Risk
9/14/2012
03:35 PM
Tim Wilson
Tim Wilson
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

How Cybercriminals Choose Their Targets

Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune.

InformationWeek Green - Sept 17, 2012
InformationWeek Green
Download the InformationWeek SMB September special issue on cybersecurity, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Whom do hackers want to hack? This might be one of the most misunderstood questions in IT security. And misperceptions here often lead businesses to make poor decisions about their defenses.

Logic tells us that cybercriminals are like Willie Sutton--they go where the money is. Banks and other financial companies, as well as businesses with lots of credit card data, would be the prime targets, right? And the bigger they are, the better targets they make.

This same logic is often applied to attacks on end users. If you're going to target a user, make it a high-level executive, a wealthy individual, or an IT administrator who has access privileges to many different systems. Go for the users with the keys to the safe.

All of these assumptions are perfectly logical. But they're also all wrong.

Most cybercriminals just aren't all that selective. True, banks handle lots of transactions, but any company with money is a good target, and a company that sells snack foods or construction equipment may have far fewer defenses.

Similarly, the perception that cybercriminals target only big companies is a myth. Large companies have more money, but they also have big security teams and high-priced defenses. Small and midsize companies have fewer security skills and little in the way of security budgets, which makes them natural targets for cybercriminals who don't want to work too hard. As you'll see in this special issue of InformationWeek SMB, smaller businesses frequently overlook core security practices that leave their data--and their finances--at risk.

People Of Interest

There are similar myths on the end user side. While it may be logical to provide extra protection for CEOs and password administrators, the notion that highly placed employees are the only people spear phishers and other targeted attackers go after is mistaken. Sophisticated cybercriminals know they don't have to crack the CEO's passwords to get access to valuable data. Line-level employees, contractors, even employees' relatives can be part of the target base. These guys aren't choosy, as long as the target is a step closer to the information they seek.

Cybercriminals are looking for low-hanging fruit. Their targets are companies with poor defenses, a lack of security skills, and vulnerable end users. They're looking for unlocked doors and open windows. The path of least resistance will always be the one most beaten down by bad guys.

There are many other reasons a cybercriminal might target your company and your employees, but the message is the same: No business, no individual is immune. Whether you're Sony or a mom-and-pop shop, you may be a target today. How you respond to that threat could make the difference between being safe and being breached.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web