an investment meeting. While that may sound absurd, it has happened, multiple times. All of that data was compromised.
Business phishing is perhaps the biggest cybersecurity threat we have, mostly because all it takes is one naive employee to give away the financial information for an entire company.
So how can businesses protect themselves from phishing scams and other cyberattacks? Through:
- Better employee training
- Improving personal device security
- Hiring an outside agency for IT
- Planning for the worst with a disaster recovery plan
Business cybercrime is no laughing matter; and if you're a business decision-maker in any industry, you need to take it seriously. I'll give you a number to drive it home: $5,600. That's the amount of money lost every minute across every industry by businesses that have fallen victim to cybercrimes. That's over 8 million dollars every day.
Whether you use email on a daily basis for work or just check it occasionally for offers from your favorite companies, it has now become the biggest cybersecurity threat we have.
1 in every 99 emails is a cyberattack. That means that every week you probably get at least one cyberattack. Or, if you're like me, then you probably get one every day.
On average, this means that companies get 4.7 phishing emails per employee each week. That's an insane metric when you consider that all it takes is one employee falling victim to phishing to expose your entire company.
Email phishing is also a massive threat to consumers. Scams have gotten much more complex than the tried and true Nigerian prince email. Through a combination of social media and social engineering, phishers of your personal information can use target email attacks to make it seem like they're an old friend looking for cash or even a neighbor needing your HOA dues.
If you want to take a look at how big of a threat email poses to our cybersecurity, the infographic below lays it out in every gory detail.