Why would anyone want to hack us?
“Why would anyone want to hack us?” said the feed store owner. My colleague and I looked at each other, and she took the lead in answering. “It wasn’t you they were interested in,” she said, adding “The bad guys just came across your inventory system and found a computer that ran 24/7 on a reliable Internet connection. The bad guys were using your computer as a hop point on their way to their real target.” We knew the answer wouldn’t completely satisfy the owner. The usual questions ensued, such as who the real target was, who the bad guys were, and more. All of which we deflected, as government types tend to do. In truth, we were surprised at the remoteness of the victim’s location in rural Illinois. It was well past the last cell tower and what felt like a million miles from the bad guys overseas.
While that story is more than a decade old, the same question still takes first place today.
Why us? Why me? Why my small company in my small town? Those are versions of the question we receive the most often from victims of cybercrime. It’s the question we heard all the time while serving in federal law enforcement.
The answers can vary some, but there are some common themes why your company was targeted by hackers:
1. What you have has value. Well, doesn’t it? Your company makes money somehow! Maybe the bad guys are wanting to steal your secret recipe… or just the money you earn in your business.
2. You aren’t the target, but you have good Internet access. The bad guys may be using you to get to their real target.
3. Bad luck. Sometimes bad guys take a broad approach, casting a wide net for victims. They weren’t targeting you specifically, you just got caught up.
“How did it happen?” is usually the next question, and that one is more difficult to answer – and it does vary by victim. Perhaps your IT vendor forgot to lock the cyber door on their way out. Perhaps that free thumb-drive you were given had some malware embedded on it. Perhaps someone on your team clicked the link in that phishing email. Statistically, the latter is the answer: phishing has been the #1 attack vector for years. But, this article is focusing on the #1 question – “Why me?”
Highlights from this article:
Overt has the experience to help. Contact us today.
The Good News.
We in the security industry recognize that some solutions are prohibitively expensive for small and medium-sized businesses. The fancy gadgets and pricey consultants all go to those 0.1% of companies with deep pockets. But, there is good news for businesses of any size: Fundamentals still work! Good cyber hygiene does not have to be expensive. Baseline assessments can be performed within a small business’ budget, laying out a to-do list that identifies the cyber needs of the organization for the present and the future. Just having a plan puts most small businesses well ahead of all the others.
It all starts with security awareness. Knowing what risk faces your company can provide you with insight on what needs to be done to address that risk. Implementing good policies and procedures, seeking to prevent incidents before they occur, will always be more affordable than trying to respond and recover from a cybersecurity incident.
Seek to build a good foundation. Work on the fundamentals. Start with security awareness.
Just Got Hacked?
Wish you had read the above and taken action before you got hacked? If you are still reading this, maybe that’s where you find yourself today. We can still help you respond and recover from the incident. However, time is of the essence. Contact us right away.
If you have any reason to believe your corporate systems, including email, are compromised, do not contact us using your corporate accounts. Use a personal email or call us from a personal phone.