Are The Bad Guys Really Out To Get Me And My Business?
I’ve written two books on cybersecurity and given several seminars on the topic. One of the commonly asked questions is, “Are the bad guys really our to get me? I mean, our business is small. We aren’t Target or a bank. Should we even worry about this?”
The short answer is, “Yes.”
What you need to understand is how today’s cyberthreat environment works.
I’m an avid marketer. Unfortunately, there are many similarities between how marketing works and how cybercriminals run their business. Yes, I did say business. Cybercrime is an organized business.
Advertisers broadcast a message to as many people as possible, hoping to get someone to respond. Cybercriminals cast a wide net in hopes of snaring those that click a link, open an attachment, or reply to an email.
You must understand that this process is also hugely automated. Malware software scans the Internet for vulnerable computers. Once identified, the attacker can focus on those machines more heavily.
Let’s look at another example, spam. Most of you are familiar with how this works. Criminals use automated software to email thousands, even millions of addresses, harvested from the Internet and the dark web. The attacker then waits for a target to click the link and enter credentials or launch an additional piece of software such as ransomware.
Are high profile companies and governments highly sought after and targeted by these criminal groups? Absolutely. But, regardless of your business’ size and industry, your company’s data and your clients’ information is valuable to the bad guys. Here are some ways that your data is valuable and sought after.
First, and growing, is ransomware. Ransomware software that penetrates your network encrypts your company data in the background. Criminals then offer to decrypt your data for a price (the ransom). While we hear about health and government organization data being held for millions of dollars in ransom, these amounts can still equal thousands of dollars for small businesses like yours.
The next way criminals profit from their actions is by selling your private data. The dark web, yes, it’s a real place, is full of criminals selling databases of logins, email addresses, names, social security numbers, and accounts.
As an example, an email address can sell for between $1 and $3.
Social media account credentials sell for up to $3.
Your instant messaging account may go for as much as $5.00.
As you can see, the owner of a database of thousands of records can make a pretty good profit selling your credentials and your clients’ data.
Cybersecurity is absolutely something you should all be concerned about. It doesn’t matter what size your business is or what industry you are in. The bad guys are out to get your data and profit from it by casting a huge net and seeing who falls for their scams or hasn’t put the proper protections in place.