It seems like every other day I tell you about some new online security threat. So where do the real dangers lie? The folks at Symantec (the company behind Norton Security) have put out a report highlighting what they think the fastest-growing dangers to online security are. Some of them could surprise you.

At the top of their list is Formjacking. According to Symantec, nearly 5000 sites are successfully hit by this kind of attack every single month.  Formjacking is when hackers use malicious code to steal credit card numbers and other information from a site.

When a site has been compromised, it sends a copy of your information to criminals at the same time it submits the info to the legitimate site you’re dealing with.

Ransomware is still a big threat. That’s when crooks use malicious software to lock your files and demand payment to give you access to your own stuff.  Ransomware attacks are down against individuals but rising against companies and organization. It looks like these crooks have decided to focus on the high-dollar value targets.

Attacks featuring malicious and destructive software are actually up around 1,000% according to the company. Once again, most of these attacks seem to be against larger organizations.

Poorly secured cloud storage has resulted in 70 million records being stolen largely from businesses and government organizations.

Another surprise is that 90% of devices affected with malicious software are what we think of as computers at all. They aren’t laptops, tablets, or even phones. Smart home devices like speakers, cameras, lightbulbs, and thermostats are tempting targets for hackers and many people don’t even think about securing these devices.

Most of these attacks happen when an employee of a business or agency, falls for an email phishing scheme, clicks on a malicious link, or opens a fake Office document. In fact, almost 50 percent of malicious attachments are disguised as Office files.

Employers need to train employees to be vigilant and not just click without thinking. Companies also need to secure their servers and run all security updates.

As a home user, you need to make sure that you apply all security updates (don’t forget about firmware updates for devices like smart speakers, routers, and cameras.) and apply two-factor authentication to any accounts that offer it.  Don’t be afraid to ask the companies you do business with what kind of security measures they have in place and what type of training they offer employees.