mailing list archives
Why would hackers target my little company?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 10 Dec 2013 00:36:52 -0700
If your business is relatively small and isn’t involved in financial
services or national defense, you might assume that data security isn’t a
big issue for you.
Why would someone from the presumably limited pool of hackers take the time
to target your company?
And if someone did get in, so what? Your employees would have to change
their passwords, which would be annoying, but pretty soon you’d be back in
Five or 10 years ago, those assumptions would have at least been
defensible, if not correct.
Cyberattackers tended to be lone wolves who went after high-profile
companies or government organizations, and they were usually just trying to
score political points or show off.
They weren’t invested in making loads of money or bringing down entire
But in recent years those lone wolves have banded together to form
syndicates with significant resources, and a lucrative international market
for logins, passwords and other confidential data has sprung up.
Some hackers pursue noneconomic goals such as crippling hated companies.
Others are in it just for the money.
They want data on credit cards and investment accounts. And while you may
be right that hackers wouldn’t have much interest in your company per se,
they’re very interested in your connections.
Attackers are increasingly targeting small companies, planting malware that
not only steals customer data but also makes its way into the computer
systems of other companies, such as vendors.
And hackers might be more interested in your employees than you think. Are
your workers relatively affluent? If so, chances are that hackers are
either looking for a way into your company or are already inside, stealing
Today, every company is vulnerable. In a study we conducted in 2006,
approximately 5 percent of all endpoints, such as desktops and laptops,
were infected by previously undetected malware at any given time.
By 2009-2010, the proportion was up to 35 percent. In a new study, it
looks as though the figure is going to be close to 54 percent.
Meanwhile, the battle between hackers and organizations is continuing to
Will nations develop the capacity to cripple one another, as in the nuclear
era, and will they use that threat to deter government-sponsored hacking?
But even if the cyber version of ‘’mutually assured destruction’’ comes to
pass, we’ll still be plagued by hackers – and they’re getting smarter every
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
- Why would hackers target my little company? Audrey McNeil (Dec 16)