Hint…it’s smaller than you think.
The simple answer is it doesn’t matter. If you have a computer and are connected to the Internet then you are already a target, whether intentional or not. Most people still think of hackers as sitting in a basement, connecting to a company’s computers, and trying a bunch of passwords until they just happen to hit the right combination. The real world is a little different. Sure, there are hackers that pick their targets and try to make a name for themselves, but what we are seeing more and more is well-funded organized crime rings, specifically ransomware rings, that have entire business plans around growing their clients.
What is a hacker client? Simply put, it’s you and your organization. The more “clients” they infect, the more ransom they are able to generate, the better their business does. Instead of focusing on a small number of large enterprises to attack, they can instead blast their ransomware out with carefully crafted phishing emails to hundreds, if not thousands of email addresses at a time. If that campaign doesn’t create an opportunity for them, they just blast out another round of emails.
They don’t care if the email they target is a small, 5-employee ice cream shop or a 30,000-employee manufacturer. Once they get their ransomware deployed, they can start gathering information about who their latest victim is and customize the payout based on what they believe that customer could and would pay. Maybe in the case of the ice cream shop above, they only ask for a few thousand dollars, but if they were able to gain access to the manufacturer, that number may be in the millions. At the end of the day, they want their piece of everyone’s pie.
So, with that daunting realization, how do you protect yourself? In this case, the best defense is a good offense. Be proactive and evaluate the security of your company. Just a few of the questions to consider include:
- Do you have a next generation firewall that can detect and block the latest threats from the internet?
- Do you have an advanced endpoint protection platform for your workstations and servers or are you using an ineffective signature-based antivirus?
- Do you have regular backups of all your important systems and data?
- Do you have adequate cyber insurance?
- Do your employees know what phishing is and how to identify it?
That list can go on and on when evaluating your security preparedness. You need to ensure you have the proper technical protections in place, the right policies and procedures for your employees, and a well-tested plan to address the day when a breach does occur. If you need any assistance understanding your current cybersecurity posture, developing an incident response plan, or any other cybersecurity topic, we would love to have a discussion with you. Talk to your Keller Schroeder Account Manager about our free Incident Response Workshop to help you get started on or improve your security readiness.
If you need any assistance with understanding the details within the advisory, understanding your current cybersecurity posture, your preparedness for a breach, or any other cybersecurity topic, we would love to have a discussion with you. Contact us today, and let’s chat about your environment and ways to lower your chances of becoming a victim of cybercrime.