Most people outside of the security industry still have a very stereotypical view of hacker culture. Just this week I had a discussion at work (retail industry) and was surprised that just about everyone on my team still thought hackers were spotty no-friend kids who messed things up to get their kicks.
That simply isn’t true of course. At least not nowadays.
The bedroom or basement hacker is probably still out there and, in many respects, we need that because some of these guys will evolve into the white hats of the future. But the days of diskettes loaded with ‘fun’ viruses are long gone and the motives have become far more financial in nature.
That is why the lone wolf is a rare sight these days – attacks are far more coordinated in nature and they tend to focus on targets that can yield a return on the time and other resources that have been invested.
And that means that businesses are very much in the bad guys’ cross hairs.
If you are a business owner you need to be aware of the possibility of a coordinated attack against your assets, whether that be your information or other, physical, resources.
We’ve seen too many times recently that cyber gangs, state sponsored groups, hacktivists and even governments themselves have taken an unhealthy interest in the affairs of private companies and have taken action that has caused them disruption and even extreme financial loss.
News reporting, being what it is, may lead you to think that it is only the biggest of corporations that are being attacked but you need to be careful – data breaches and other attacks against small firms do occur but don’t receive the same level of publicity.
The reason why small businesses are at risk is because they tend to offer a path of lower resistance. Larger, well-known companies are, you would like to think, better prepared to deal a variety of attacks. They employ (hopefully) top end security professionals and they also have the resources required to facilitate a well-oiled security function.
Small and mid-sized businesses tend to be less well secured though and so they can often present a more tempting target.
This is why smaller companies need to take security seriously. Whilst a smaller presence in the market may help keep them under the radar for a time, “security through obscurity” will likely not be an effective long-term strategy.
There are too many businesses out there who think that no-one is paying attention to them and they do not need to pay much more than lip service to the security aspect of their company. Whilst I’m not saying that attitude will definitely lead to them getting attacked it certainly is a risky approach to take.
The more security measures you employ in and around your business the less of a target you will be. No-one wants to see another business attacked (well, ok, maybe seeing a competitor go down isn’t so bad, in an immoral kind of way) but this is a reflection of evolution in some respects – only the fittest (most secure) will survive so you will want your company to be better prepared than the next one.
Having some controls in place is a good starting point, though that shouldn’t be the extent of your security posture. You will also want to assess your current level of security too in order to guage where you are and what additional controls or changes you may need to make.
As I said earlier, the harder you make it for an attacker to get into your systems, the less likely it is that they will try. No system is ever completely secure but it would be wise to ensure that your businesses isn’t perceived as being the piece of fruit that hangs lowest on the tree of potential targets.
Just because your businesses isn’t a global player it doesn’t mean that those who wear the darker hats are oblivious to your existence but there is much that you can do to ensure that your firm does not become the next target of a planned attack.