NordVPN says its research shows 330 brits are hacked every minute. It means that, on average, people suffer 5.5 attacks per year, with an attack happening every 0.2 seconds. The question is, how much of an underestimate is that number? NordVPN believes that most people don’t realise they’ve experienced a hack.
According to Adrianus Warmenhoven, a cybersecurity expert at NordVPN, “Hacking has reached epidemic proportions in the UK. Some of the attacks happen so often that people don’t even regard them as cyber crime. However, each of the incidents we included in the study wouldn’t be possible without hacking or one kind or another.
“Encountering even those incidents that appear innocuous, like hard-to-close internet pop-ups, should cause alarm and prompt you to check for malware. Lurking behind each of these digital misadventures is a hacker resorting to crime to make money. Don’t make it easy for them.”
What do the numbers tell us?
The table below shows the hacks NordVPN identified and the percentage of people who experienced them. It tells a worrying story but, sadly, lacks some key context. For example, how many people responded? How many experienced these incidents on work and personal devices? What type of device were these hacks most commonly seen on?
|Hack||% People Who Experienced Hack At Least Once|
|While browsing, I got a pop-up advertisement that was extremely difficult to close||48.1%|
|Friends/colleagues reported receiving suspicious emails containing links or attachments from my email address||30.4%|
|My internet browser suddenly opened up a website I didn’t click on||30.2%|
|My computer or phone was infected with a virus||19.4%|
|My email, social media or financial accounts were locked or hacked||18.3%|
|My password(s) or username(s) were stolen||18.2%|
|I was tricked into clicking a link and entering personal/bank details on a fake website||15.3%|
|A file was downloaded to my computer without my consent||15.3%|
|My financial data, bank credentials, or money was stolen online||12.5%|
|I was asked to pay a ransom to regain access to my accounts, the files on my computer or prevent such information being published online||11.3%|
|Data on my computer was damaged or destroyed due to a cyber attack||10.1%|
|I lost access to my computer and/or the files on my computer due to a cyber attack||9.7%|
|Hackers took control of my webcam||7.7%|
Nothing new in this list
Many of the attacks listed above have been around for some time. For example, persistent ads that refuse to be closed and the random opening of websites. The latter, in particular, was called out by Avast last week. It has seen teens recruited to a malware-as-a-service platform for writing and distributing malware. One of the common results was attackers setting browsers to open pornography and other websites to annoy rather than extort.
The same is true of spoofed emails that appear to come from your account. Unless you have the skills to look at the email headers and routing data, you don’t know what has been faked. It is highly likely that many of those attacks above fall into this category.
The loss of credentials can then lead to other attacks. It is a gateway act often masked when people focus on the end impact rather than the cause. Once the credentials are lost, stolen or phished, the other attacks above become easier.
What should we do about it?
The NordVPN response is predictable. For example, use strong passwords, encrypt files, and don’t click on dodgy links or emails. It is nothing new in terms of advice and, again, puts the onus on the user to fix the problem.
It also wants people to keep social media more locked down and keep personal data, phone and home addresses, out of the public eye. For the majority of consumers, that first horse has well and truly bolted. Second, they have to give up that data to use many websites. The leakage of that data is constant and ongoing. Most of it comes not from the user but from organisations and their websites. Those organisations must do better.
Finally, it wants people to use a VPN. No surprise there. Yet despite awareness of the technology, its usage still isn’t universal.
Enterprise Times: What does this mean?
It is also oversimplistic to say users should be more aware of many of these attacks. Some are, some aren’t. The problem is that the training we give people doesn’t always deliver on increased awareness and security. The answer is also not just about technical controls. We have plenty of those, but many are not applied correctly or accurately enough.
There are so many questions that could have been asked from the data above. Without them, these are just base data points lacking context and understanding. The only thing we do know for sure is that attacks are rising.