Defensive Computing

By Sam Heuck 2025-12-18

In today's digital landscape, cybersecurity is no longer just an IT concern — it's a fundamental skill for everyone. Much like defensive driving helps you navigate roads safely by anticipating risks, defensive computing is a mindset that helps you navigate the digital world. This guide provides practical strategies for protecting yourself and your organization from cyber threats in 2026.

Ransomware

From Hackers to Cybercriminals: Understanding the Threat

The term "hacker" once conjured images of curious teenagers exploring computer systems for fun. Today we are dealing with cybercriminals — organized crime syndicates operating as sophisticated businesses.

Consider Evil Corp, a cybercriminal organization accused of stealing approximately $300 million over nearly a decade of organized cyber-crime. To put this in perspective, Al Capone's Chicago Outfit earned an estimated $85 million per year in 1920s dollars — equivalent to over $1 billion in today's money. Cybercrime has become nearly as lucrative as the most notorious criminal enterprises in history.

How Cybercriminals Make Money

1. Ransomware

Cybercriminals hold your critical technology hostage, encrypting your files and demanding payment for the decryption key. This has become one of the most profitable cybercrime models.

2. Selling Private Data

Stolen information — particularly medical records and personal financial data — is sold on black markets. This data can be used for identity theft or fraud, or sold to other criminals.

3. Selling Destruction

Criminals use your computer to launch attacks on others. Your compromised systems become part of a botnet, attacking other targets as a service.

4. Cons and Scams

The oldest trick in the book: tricking you into voluntarily sending them money through social engineering and deception.

Cultivating a Defensive Mindset

Like defensive driving, defensive computing is fundamentally a mindset. Here are the core principles:

  • Knowledge is power: Know what threats to watch for
  • When in doubt, confirm identity: Always verify who you're dealing with
  • Pause and think before you click: A moment of reflection can prevent disaster
  • Teamwork makes the dream work: Share information about threats with colleagues and family
  • Seek to be UN-confused: If something doesn't make sense, stop and investigate

Remember, cyber threats are constant—like the weather. Tools like Fortinet's Threat Map show real-time cyber attacks happening globally. Awareness of this ongoing threat landscape is the first step in protection.

Understanding Common Threat Vectors

The FBI reports that Conti, an active cyber-criminal gang, gains access to victim networks through:

  • Malicious email links
  • Malicious attachments
  • Stolen passwords
  • Microsoft Office documents with embedded computer code

These attack vectors haven't changed dramatically because they continue to work. Let's explore how to defend against each.

Password Security: Your First Line of Defense

What Makes a Good Password?

Strong passwords are:

  • Long (at least 16 characters)
  • Unique to each account, not re-used
  • Complex (mixing letters, numbers, and symbols)
  • Unpredictable (not based on personal information)

Password Managers

Remembering dozens of strong, unique passwords is impossible. Password managers solve this by:

  • Generating strong, random passwords
  • Storing them securely with encryption
  • Auto-filling login forms
  • Syncing across devices

Using 1Password (or another password manager) is one of the best security investments you can make.

Multi-Factor Authentication (MFA)

MFA adds an extra layer of security beyond your password. Even if criminals steal your password, they can't access your account without the second factor. Always enable MFA when available.

Passkeys

Passkeys are a new type of authentication key, adding protection by requiring you to authenticate using a trusted device or password manager before you can log in to a website. Passkeys are not yet universal, and every service implements them a little differently. For now, strong password + 2-factor is still the most common and reliable method.

Email Security: The Primary Attack Vector

Email remains the most common way cybercriminals gain initial access to systems.

Recognizing Scams and Cons

Scams typically leverage two psychological triggers:

  1. Urgency: "Act now or lose access to your account!"
  2. Authority: Messages appearing to come from executives, IT departments, or government agencies

When you encounter urgency and authority together, be especially suspicious.

  • Clicking on a malicious link is enough to compromise your computer. Links can exploit browser vulnerabilities or direct you to phishing sites.
  • Opening an attachment can install and run malicious code without any additional action on your part.

Email Security Best Practices

  • Never share passwords or codes via email or text message
  • If you get an request you aren't expecting, verify it is legitimate by reaching out to the sender
  • Hover over links to preview the actual URL before clicking
  • Be wary of unexpected attachments, even from known senders

Ransomware: Preparation is Everything

Your level of preparation determines the impact:

  • Unprepared: Ransomware is extremely damaging, potentially crippling your business or destroying irreplaceable files
  • Prepared: Ransomware becomes a minor inconvenience. With a reliable backup system you can ignore the ransom threat, restore from backups, and all you lose is a few hours of time.

Robust Backup Systems

For backup strategy, follow the 3-2-1 Backup Rule:

  • 3 copies of your data
  • On 2 different devices
  • With 1 copy stored off-site

Even if ransomware encrypts your primary system and local backups, you can restore from an off-site backup.

Make sure to test your backup strategy, to make sure you can restore quickly if needed.

Real-World Case Studies

Case Study: Twitter 2020 - Phishing and Social Engineering

In July 2020, a combination of phishing and social engineering led to one of Twitter's most significant breaches:

  1. Attackers created a fake website resembling an internal company website
  2. Posing as help desk staff, threat actors called Twitter employees
  3. They directed employees to submit their credentials to the fake website
  4. Using these credentials, attackers seized control of high-profile accounts (Barack Obama, Elon Musk, Joe Biden, Apple Inc.)
  5. They posted cryptocurrency scams, collecting over $100,000.

Defense: You can prevent this attack by:

  • Requiring multi-factor authentication
  • Instructing employees to hang up on unexpected calls and call back to the real help desk

Case Study: Colonial Pipeline - The Cost of Weak Passwords

In May 2021, a weak password led to one of America's most significant infrastructure attacks:

  1. Cybercriminals purchased an employee's personal password from the black market
  2. The same password granted access to computers controlling critical infrastructure
  3. Ransomware was installed, locking the company out of their own systems
  4. Colonial Pipeline paid $4.4 million to unlock their systems
  5. The attack caused fuel shortages across the southeastern United States

Defense: You can prevent this attack with:

  • Long passwords unique to each account
  • Multi-factor authentication
  • Reliable backup systems

Case Study: 2025 NodeJS Supply Chain Attack - The Ripple Effect

In early 2025, a phishing email led to a supply chain attack affecting millions:

  1. A software developer maintaining dozens of popular code libraries responded to a phishing email
  2. The threat actor used the compromised account to inject malicious code into libraries downloaded 2 billion times per week
  3. This malicious code stole passwords and cryptocurrency from software developers worldwide

Defense: You can prevent this attack by:

  • Keeping software updated
  • Checking email headers before you click or download anything
  • If an email directs you to log in to a website, log in by typing the website into a browser

Conclusion

Cybercriminals operate as businesses because crime pays, but by adopting a defensive mindset and following security best practices, you can dramatically reduce your risk.

Remember that cybersecurity is like the weather — constantly present and ever-changing. With knowledge and preparation, you can prevent most attacks and minimize the impact of any that do occur.

Resources and References