Debunking Popular Myths: Most Cyberattacks Are Targeted. 

More often than not, an image of a hacker (or a bunch of them!) meticulously plotting their plan in a dark room – selecting a high-profile target is what comes to mind when you mention a cyberattack - thanks to Hollywood. However, the reality is far less cinematic. Contrary to popular belief, most cyberattacks aren't methodically planned by skilled individuals; instead, they often operate on a scattergun approach, posing a substantial threat to businesses of all sizes, including SMBs.  


Lack of Sophistication:  

Cybercriminals aren’t always the masterminds or expert hackers who carefully choose targets, strategising their every move in search of a payday. While this archetype does exist, the majority of them lack such sophistication. The truth is, many are opportunistic and search for targets with vulnerabilities they know how to exploit rather than selecting specific targets for potential payoffs. As such, small businesses often find themselves in their crosshairs. 

 

Automation:  

In today’s world, automation has become an ally for cybercriminals. Rather than relying on human expertise, attackers deploy automated tools to scan the internet - searching for exposed systems and vulnerabilities. These tools initiate the attack, and human interaction often takes place during post-exploitation. In other words, the size of a business becomes irrelevant to these tools; as they scan the internet for any vulnerabilities they can exploit, irrespective of a business's scale. 

 

Phishing:  

Phishing, once a tool reserved for the more technically adept, has evolved into an instrument accessible to almost anyone using an internet connection. Cybercriminals cast a wide net, sending email-based / SMS based phishing campaigns to tens of millions of potential victims in a single round. Here lies the critical point: these attacks are not strategically targeted based on potential gains. Instead, they rely on human errors– exploiting those who overlook warning signs and fall prey to their traps. 

Businesses of all sizes, including SMBs, are susceptible to phishing attacks. The cybercriminal's focus is not on the size of the potential payoff, but on finding any gap in your cyber defence systems. SMBs, who often lack extensive cybersecurity measures compared to their larger counterparts, can inadvertently become attractive targets for these automated and scattergun-style attacks. 

 

Protecting SMBs 

Understanding that cyberattacks aren’t always targeted is the first step towards bolstering the defences of SMBs. Recognising that cybercriminals exploit vulnerabilities rather than specifically targeting businesses based on size of the business, empowers decision-makers to take proactive actions.  

Investing in robust cybersecurity measures has become crucial for a business of any size in today’s world. Automated tools are relentless in their search for vulnerabilities, and having a comprehensive defence system is the best way to thwart their attempts. This includes regular security audits, software updates, and employee training programs to fortify the human element against phishing attacks. 

Furthermore, cultivating a cybersecurity culture within an organisation is paramount. Employees should be educated about the risks of phishing attacks and equipped with the skills to identify and report suspicious activities. Cybersecurity is a collective effort, and everyone in the organisation plays a role in safeguarding sensitive information. 

 

In conclusion, debunking the myth that most cyberattacks are targeted is a vital step for your business. Understanding the landscape of cyber threats and implementing proactive cybersecurity measures is essential for protecting the digital assets of your organisation. By staying informed and deploying a comprehensive defence strategy, you can significantly reduce the risk of falling victim to cyberattacks in an era - where automated tools and phishing campaigns pose a pervasive threat to businesses of all sizes. 

Previous
Previous

Malice or Mistake- Understanding the Spectrum of Insider Threats.

Next
Next

ASD 2024 Cyber Threat Report