So who exactly do the hackers actually want to hack? This question is
Cybercriminals are like Willie Sutton
Our good friend logic says that cybercriminals are akin to Willie Sutton – they go when they can find money. Banks, financial firms, those businesses that have a lot of credit card data, should then be the main targets obviously. And of course the biggest ones would be the most severely under the gun.
This is precisely the logic the one applies to end user attacks. If a hacker is looking to target a particular user, they’d go for a renowned executive, someone with dough or someone from IT administration who would have access privileges to a wide array of systems. The rule ostensibly is: hunt down users that have the proverbial safe’s key.
Hacking Psychology
These assumptions, while being perfectly illogical are also perfectly inaccurate. Strictly speaking from the psychological point of view of a cybercriminal, that lot isn’t too selective at all. It’s a fact that banks are engaged in many a transaction, but then again any company that has money makes for a serious target. Therefore, companies that deal in snacks or construction equipment, the ones that aren’t all that beefed up, would be equally – if not more – under the gun.
Size Doesn’t Matter Actually
And similarly, the opinion that hackers only target massive companies, is fallacious and a myth. The bigger companies might have more money, but what we must not forget is that they also have gargantuan security setups and robust defense mechanism. Medium size companies and even some relatively small companies have considerably less security skills and almost a non-existing security budget, which in turn makes these firms the easier targets for the hacking mafia, especially those that wouldn’t want to work too hard.
Go through a recent ‘InformationWeek SMB’ issue that reveals that considerably smaller firms, which quite often overlook genuine security practices are quite often the target of hack attacks.
…Neither Does Profile
And then there are the myths on the user side. Granted that it is indeed logical to ensure that one provides extra protection for the password admins and CEOs, the belief that only the high ranked employees in a major firm are going to be the ones that are targeted is strictly incorrect. Sophisticated hackers realize that they do not have to unlock the password of the CEO to access the crucial data. Contractors, line level employees and even their relatives could be the ones targeted. The hackers aren’t all that choose – not at all – as long as their next target takes them a step closer to their targeted data.
Low Hanging Fruit
Hackers target the ‘low hanging fruit” so to speak. They target the companies that have poor and exposable defenses, are devoid of security skills and have user end vulnerability. They seek doors that aren’t locked or windows that have been left open – thieves would always go for safes that offer the least resistance even if they don’t have the most riches.
There is a plethora of reasons why a cybercriminal might want to target your company and your employees, however the message is simple: no firm or individual is immune from hacking. It doesn’t matter you are Sony or an ordinary superstore; you could be targeted any time. How strong your defense mechanism is would and how robustly you respond is the different between safety and breach.
Author Bio: Natalia David has been a regular contributor as tech writer, expert for some time now. Her work has received great appreciation from readers who turn to her to keep themselves updated with the latest happenings in tech world. You can also follow her on twitter @NataliaDavid4