When someone says Cyber Security or hacking, most people will associate it with countless monitors showing world maps, active green texts running down the screen, a bunch of graphical representations that show what percentage of "hacking" is complete, and a hooded guy ready to shout "I'm IN" to announce his success.
The Reality of Hacking
Most people don't realize that "hacking" isn't always complicated, but it doesn't have to be. With technologies improving over time, security is also hardening with it. The vulnerabilities that would have wreaked havoc on the 2000s can now do nothing (at least if you are not using the ancient relic itself instead of modern devices).
So, why are massive breaches still a thing? The answer to that is due to the people using the technologies. Even though technology has come far (not perfect, but far better than it used to be), people using them are still the same.
Hackers target the users instead of directly attacking the underlying technologies. As it's more profitable and easier than going through the massive application to find out the flaws in the hope of exploiting it to gain something.
Even though many people are informed about the dangers of the internet, people still completely disregard such things. So for attackers, it's just a game of number and time. They will use the same tactics repeatedly until someone gullible falls into their trap.
Why is Security Hard Anyway?
The average person will have signed up for at least 10 internet services. Now, according to security standards, you will have to think of a password that is 16+ characters containing a bunch of numbers, uppercase and lower case letters, and special characters which shouldn't be in a dictionary if possible.
It might be okay to come up with something like that once, but the person will have to do it 9 more times. Why? Because reusing passwords for different services is also considered a bad practice.
The same thing with 2FA (Two Factor Authentication) and MFA (Multi-Factor Authentication). Why bother with these extra steps when you just want to watch the video of a cat messing something up at the end of the day? So instead of complying with the security standard, they do whatever is convenient for them, which means using the same low-character password everywhere.
Very Wide Scope for the Attackers
With technological advancement, a household has far too many "smart" devices. There are now talking fridges and toasters connected to the internet for whatever reason.
People buy them for novelty reasons but don't realize that these kinds of stuff are not made with security in mind. So hackers often exploit these devices and use them as a foothold for later operations.
Owning multiple phones and laptops doesn't help with the cause either. You are just making the casting net of the attackers wider. But who cares, right? Watching movies on one device and snap-chatting on another is too much to give up.
Not Everyone Is Tech-Savvy
Most breaches usually happen because someone is unaware of the consequences of clicking on simple links. They will download, install, or click on anything. They will have new devices running as slow as 80s devices with bleeping noises coming out of nowhere, but they still couldn't care less about it.
These people are often targeted by malicious attackers, who are easier to deceive than someone with even a little computer knowledge.
Why Security Shouldn't Be Difficult
Security Is Designed to Be Inconvenient
Security measures may be cumbersome and inconvenient, but they were designed to be inconvenient. Think of it like this: even if you, with all the right information and tools, find it inconvenient, how will the attacker who is actually just shooting in the dark feel about it?
Some services like password managers nowadays will remember long passwords and use them when needed. It's hard to achieve perfect security, but we can all do our part to slow down the attackers.
Think Before You Buy "Smart" Devices
You might want to show off the talking fridge and toaster to your friend, but before you buy it think is it really worth the security risk that comes with it? Sure some smart devices are worth having, i.e. thermostats, CCTV systems, etc.
But make sure the stuff you buy is from a reputable company. If you buy cheap smart products, you only harm yourself with them.
Educate or Help the People Who Are Not Tech-Savvy
You don't need to be an expert to tell someone the dangers of the internet. There are fun ways to learn the importance of security, i.e. through games, animated videos, etc.
If some elderly from your family uses a device connected to the internet, you can install anti-virus/anti-malware software, ad blockers, and blacklist known sites infected with viruses.
There are countless more reasons why achieving security is hard, and it would be hard to include all of them in a single article such as this.
But the bottom line is security isn't always about developing an exploit for technologies, and security isn't only the responsibility of the people involved in "IT". Anyone using devices connected to the internet should do their part for their own and others' safety.
Thank you for reading, please subscribe to the blog with the button below.