Why would someone attack YOU?
Sep 10th, 2018 by Jesper Kråkhede
One of my core skills is conducting risk analysis, to be more precise, I tell my customer to quit fiddling with esoteric attacks and focus on the real challenges, like good passwords, MFA and credential hygiene. One common question I get is: Who would like to attack us? We have no money reserves like a bank, we don´t take credit cards like retail, we are not a government entity so why would someone bother (and why should we pay good money for security).
First of all, before answering the question, I must make my position clear here: You should never spend money on a security consultant doing risk analysis if you havn´t done the homework, meaning following the vendors best practices.
So why should you bother? Well, it´s quite easy: You can never control how someone might make money on your data, your computers or your environment. The obvious is ransomware: they encrypt you pay for access. Not so obvious is the cryptocurrency miners that utilize your computers for cryptocurrency mining. Less obvious is speculation in raw material. Just imagine if a company would produce iron or aluminum, a hacker got access and plants a ransomware on the servers and then buys a lot of the resource that is produced. The ransomware would then be activated removing a few producers creating a deficiency and that would rise the price. Or what if someone is speculating in that your stock price would fall?
You can never know how they make money on your downfall but it might be in a way you cannot control so make sure that you protect yourself in the first place.