would be interested hearing from others regarding a prioritized list on cybersecurity changes\improvements.
upon review, i was shocked to find that vanguard, my bank, nor my credit card supports totp authenticator.then i learned many financial institutions still rely on sms and\or email 1-time codes for 2fa in case of suspicious activity.
since 95% of my secure access is via flavors of linux, i have most /etc/hosts and browser improvements covered, except for flaky yubikey support. i am not convinced free vpn is safe, and unfortunately still rely on windows during tax time.
why the sudden panic? i see 2 major trends converging:A.1
the exponential global growth of criminal b2b crypto.
crypto normalization is being solidified by grifty politicians and institutional transaction toll takers. the volume, notional value, and increasing # of participants will greatly increase the attack surface, attracting more cybercriminals in general.
A.2
crypto fraud can be detected and even attributed, but impossible to reverse by 3rd-party on the blockchain. even if one is directly staying away from crypto, some of your institutions\funds may not be.
the largest single cypto heist has broken the $1b ceiling, and climbing for certain :
B. trump has capitulated to russia in fin cyberspace.
since the ukraine invasion, russia stayed busy playing defense against coordinated western cyberattacks, which resulted in greatly throttled ransomware cases. russia is historically in the top 3 for state-sponsored financial cybercrime, and now war financing may accelerate that beyond business-as-usual.
in other words, if we individuals are not spending time&money maximizing our own security, don't rely on shields from uncle sam keeping pace. this is a rare case where i take trump at his word, and extrapolate :
"I would not protect you...In fact, I would encourage them[russia] to do whatever the hell they want. You got to pay. You got to pay your bills."
