Color of Money: What you don't know about cybersecurity can cost you
WASHINGTON -- You know the screams you hear when watching a horror movie in a theater?
That's what I want to let out every time there's another data breach. And I'm not alone.
"We're really scared," wrote readers Ellen and David, who are still scrambling for a feeling of security after the massive Equifax breach that left 145.5 million consumer files compromised. Last week, Yahoo announced that its own breach in 2013 affected all 3 billion of its users.
These terrifying tales sent me looking for a book I had been meaning to read for quite some time. My former Washington Post colleague Brian Krebs left the newspaper in 2009 to dedicate himself to a blog on cybersecurity: KrebsOnSecurity.com. Out of his work and research came "Spam Nation: The Inside Story of Organized Cybercrime -- From Global Epidemic to Your Front Door."
The book is this month's Color of Money Book Club selection.
But can I be honest?
I read the first few chapters and set the book down. I could sense it making me so paranoid and furious that I didn't want to read any further.
Did I really want to dive deep into the underworld of cybercriminals who have become masterful in identity theft?
Why do I need to know how my personal information is stolen? I just want the hacks and heists to stop. I want the companies that collect my information to do their job and protect my data.
But Krebs has made a background believer out of me.
Our passivity and procrastination in doing what we need to do to prevent identity theft help the crooks.
"The internet of today is truly a transformative communications and learning tool that radically enriches the lives of billions each day," Krebs writes. "Yet, never before in the history of the internet has this medium been more fraught with snares and ne'er-do-wells looking to fleece the unwary. You may not understand the value of your computer, your internet connection, your inbox, or your digital files, but I guarantee you the bad guys do, and they've become quite adept at extracting full value from these digital assets."
What we don't know can cost us money and, just as importantly, can leave us feeling vulnerable and scared.
One thing I didn't know: Spam is still the main villain. It's the doorway many cybercriminals use to get your information and gain access into company systems.
With our spam filters and the constant drilling to not open suspicious emails, we've been lulled into a false sense of security, Krebs says.
A lot of people still fall victim to malicious emails on which dangerous software rides piggyback. And do you feel safe about your anti-virus and anti-spam defenses?
"The spam ecosystem is a constantly evolving technological and sociological crime machine that feeds on itself," writes Krebs. "Thus far, the criminals responsible for unleashing this daily glut of digital disease are doing a stupendous job of overwhelming the security industry."
Here is a scary statistic from cybersecurity giant McAfee's most recent threat report: In the first quarter of this year, there were 244 new cyberthreats every minute, or more than four every second.
Another chilling finding from the report: Ransomware, which is mostly spread through spam, grew by 59 percent in the last four quarters. This is when a hacker locks you out of your computer by encrypting your files and demands payment to give you access to your own data.
Krebs spends a lot of time introducing the major and minor spam players. It's like a Jason Bourne movie but with criminals who don't shoot at folks (well, some do). They instead fire out malicious spam infecting tens of millions of computers and, as a result, rake in millions of dollars.
Waiting for you at the end of the book is a very resourceful chapter on how to protect yourself. You'll be safer following Krebs' three rules for online security:
-- Rule No. 1: "If you didn't go looking for it, don't install it."
-- Rule No. 2: "If you installed it, update it."
-- Rule No. 3: "If you no longer need it, remove it."
Even if you don't buy "Spam Nation," make Krebs' blog regular reading. His reporting will frighten you. It does me. But as he writes, "those who endeavor to remain blissfully unaware of their role in becoming part of the solution will almost invariably end up becoming part of the problem."
I'm hosting an online discussion about "Spam Nation" at noon Eastern time on Nov. 2 at washingtonpost.com/discussions. Krebs will join me to answer your cybersecurity questions.
Readers can write to Michelle Singletary c/o The Washington Post, 1301 K St., N.W., Washington, D.C. 20071. Her email address is email@example.com. Follow her on Twitter (@SingletaryM) or Facebook (www.facebook.com/MichelleSingletary). Comments and questions are welcome, but due to the volume of mail, personal responses may not be possible. Please also note comments or questions may be used in a future column, with the writer's name, unless a specific request to do otherwise is indicated.
(c) 2017, Washington Post Writers Group