According to a recent Pew poll, American users are more afraid of "cyber attacks" than world-impacting threats, like nuclear weapons. Granted, you are more likely to get your credit card number stolen than someone is likely to push the big, red nuclear button of doom, but that's like being more afraid of being pick-pocketed than being beaten to a pulp and robbed when you go to a big city. Getting your wallet or credit card number stolen can be a big deal, especially the first time, but it's more on the annoyance level of threat than loss of life or limb level of threat.

 

 

What is a "cyber attack" (according to popular opinion)?

 

 

Unshockingly enough, Hollywood and mass media have a lot more to do with this fear of hackers than reality does. People seem to think that rogue (or government sponsored) hackers can ruin their lives (sort of true), bring down power grids (not likely), and start WWIII by hacking missile launch or guidance systems (thanks, Hollywood).

 

The first thing most people think of when they hear they've been hacked is usually something to do with their bank accounts or credit cards. This is common enough that financial institutions have a set of guidelines already in place to deal with unusual credit card or account activity. If you're afraid someone is going to drain your accounts, that's more difficult than you think. Since banks don't like to lose customers or money, they usually put some kind of hold on large amounts of money being transferred around. There are also federal regulations on the movement of large amounts of money.

 

Financial ruin? Unlikely.

 

Now there are other attacks that are more likely to harm individuals, though generally not physically. Facebook accounts and other social media accounts can be hacked and used to ruin people's reputation. Hackers can post personal information of others and release the full might of Internet trolls and bullies (which generally include death and other unsavory threats).  They can also upload private pictures or doctored pictures to sites and ruin someone's reputation enough that they'll be unable to get a job in their chosen field. These kinds of attacks are less reported in the media and significantly more difficult to recover from.

 

Life ruining? Possibly. Do people think of this when "cyber attack" comes up? Probably not.

 

Getting into the more dramatic, high-profile, high-damage ideas of hackers, losing infrastructure or missiles to cyber attacks is not particularly likely. Squirrels, tree limbs, and Mother Nature are more likely to cause a black out than hackers. As far as death and destruction from missiles or nuclear weapons, well, I haven't heard of any confirmed (or unconfirmed) death from a cyber attack. Cyber attacks can certainly cause damage (aka, Stuxnet), but they don't have the massive loss of life or property damage that most people seem to fear.

 

Death via hacker? Nope. Get me my self-driving car, and then we'll talk.

 

 

Why are we afraid?

 

 

There's a lot of hype around "cyber" threats that stem from popular media and ignorance. Computers have become widespread enough that everyone can relate to "cyber" dangers in movies or television, but only people in our industry seem to realize how much these fictionalized attacks are either widely exaggerated or just wrong based on current technology. News stories also get a lot wrong when reporting security breaches. It doesn't help that there are companies designed to take advantage of these fears and spread computer security misinformation to drum up more business. Few people are taught basic information security, so they make poor security choices and unreasonably fear attacks.

 

For a real-world example of how non-IT folks interpret the news based on how they think cyber attacks work, my mother is very concerned about me purchasing things online due to the Target credit card breach. I can't seem to convince her that the Target breach has nothing to do with how I shop online and that she really doesn't need to worry about that. She sees "credit cards hacked" and then associates that with online shopping when it has nothing (or at least very little) to do with online shopping, especially online shopping at non-Target stores.

 

 

Simple preventative measures

 

 

If only we could get everyone to attend a short information security class... Really, the easiest and most effective way of preventing the feared "cyber attack" is probably basic information security. Things like using strong passwords or pass phrases, cycling your password, not keeping lists of your passwords, and not clicking on strange links are the most likely steps to take to prevent security breaches.