Hey everyone,
We’re living in truly remarkable times. The twin forces of deglobalization and rapid AI advancement are reshaping our world in ways we can barely keep up with. Unfortunately — at least from my perspective — the impact on cybersecurity feels more negative than positive.
The number of cyberattacks I’ve personally seen this year has doubled, maybe even tripled, compared to last. And it’s not just the frequency — attackers are using increasingly sophisticated methods and throwing more resources into their campaigns.
Maybe it’s a local phenomenon, but here in Poland, the numbers are particularly alarming. According to recent data, Poland ranked first globally for detected ransomware attacks in the first half of 2025. First place — ahead of the USA. Think about that. These attacks often involve stealing and encrypting data, followed by ransom demands. And many of them are attributed to state-sponsored hackers from Russia, China, and North Korea. Right now, 6% of all global ransomware incidents are aimed directly at us.
Every attack has a cost.
More traffic. Higher infrastructure bills. Firewalls processing ten times the usual number of requests. Sleep-deprived admins and DevOps teams analyzing logs at 3 a.m. The stress alone is enough to wear down even the most seasoned engineer.
And yes, cybersecurity is often associated with high costs — complex tools, dedicated teams, endless audits. But not everything has to be expensive. Sometimes, small, simple measures can make a real difference. Let me share one such trick.
The Power of the Canary Token
Think of canary tokens like tripwires for hackers — digital motion detectors for your files, folders, and cloud accounts. They’re subtle. They’re clever. And most importantly — they’re free.
One of the easiest ways to get started is to use a service like https://canarytokens.org. Here’s a quick example:
- Generate a “MS Excel” canary token on the site.
- Create a file — call it something tempting like passwords.xls.
- Enter some fake login credentials.
- Add your alert email (don’t use your regular work address — use a separate one).
- Save the file in a few locations: one or two folders on your PC, maybe your Google Drive, or even attach it to an email you send to yourself.
Why does this work?
Because hackers — especially when scraping through your system — often look for low-hanging fruit: saved credentials, open text files, weak points. If they open your decoy file, boom — you get a silent alert. It’s like catching them red-handed.
I even made a short video showing how easy it is to set up one of these.
My advice? Use it everywhere — both at work and in your personal digital life.
Setup takes maybe 10–15 minutes. That’s it. And this tiny step could one day be your lifeline.
Because here’s the harsh truth: hackers are always one step ahead of us. The “blue team” — the defenders — is always reacting, always catching up. That’s why we have to plan for the worst-case scenario. We need to assume they will get in. And when they do, a simple canary token might be the signal that saves your data, your systems, and your peace of mind.
Awareness is half the battle.
The other half is doing something — even something small.
Let me know what you think — and if you set one up, I’d love to hear how it went.
Stay safe!
P.S. If you are interested at cybersecuirty, you may visit other resources at my blog related with that theme here: “Cyber Security of Web Applications in one pill“
