Risk
9/14/2012
03:35 PM
Tim Wilson
Tim Wilson
Commentary
50%
50%

How Cybercriminals Choose Their Targets

Attackers look for companies with poor defenses and a lack of security skills, so no business, not even an SMB, is immune.

InformationWeek Green - Sept 17, 2012
InformationWeek Green
Download the InformationWeek SMB September special issue on cybersecurity, distributed in an all-digital format as part of our Green Initiative
(Registration required.)

Whom do hackers want to hack? This might be one of the most misunderstood questions in IT security. And misperceptions here often lead businesses to make poor decisions about their defenses.

Logic tells us that cybercriminals are like Willie Sutton--they go where the money is. Banks and other financial companies, as well as businesses with lots of credit card data, would be the prime targets, right? And the bigger they are, the better targets they make.

This same logic is often applied to attacks on end users. If you're going to target a user, make it a high-level executive, a wealthy individual, or an IT administrator who has access privileges to many different systems. Go for the users with the keys to the safe.

All of these assumptions are perfectly logical. But they're also all wrong.

Most cybercriminals just aren't all that selective. True, banks handle lots of transactions, but any company with money is a good target, and a company that sells snack foods or construction equipment may have far fewer defenses.

Similarly, the perception that cybercriminals target only big companies is a myth. Large companies have more money, but they also have big security teams and high-priced defenses. Small and midsize companies have fewer security skills and little in the way of security budgets, which makes them natural targets for cybercriminals who don't want to work too hard. As you'll see in this special issue of InformationWeek SMB, smaller businesses frequently overlook core security practices that leave their data--and their finances--at risk.

People Of Interest

There are similar myths on the end user side. While it may be logical to provide extra protection for CEOs and password administrators, the notion that highly placed employees are the only people spear phishers and other targeted attackers go after is mistaken. Sophisticated cybercriminals know they don't have to crack the CEO's passwords to get access to valuable data. Line-level employees, contractors, even employees' relatives can be part of the target base. These guys aren't choosy, as long as the target is a step closer to the information they seek.

Cybercriminals are looking for low-hanging fruit. Their targets are companies with poor defenses, a lack of security skills, and vulnerable end users. They're looking for unlocked doors and open windows. The path of least resistance will always be the one most beaten down by bad guys.

There are many other reasons a cybercriminal might target your company and your employees, but the message is the same: No business, no individual is immune. Whether you're Sony or a mom-and-pop shop, you may be a target today. How you respond to that threat could make the difference between being safe and being breached.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.