Common Cybersecurity Risks and How to Avoid Them

Cybersecurity risks are not evenly distributed. A small number of attack types account for the vast majority of successful compromises affecting individuals and small organisations. Understanding these specific risks — what they are, how they work, and what actually mitigates them — is more useful than a general sense of unease about "hacking."

Credential theft and account takeover

The most common way accounts are compromised is not through sophisticated hacking — it is through stolen or guessed passwords. Credentials are leaked in data breaches at a rate of billions per year, and attackers systematically test leaked username/password combinations against major platforms (a technique called credential stuffing).

Mitigation: Use a unique, randomly generated password for every account — managed by a password manager. Enable two-factor authentication. Check whether your email address has appeared in known breaches at haveibeenpwned.com.

Phishing

Phishing attacks trick users into revealing credentials, installing malware, or authorising fraudulent transactions by impersonating trusted entities. Modern phishing is sophisticated — attackers clone legitimate login pages pixel-for-pixel, spoof sender addresses convincingly, and increasingly use AI to personalise messages using data scraped from social media.

Mitigation: Verify the URL before entering credentials — not just the domain name but the exact subdomain and path. Prefer hardware security keys (FIDO2/WebAuthn) for 2FA where available, as these are phishing-resistant by design. Be sceptical of any communication creating urgency around login, payment, or account verification.

Malware and ransomware

Malware reaches devices through malicious downloads, email attachments, compromised websites, and software supply-chain attacks (legitimate software that has been tampered with). Ransomware encrypts your files and demands payment for the decryption key — it has become increasingly common against individuals as well as organisations.

Mitigation: Keep all software updated. Download software only from official sources. Do not open email attachments from unexpected senders. Maintain encrypted, offline backups of important files — ransomware cannot encrypt a drive that is not connected. A hardened OS (GrapheneOS on mobile, Linux on desktop) significantly reduces the attack surface compared to Windows or standard Android.

Man-in-the-middle attacks on public Wi-Fi

On unencrypted public Wi-Fi, an attacker positioned between you and the router can intercept traffic, inject malicious content into pages, and steal session tokens from authenticated sessions. The attack is practical with inexpensive, widely available equipment.

Mitigation: Never use public Wi-Fi without a VPN. A VPN creates an encrypted tunnel between your device and the VPN server, making your traffic opaque to anyone on the local network. If a VPN is not available, restrict activity on public Wi-Fi to content you would not mind being observed.

SIM-swap attacks

A SIM-swap attack involves convincing your mobile network operator — through social engineering or insider access — to transfer your phone number to a SIM controlled by the attacker. Once they control your number, they receive your SMS two-factor codes and can reset passwords on any account associated with that number.

Mitigation: Replace SMS 2FA with app-based authenticator codes (Aegis, Raivo, Bitwarden) wherever possible. These are not tied to your phone number and cannot be intercepted via SIM-swap. For accounts where SMS is the only option, contact your carrier and request a SIM-lock or additional authentication requirement for any SIM change requests.

Device loss and theft

Physical access to an unlocked device gives an attacker immediate access to everything on it — emails, banking apps, password manager, authentication codes. An unlocked phone or laptop left unattended is a significant security event.

Mitigation: Enable full-disk encryption on all devices (standard on modern iPhones; requires configuration on Android and most laptops). Use a strong screen lock — at least 6 digits, or a passphrase. Enable remote wipe capability. The Norypt Pixel Secure running GrapheneOS includes auto-reboot and a duress password that triggers a full wipe when entered — both unavailable on stock Android or iPhone. For border crossings and high-risk physical situations, see Physical Device Security.

Supply chain attacks

Supply chain attacks compromise software or hardware before it reaches you — by tampering with a software package, compromising a developer's machine, or modifying hardware at the manufacturing or shipping stage. These are difficult to detect and affect technically sophisticated users as much as anyone else.

Mitigation: Download software from official sources and verify cryptographic signatures where provided. For hardware, prefer vendors who provide documentation of their configuration process and tamper-evident packaging. Every Norypt device ships in tamper-evident packaging with documentation of what was installed and how.

Unpatched software

The majority of successful attacks exploit vulnerabilities that have already been publicly disclosed and patched — but not yet applied to the target system. Attackers maintain lists of known vulnerabilities and actively scan for unpatched systems. Running outdated software is one of the most reliable predictors of compromise.

Mitigation: Enable automatic updates for your operating system and all installed applications. Treat security updates as urgent. Retire devices and software that no longer receive security updates — the cost of replacement is far lower than the cost of a breach.

A note on realistic threat assessment

Not all risks apply equally to all people. Most individuals face credential stuffing, phishing, malware, and opportunistic physical theft. The mitigations are well-understood. Start with the fundamentals — password manager, 2FA, software updates, encrypted devices — before worrying about exotic threats. See the threat modelling guide for a framework for your specific situation.

If you want hardware that handles the security layer for you: the Norypt Pixel Secure ships with GrapheneOS pre-configured (auto-reboot, duress wipe, per-app firewall). The Norypt Secure Laptop comes with full-disk LUKS encryption and a hardened OS. The Norypt Privacy Router blocks malicious domains and routes traffic through a VPN across your entire network.