Yesterday, we witnessed a classic example of digital panic: a story initially published by Forbes about an alleged leak of 16 billion accounts spread across news agencies and social media like wildfire. People and even entire newsrooms rushed to repost the “sensation” without performing basic fact-checking. It quickly emerged that the news was a dud, based on outdated and long-known data.
This case clearly illustrates a phenomenon that anthropologists call “cheap concern”.
What is “cheap concern”?
Imagine receiving a message on Messenger: “Attention, parents! Warn your kids not to accept gum from strangers on the street—it could contain drugs! Forward this to everyone!” Your first reaction is to forward it to the parents’ chat. You made virtually no effort, didn’t verify the information, but you feel you’ve done something useful, protecting someone’s child.
This is precisely “cheap concern.” It’s the illusion of help—a way to feel responsible and involved without investing real resources such as time, money, or expertise. The problem is that this kind of “concern” isn’t merely useless; it’s dangerous.
From Innocent Sharing to Real Threats
At first glance, what’s wrong with sharing a warning? At best, you’re mistaken. At worst, you become a tool for cybercriminals.
Mass panic triggered by a fake report of a massive data breach provides perfect cover for real attacks. Imagine hundreds of thousands—if not millions—of panicked users simultaneously rushing to government websites, banking apps, and other critical services to change their passwords.
This surge of traffic creates ideal conditions, such as:
- Masking a DDoS attack: Amid legitimate requests from panicked users, it’s very easy to hide a distributed denial-of-service attack, making it difficult for protective systems to differentiate real users from bots.
- Creating a user-generated DDoS attack: An exponential spike in traffic from real users alone can knock servers offline, achieving cybercriminals’ goals without their direct involvement.
Thus, good intentions become weaponized.
“Waiting for disaster”: A Harmful Security Practice
Let’s draw a simple analogy. You wouldn’t drive around with your gas tank nearly empty, ignoring the fuel indicator, only to panic and rush to the gas station after hearing on the radio that gas prices will rise tomorrow. A responsible driver refuels on time.
So why do many act differently regarding digital security? Instead of systematically building protection, they wait for a “sensational” news story before reacting chaotically in panic.
Cybersecurity and digital hygiene best practices have long provided solutions for most threats. Experts have advocated fundamental protective measures for decades. Even if yesterday’s leak had been genuine, a well-prepared user or organization wouldn’t have faced catastrophe.
Real Protection, Not Panic
Genuine concern for your security isn’t sharing alarming news; it involves conscious, systematic action. Here’s what truly protects against leaks—both real and fictional:
- Multi-Factor Authentication (MFA): Implementing modern MFA solutions (e.g., Cisco DUO) is standard hygiene. Even if your password is compromised, attackers can’t access your account without the second factor.
- Password Managers: They generate and store unique, complex passwords for each service. If a breach occurs on one site, your other accounts remain secure.
- Advanced Identity and Access Management (IAM): In corporate environments, IAM systems centrally manage who can access which resources, minimizing unauthorized access risks.
Conclusion: Plan for Security, Not Panic
Buying and implementing security solutions isn’t a task you should postpone. It must be planned and executed ahead of time—just as you’d plan a budget or business strategy.
While responding to threats is necessary, reactions should be strategically guided rather than panic-driven by “cheap concern.” Build your protection systematically, and no news about data breaches will catch you off guard.
Author: Alexey Shulenkov (Cybersecurity Solutions Consultant, DAAC digital)
For more detailed information on our cybersecurity solutions, please visit our dedicated page: Cybersecurity.
