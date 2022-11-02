In our world, it is more important than ever to know what is going on in the world of cybersecurity & what is necessary to try to protect your information from being messed with by hackers and bad actors. There are plenty of interesting statistics that can give you an idea of how things are going in the world of information security and how worried you might need to be about potentially being on the receiving end of a cyber attack.

Most of this information comes from Abnormal Security: a cybersecurity company located in San Francisco, California working to create security solutions against digital attacks and the rest of the information in this article comes from the FBI. With all that being said, here are some quick statistics about how things are going in cyberspace when it comes to security...

According to Abnormal Security Confidential, about thirty-three million email credentials have been stolen in 2022 so far, which is a lot of information for hackers and cybercriminals to get their hands on without the victim's knowledge. Eighty-two percent of security breaches with information systems involve the human element. This means that most hacks have less to do with using technical knowledge to steal information from computer systems and more using deceit to trick someone into willingly giving you their credentials through some sort of scam. One of the techniques most commonly used by hackers to trick people into giving up their information is credential phishing: socially-engineered emails that trick people into entering their username and password into said emails.

Meanwhile, about one-fifth of hacks involve compromised credentials where someone actually has to use technical skills to steal passwords and keys they need to get access to other people's accounts. One of the most common attacks used for this kind of cyberattack is actually one of the simplest: the brute force attack. As you would expect from the name, a brute force attack is a form of trial and error hacking. A hacker looks at the most common passwords people use and guesses your password or uses a computer program to guess for them. They keep doing this for various different accounts until they find one weak enough to get in. Another common attack is password stuffing where you take a password that someone uses for one website and try it for other websites the person tends to use, hoping that the user they are attacking uses the same password for other sites.

Fortunately, there are some easy ways to defend against these attacks. When it comes to credential phishing, look for suspicious emails that can be faked. Look for any spelling errors and see if the email address you are getting the email for makes sense for the context it is supposedly being sent for (ex: if you see an email supposedly being sent from your bank, make sure it is being sent from a business email related to your bank, not some generic email like 'terry78@gmail.com'). When it comes to brute force attacks, you need to create strong passwords with letters, numbers, and maybe one or two special characters to make it hard to guess. For password stuffing, try your best to not use the same password over and over again for different sites, no matter how tempting it might be to do that to 'save time'.