It's institutions, companies, governments. These tend to be bureaucratic organizations that try to do things on the cheap, they do a poor job with their security, and they make easy targets. On our end, I'm not sure there's anything we can do about it.
Some of those institutions spend a LOT of money doing things not "on the cheap" only to become vulnerable to a careless or ill informed employee that unwittingly invites
malware into the system. And there is a lot we can do about it on our end such as...
- staying informed and taking action when you become aware of cyber crime
- putting pressure on businesses that are penetrated by withdrawing or withholding our business and demanding others we do business with to do the same
- contacting your senator and congressional representative and demanding they take action to
- protect the ballot box from cyber fraud,
- require the electric power industry to harden their ancient and creaky power grid against cyber attack,
- enter into international agreements to vigorously prosecute cyber crime across borders,
- agree to the much more stringent EU internet regulations.this list could go on for pages
- demand accountability and restitution from businesses, government agencies, and other institutions whose data gets stolen because they have not bothered to update their software.
- Remaining vigilant and suspicious when your own electronic security is involved to protect your data and to not become an unwitting carrier/spreader of malware.
- When you upgrade to Catalina and an app requests access to different facilities of your computer, don't be too quick to grant the request and maybe even ask the developer why such access is necessary before granting it.
…and that is just the start.