On January 7, we published a press release to share our five predictions for cybersecurity in 2025. Over the next few weeks, we’ll publish a blog series that provides additional commentary on each prediction. This is the first blog in the series. 

Prediction Key Takeaways:

  • Neglecting personal cybersecurity practices can lead to actual physical harm for individuals and their loved ones, as malicious actors exploit identifying information for harassment and attacks.
  • Social media, weak account security, and data brokers are key sources of vulnerability, making robust cyber hygiene essential to prevent doxxing, swatting, and other forms of digital and physical threats.

Poor personal cybersecurity practices may harm a person’s digital life and put them and their loved ones in real physical harm. Malicious actors may collect identifying information about their target, and the outcomes can range from harassment campaigns to physical harm.

It’s why cyber hygiene should be taken seriously, as these cyberattacks can happen to anyone.

Take doxxing attacks, for example. Doxxing is when personally identifying information about a particular individual is publicly published, often with malicious intent. 

The personal identifiable information (PII) included in doxxing attacks often involves a target’s home address. If this person is a well-known, high-net-worth individual, this public information could be used to harass them where they live, and could include outcomes such as them falling victim to a home robbery, or worse.

Doxxing impacts more people than you’d likely think. A study from SafeHome.org found roughly 4% of Americans said they’ve been victims of a doxxing attack, which translated to around 11 million people. Around 1 in 4 respondents said the person behind the attack shared photos and videos online, and 1 in 5 said personal information about their families was shared.

Social Media: how to use it safely - NCSC.GOV.UKBad actors can obtain this information from various sources. Social media can be a goldmine for anyone who wishes to target a particular person. A public profile that contains information about where a person lives, works, and goes on vacation could give a malicious individual all they need to stalk, harass, and potentially attack a high-net-worth public figure.

Social media channels can be controlled by setting an account to private, adjusting privacy and security settings, and refraining from sharing location information in any posts.

Bad actors will look at other avenues, such as poorly secured accounts and vulnerable devices. Online accounts often ask for home addresses and other PII. If weak passwords protect the login credentials for these accounts, bad actors may be able to crack them and obtain what they want. 

If a person’s smartphone hasn’t been updated in some time, they may not be protected by the latest security patches. Again, a motivated individual could exploit those vulnerabilities and compromise the device, giving them access to personal information, including home addresses and work information.

Strong passwords and multifactor authentication (MFA) can adequately protect online accounts to stop this line of attack, and downloading security updates as soon as possible will keep your devices secure. These are easy measures to implement, and ignoring them could result in location information falling into the wrong hands, which could put someone at risk for actual, physical harm.

Other resources are trickier to tackle.

Data brokers are another place where bad actors can obtain personally identifiable information. Data brokers are companies that collect information from internet users, and they often do so through legal means, such as scraping social media profiles and public records.

The data broker industry is a lucrative business, expected to reach a market size of $433 billion in 2025. While data brokers are often used for marketing campaigns, bad actors could easily purchase this data to learn where an individual works and resides. 

Data brokers allow individuals to send in opt-out requests to have their information taken from their sites. Unfortunately, a lack of regulation means some data brokers will ultimately relist the information 

after a set number of days.

Digital safety translates to physical safety if the proper care is taken. When it is ignored, the ramifications can be severe.

One type of attack that has become all too common is swatting. Swatting is when a phony emergency call is made against an individual, accusing them of a serious cri

me. The goal is to trick law enforcement into raiding the target’s home, which can result in emotional distress, financial losses, and loss of reputation.

It’s naive to think it cannot happen to anyone. Swatting has become commonplace enough for the FBI to set up a national database to track and prevent attacks.

Swatting and other types of harassment campaigns can be incredibly damaging for high-net worth individuals and their loved ones. If a malicious individual is motivated enough, they can cause a great deal of harm to

their target, ranging from property theft to physical damage and possibly even a loss of life.

The stakes are significant, but the methods to tackle them are, for the most part, easy to implement. The likelihood of these types of incidents declining in 2025 is minimal. Thus, anyone with a digital presence must take the steps necessary to protect themselves before being targeted.

 

Stay tuned for our next prediction!

We also have a webinar coming up on January 23 to discuss our predictions live with industry experts. Register now to attend.