90%. That’s nine zero. I couldn’t believe it at first, but the more I read the report the more this number made sense. The main reason retailers are attacked in such amounts is because of us — customers.
In the era of Amazon and 1 day deliveries, we are getting increasingly impatient about waiting — be it in a queue or while a website is loading.
Numerous articles have been written on the importance of reducing friction for customers such as improving website load times.
Thus, while we strive to make the web faster and more user friendly we are also inevitably making it more criminal friendly. Such studies make a website focus on the immediate problem — getting users to their website as fast as possible and making the number of steps necessary to make an action as little as possible.
Therefore, most websites are unwilling to introduce additional security measures that increase friction for a user. However, by omitting things like 2 factor authentication (2FA), not enforcing strong passwords, allowing to use passwords that have already been reported as compromised (this point was also mentioned in the 2017 study by NIST), etc., businesses compromise the trust of billions of people. The latter
This is called a Personally Identifiable Information or PII.
With PII a hacker could then, for example, completely takeover your phone company’s account. Watch this video on how easily Vishing (phishing via phone) can be performed:
What should we do?
There are many things to consider and it might feel overwhelming. I get it. However, to quote the Shape Security report, it’s a “collective defense” that is required for the good guys to stand up against the bad guys. We can’t be passive. Not anymore considering that cyber-crimes affect all countries.
Politics are shaped, elections tampered with, military blueprints and classified information leaked, your family’s photos used, people fleeing dictatorships discovered, your car hacked.
Please follow your company’s security policies to not become an accidental attacker. I know it’s frustrating and sometimes feels redundant. However, in a 2015 Cyber Security Intelligence Report IBM study shows that 55% of attackers are insiders. From those 23.5% are people with no intention to harm the company e.g. they lose their company laptop.
If you liked this article and would like to hear more in detail about this topic or get more tips, feel free to share that in the comments.
Also, I suggest that you check if a website, your email or password have been compromised via the links below.