Everyone is a target

Cybersecurity still seems to be at the bottom of people’s lists.

Businessman standing in a shopping cart big eyes watch over him [paranoia, delusion, security]
alashi / Getty Images

Cybersecurity still seems to be at the bottom of people’s lists. Some feel as though it isn’t necessary as they don’t see themselves as targets. In their opinion, they have nothing of value, why would they be targeted? Why do they need to dish out for antivirus software? As Security professionals we need to find a way to communicate the following message.

Everyone is a target. Yes, even you.

Being a target doesn’t necessarily mean you have done something or have enemies. Most scanning is done by bots and then highlighted to malicious actors. If they happen to stumble upon your network or various devices and you are an “easy target”, then they will breach your systems, steal your data and if the opportunity is available; encrypt your company’s data and hold for ransom.

In what seems like the blink of an eye, an entire business could crumble. Obviously if you have the provisions in place to protect you from this then you may be safe (for now at least). Admittedly some breaches and attacks are planned carefully and meticulously for weeks, months or even years. However long it takes.   They don't know what you do or even care, they just want to know how much money they can make by stealing your info or ransom from you or your company to get your data back. 

Trust me on this, a lot of people pay, too many and that is why ransomware is such a profitable and popular business. People pay, they unlock your data and then in 3-6 months the cycle probably restarts. Many companies don’t learn from their mistakes and vulnerabilities and don’t fix the issues that caused the breach in the first instance. This is something that we need to work on, we need to help small businesses, the majority of whom will say they are not at risk to this, we need to find a way as an industry to help better educate this group. Help them at least get the basics right, don’t you think?

What can we do as an industry, Nay community to help to resolve this problem?  Just brainstorming here, let’s host events targeted at SMBs or companies that are lacking in security staff and or skills. Presentations about the very basics of security. Run through standard policies and practices. Many of you may feel that these may be pointless, people are in the wrong profession if they are unaware of the above. False, some people may need a refresher. Attacks are constantly evolving and education in security cannot cover it all. Some small companies may not be able to hire security trained staff members. If we can help educate the general public per say, this would be of tremendous value, at least in my opinion.

We could also offer recorded sessions for businesses who register or who are unable to attend the events. Run free webinars that can be watched at alternative times. Let's invest our time in helping everyone be better protected, be better educated on risks and let's start to turn that tide of breaches around. Maybe we could put the cybercriminals out of business why we are at it or at least slow the flow of money to their coffers.

Back to my main point of this article, everyone is a target no matter your business size, yes you may not be as valuable as some of the bigger fish (targets) but money is money to a malicious actor they don’t care who or what you have or even what you will lose from the target that isn’t something that affects them, it’s just about the money it is that simple. Do yourself a favour and talk to someone about what you need to get right, to have the basics covered. You don't need to have a big budget to make a change for the better, just put it as a priority and make time to ensure you are prepared because as many of us in the industry say "it's not if but when an incident/breach will happen".

Let’s do better, be better and give all the criminals less of our hard-earned money. 

Related:

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies