As I mentioned in yesterday’s blog, we still keep hearing of attacks almost every day.  There does not go by a day where we do not hear about this being hacked into, that being broken into, etc.  I think the worst of the news came when some 8 million PII records were hacked into somewhere and stolen. 

And of course, there are those countless stories of where malicious apps are being uploaded onto Google Play (not so much for iTunes, as Apple has a much stricter set of policies than Google when it comes to uploading mobile apps).

But as the Cybersecurity industry takes notes of these headlines, one keeps wondering, just where does the United States stand as a country in terms of hacks, attacks, theft, breaches, you name it?  Well, this morning, we more or less have the answer to that question.  A Cybersecurity firm known as “Webroot” just conducted a survey into this, by polling 10,000 Americans total (200 from each state).  Here is what they found:

The 5 Riskiest states in terms of being hit by a Cyberattack are:






The 5 Least Risky states in terms of being hit by a Cyberattack are:




*North Dakota

*New Hampshire

So, there you have it, the states in which you need to be cognizant of where you travel to, and those in which you can feel moderately safe in.  But of course, all of this should be taken with a grain of salt, because what exactly constitutes a “safe” or “risky” state was not disclosed.  But, by just taking a cursory glance at this, I am quite surprised to see some of the southern states, and especially California, ranked as unsafe states. 

I have interviewed C-Level execs from some of the top Cybersecurity firms from these places, that is why it surprises to me some extent.  You would think California would be amongst one of the safest states, given all of the Cybersecurity companies that exist in the Bay area.

This survey took even further steps to see if the American population really understands what a Cyberattack means.  Unfortunately, they do not, and here is what they found:

*9% of Americans have heard of malware, but only 28% could explain what it is.

*70% of Americans have heard of phishing, but only 33% could explain what it is.

*49% of Americans have heard of ransomware, but only 21% could explain what it is.


So, what does this mean?  It simply translates down to this:  The media is doing a great job of making Americans aware of what is happening out there, but the Cybersecurity industry is doing a very poor job of educating the average consumer of what all of this means.  A few months ago, the RSA Conference was held, and according to some of the people that I know who attended, it was pretty much all the same talk. 

In other words, there were over 2,000 exhibitors, but all of them kept saying the same thing, but in a different way.  They are just trying to build a better mouse trap so that they can stay ahead of the competition. 

Nobody is taking the time to take all of this techno jargon out and just simply communicate how we can better protect ourselves.  There is so much “noise” in the industry that it is hard to filter out what is real and what is not.

Just as a shameless plugin for myself, this is the goal of my new quarterly newsletter.  In it, I cover the Cyberthreat landscape (like what has specifically occurred), and real-world tips as to how you can protect yourself from these threats.  Last quarter’s issue was about Mobile Threats, and this quarter will be about Phishing.  My goal here is to take out all of this techno jargon and help you understand what is exactly going on.

Worst yet, the survey found that Americans, when compared to other populations around the world, rank amongst the worst in terms of maintaining good levels of what is known as “Cyber Hygiene”.  Here are the findings:

*64% of participants don’t keep their social media accounts private.

*63% of participants reuse passwords across multiple accounts.

*62% of participants rely on a free antivirus software.


To be honest, I too have to claim that I do not maintain high levels of Cyber Hygiene myself, and we have to be more understanding with these kinds of results.  What is the reason for this?  Well, let’s face it.  We are all creatures of habit.  We hate change, even when we know that change will be better in the end.  But really, who wants to create all of these long and crazy passwords that nobody can remember?  I for one don’t. 

I won’t disclose the ways in which my Cyber Hygiene is poor and could be improved upon.  But there are alternatives out there, such as using Password Managers.  These are software applications that let you store your passwords, create long and complex ones, and even reset them for you when the time comes. 

But the caveat to this is that you need a password in order to log into your Password Manager.  So, this begs the question:  What if this password is stolen, then what do you do?  Well, I would say that all of your passwords are can now be hijacked, thus defeating the entire purpose of a Password Manager.  In this regard, Biometrics would be a great option to use – such as your Iris or Fingerprint.  After all, they are unique to everybody on the planet, and they cannot be lost or stolen!

But there is no excuse for the last part, making use of free antivirus software.  Yes, we all are on a budget, but with free downloads, you never know what they exactly contain.  More than likely, they will probably contain malware of some sort. 

Antivirus software is very affordable these days, and you will have the assurances that you will be downloading them from an authentic and genuine source (this is assuming of course that their website has not been spoofed in any way).

Finally, the survey did look at those very few Americans (the 5% of them) who claim to have great levels of “Cyber Hygiene”, and here is what they found:

*Backing up data using multiple methods (online and offline).

*Investing in a reliable, modern-antivirus solution, and keeping it up to date.

*Using a secure password manager.

Of course, backing up data is very important, and out of all the excuses to make, there is no reason for this.  There are plenty of back up and storage options that are available, some are free, and some have a cost.  Just keep in mind to be careful what you use, as you get what you pay for. 

Go with a reputable brand, such as Dropbox, or even Microsoft Azure or the AWS.  If you already have a Cloud provider, more than likely, they already will have provided you with some back up and storage options.  You should ask them about that.

Finally, I remember having this one conversation with a potential client:  Here in America, we live in a very reactive society.  In other words, we don’t want to take any proactive steps until we are hit with something.  When this happens, it may be just too late. So why not just start with the simple things, such as backing up your data and using (not free) anti-virus software for your computer?

Remember, it is the baby steps that we take now that will pay dividends in the long term.  In other words, there I no need to take a sledgehammer to fight off the Cyberattacker, start with a hammer first.  More details about this study can be seen at the link here: