According to a study recently conducted by Verizon, 71% of all data breaches are carried out against small businesses with fewer than 100 employees. Nonetheless, it remains a common misconception that hackers want to go after the biggest targets since, after all, they’re the ones with the largest amounts of valuable data.
While it’s important to remember that every organization, regardless of its size, is a potential target, the tendency to attack smaller businesses is a rapidly rising trend. The reason behind this is simple – smaller organizations tend to be easier and more profitable targets. So, what exactly are hackers looking for, and what do they want to achieve when they attempt to break into your network?
When you read articles about hackers targeting business data, you might wonder just what it is they’re after. Unsurprisingly, the answer is money. For example, someone breaking into your network might be looking for passwords and login details for things like online bank accounts or systems that store customer payment information.
The reason this has been happening more often is because there are more businesses, hosting more financial information, than ever before. That and lax cybersecurity investments make them low-hanging fruit.
Hackers typically gain access to privileged information, such as payment details, by stealing account passwords. These could come from a keylogger that secretly records every keystroke, a social engineering (phishing) campaign that encourages victims to unwittingly give away their personal or payment information to con artists.
While some attacks are only intended to obtain personal and payment information belonging to a single individual, most hackers will try to obtain as many records as possible. They’ll then sell this information on the internet for a significant profit. For example, a stolen credit card with all accompanying information needed to make online purchases is worth around $30 in the US and up to $40 in Europe.
Another increasingly common cybercrime is ransomware. This form of extortion, as illustrated by the major WannaCry and Petya attacks last year, involves encrypting the victim’s hard drive to extort money out of them for the decryption key. Most of the time, hackers will try to trick you into installing ransomware so that all the files on your drive end up being encrypted. They’ll then promise a way to get that information back if you pay them.
Many hackers are recruiting would-be criminals with little technical knowledge of their own to help them carry out their attacks. Known as crime-as-a-service, this has become one of the fastest-growing trends in the world of cybercrime.
Hackers aren’t always interested in financial gain. In fact, many are interested in only one thing – causing maximum disruption for their victims. There’s a multitude of possible reasons behind this but, in the case of small businesses, it’s often down to ruthless and unethical competitors.
One of the most common ways to sabotage a business is by carrying out a DDoS (Distributed Denial of Service) attack. These attacks involve overloading a server with requests so that it either crashes or slows down to such an extent it becomes unusable. Every website or online service is susceptible to DDoS attacks. These are commonly motivated by predatory business practices, extortion, or as distractions from other malicious attacks.
Hackers might also sabotage a business by stealing customer information even if it’s not for financial or personal gain. Sometimes, the motive is purely moral or political. For example, back in 2015, a group of hackers calling themselves the ‘Impact Team’ broke into Ashley Madison, a dating website facilitating extramarital affairs. After gaining access to the company’s database, they threatened to publicly release the names and other personally identifiable information of thousands of account holders if the company did not cease operations immediately.
Regardless of the reasons behind their attacks, hackers work by taking advantage of vulnerabilities in your network, such as outdated software or gullible employees. Oftentimes, they’ll launch their attacks after carrying out extensive research into your network infrastructure until they find a potential gateway into your systems.
There’s a multitude of possible ways that a hacker can get inside your network. That’s why Dyrand Systems offers comprehensive security solutions and hosted services that allow you to stop worrying about IT. If you’re ready to let us do the hard work, call us today for your free assessment.