I am amazed at how many people I meet who believe things about online threats that are completely untrue. Let’s take a look at the top 3 lies I hear most often when it comes to being hacked.
Lie #1: I am too small to matter. Hackers only go after the big guys.
Truth: I get where this is coming from, but it is totally untrue. 20+ years ago, hackers held hacks as trophies. Getting into a major corporation’s website and plastering their name all over it was reward enough. It is the kind of verbose behavior highlighted in the media with dramatic flair that sells. That is not the motivation anymore.
The true motivation behind all hacking, viruses and similar malevolent behavior is all about getting money from the easiest targets and avoiding attention and recognition. There are large numbers of cybersecurity law enforcement divisions and professionals, even at the small county sheriff level, that didn’t exist 20 years ago. The laws have changed and the penalties for getting caught are also a lot stiffer. So, like any other thief, hackers will attempt to take any advantage they can get and not get caught.
Secondly, major corporations have invested millions in AI predictive firewalls and specialized staff that make them a much harder target. If you were a sophisticated criminal, would you attempt to rob a modern downtown bank? You would have to get past armed guards, security cameras, a complex vault, and manage to get away cleanly without someone being able to identify or track you. You also have to contend with the bank’s limitless resources to pursue prosecution for years after the fact. It would be a lot easier to pickpocket the unarmed elderly guy standing on an average street corner after he makes a withdrawal of his monthly social security deposit from the ATM. The reward is a lot less than the potential inside the bank, but so are the difficulty and the risk.
This same low-risk crime could be effectively executed over and over again with different targets in different locations. While it will never be the plot of a hit movie, it can provide an effective income for the thief. This is exactly the same scenario that is played out virtually every day. Sharks don’t generally attempt to eat whales. They survive on lots of small fish every day.
You are the perfect sized target.
Lie #2: I don’t have anything valuable that hackers would want to steal.
Truth: I assume that you don’t have a safe with a million dollars in your bedroom, yet you likely lock the doors to your house, even if you live in a safe neighborhood. Why do you do that? The truth be told, you DO have something valuable in your home worth protecting, and you know there are random psychos that float around in the world that you don’t want to pay you a visit.
The foundation of this lie again ties to the actual motivation of hacking. Hackers want only one thing: MONEY. There are really two ways an unprotected system can help them get what they want. You can be the main target, or you can be an assist to their main target.
Like it or not, you are likely the main target. If your business runs profitably, you have what they want: income and a desire to protect it. One of the effective ways this is done is by tricking employees to send them money or information using fake emails and relying on human error. We see this happen all the time where hackers ask for money through impersonating the business owner or a trusted supplier. And, it works.
Also, viruses and ransomware are designed to exploit and hold a business hostage and can keep them from functioning until the ransom is paid. In whatever shape the threat comes, they will attempt to exploit you directly.
Secondly, and less likely but equally imposing, the attacker can use you for the assist. This is where they use infected machines to help them attack a bigger target or just perpetually waste your resources for their benefit. Hackers can use your resources to do things as benign as mining bitcoin for their benefit … all the way to getting you to assist them in major hacking operations.
In 2017, hackers exploited a bug in a type of smart thermostat to get millions of devices to hit a certain internet service all at the same time. This overloaded it from millions of directions, allowing them to make their main play. In this way, millions of unsuspecting people contributed to making the crime possible. While not the direct target, the victim’s systems often became completely unusable for a time. On the surface, this seems like more of a nuisance than anything, but it is far more sinister.
Companies being exploited in this way are having a foreign influence controlling and dictating their operations without their knowledge. It only takes a moment for a company to go from being used to exploit someone else to being held hostage themselves. When we encounter these situations, the systems are often completely entangled and it is very difficult and time-consuming to get operational control back.
If you have a business and a desire to protect it, you are the perfect target.
Lie #3: If I do get hi-jacked, it won’t cost me that much.
Truth: I recently learned that 55 businesses in North Texas were victims of ransomware in 2018 alone- totaling millions in losses. That is just one type of attack in one geographic area.
There are two types of costs you could have from hacking: direct and indirect. Direct cost would be if they take actual money from you. The average cost of a ransomware attack in 2019 was $50k. The average loss from successful Phishing is $25k. Cleaning infected systems and networks and restoring operations often costs more than the original purchase price.
Indirect cost would be the opportunity and operations cost of your business not being able to process orders while the hackers hold you hostage. Or, it could be your factory robots not running, your employees not being able to work because their systems are down, or your customer list exposed and exploited and your good name ruined. The cost of being unprepared and unprotected is much more than you think.
Don’t let hackers take you off guard. Remember, you ARE a target, you DO have something valuable, and it WILL cost you dearly if you get hacked. Instead, contact us to be proactive about your information security.