When creating a defensive plan against cyber attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, companies will ask, “Why us?” It’s a valid question, but it’s one that organizations should ask before an incident to help them prepare.
There are a multitude of reasons why an attacker might choose your organization, whether as a crime of opportunity or an assault on your specific firm. Below I’ve captured some of the more common ones.
Finding the Opportunity
Cyber attacks are typically based on a unique opportunity that makes your organization an easy target. Usually such opportunities are within an organization’s circle of influence, where they can take steps to reduce risk.
- Technology stack: Attackers use tools such as search engines (Google, Shodan.io) and job boards to map specific technologies known to have vulnerabilities or which are frequently misconfigured. This also provides attackers with the chance to try weak or default credentials to gain additional access.
- Public information disclosures: Credential disclosures are commonly shared on the Internet and within hacker communities. For example, employees often reuse work passwords on outside services (such as personal accounts) that make it easy to perform credential stuffing attacks. Services such as haveibeenpwned.com allow organizations to effortlessly discover when a credential containing their domain has been disclosed.
- Phishing: Many phishing campaigns permutate domains from lists or data crawled from the Internet. If an employee falls victim to a phishing attack, the hacker can take advantage of this newly gained access; if not, they continue on to the next potential dupe.
Targeted attacks are directed at the organization itself and often include detailed research and reconnaissance. Traditionally, attackers will utilize opportunistic attacks for quick access, but dive much deeper.
- Industry Type: Often the type of industry will draw specific attention, such as financial institutions, government entities, or manufacturing companies. The attacker is looking for a specific asset or a technology that they use; or perhaps there’s a controversial issue which has spawned hacktivism.
- Target by proxy: Some organizations are simply a stepping stone to leverage a relationship to attack a partner, supplier, or customer.
- Insider Threat: While not historically thought of as a way of targeting an organization, insider threats such as disgruntled employees or fraud are among the most common types of attacks, and need to be accounted for.
What You Can Do
Each organization should already be having a conversation on why and how they may be targeted in the future. In many cases, a quick and easy change can prevent a drastic and costly security incident. Relatively simple steps such as conducting vulnerability scans, penetration testing, educational phishing campaigns, and updated patch management procedures can help to safeguard your systems and data.
With better knowledge-sharing and training, companies can avoid making themselves vulnerable to today’s growing threat landscape, without having to make extensive and expensive investments in new technologies.