Cyber-attacks have grown in sophistication, persistence, and severity. No person, business or organization is safe from cyber-attacks, which means cyber security is of concern to consumers, businesses and governmental entities.
Cyberspace is particularly difficult to secure due to a number of factors: the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks.
The United States is the most susceptible developed country for cyber-attacks, where 39 percent of Americans personally experienced cybercrime within the past year, compared to 31 percent of people globally.
Phishing: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Phishing scams will likely remain a popular tactic for cybercriminals. Eighty-six percent of people said they may have experienced a phishing incident.
Nearly three in 10 people cannot detect a phishing attack, and another 13 percent have to guess between a real message and a phishing email, meaning four in 10 are vulnerable.
Millennials remain the most common victims of cybercrime, with 40 percent having experienced cybercrime in the past year.
The majority of consumers (80 percent) who took a compromising action experienced negative consequences, including identify theft, money stolen from bank accounts, credit cards opened in their name and unauthorized apps installed on their device.
Overconfidence in connected devices is making consumers more vulnerable. One in five connected home device users don’t have any protective measures in place for their devices.
There are steps that the average person (consumer), businesses and governmental entities can take to protect themselves from cyber-attacks.
Tips for Businesses, Consumers and Governmental Entities
Businesses and governmental entities should share the following cyber security tips with their employees:
Make your passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase).
- Change your passwords regularly (every 45 to 90 days).
- Do not give any of your usernames, passwords, or other computer/website access codes to anyone.
- Do not open emails, links, or attachments from strangers.
- Do not install or connect any personal software or hardware to your organization’s network without permission from your IT department.
- Make electronic and physical back-ups or copies of all your important work.
- Report all suspicious or unusual problems
Tips for Leadership and IT Professionals
1. Implement Defense-in-Depth: a layered defense strategy includes technical, organizational, and operational controls.
2. Establish clear policies and procedures for employee use of your organization’s information technologies.
3. Implement Technical Defenses: firewalls, intrusion detection systems, and Internet content filtering.
- Update your system’s anti-virus software daily.
- Regularly download vendor security "patches" for all of your software.
- Change the manufacturer's default passwords on all of your software.
- Monitor, log, analyze, and report successful and attempted intrusions to your systems and networks.
The U.S. Department of Homeland Security has the following resources available to businesses, consumers and governmental entities:
Other cybersecurity resources are available at: