It’s commonly thought that hackers attack whoever crosses their path. This may be true for “amateur” hackers, but not when it comes to professional “black hat” users. So, let’s take a look at how they choose their prey and how your organization can avoid being the next target of a cyberattack.
Hackers generally try to take advantage of less technical people and organizations. In particular, organizations without cybersecurity staff, policies or updated software are the dream victims; and believe me, it’s not hard at all to find. According to the Nonprofit Enterprise Network (NTEN), only 20% of organizations have a policy in place to address cyberattacks. This is why nonprofit organizations are the ideal target for any hacker.
Hackers may not even have to search far to find their next victim.
They often go to social media platforms to select their prey because people share a huge amount of content which ends up overexposing their lives. For example, hackers are able to gather where the victim lives, where they’re going on vacation, or even what car they drive – giving them an idea of how much you can afford to pay when they attack you.
Another common way in which hackers choose their victims is by searching the dark web. There they can find stolen personal data such as Social Security numbers and credit card information that gives them a solid idea of who they will attack next.
After doing this “field research”, they often begin an attack by using free tools to scan the internet, looking for organizations that left their networks open. This provides them with an entry point to start digging and gain more information about your organization. Think of it as a burglar going from house to house, trying to open doors and windows. They’ll most easily get into homes without locks or alarms. It’s the same with cybercriminals: they look for organizations with no cybersecurity policies.
Stay away from hackers and Security Threats.
One way to know where your organization stands when it comes to cybersecurity is by doing a Security Maturity Level Assessment. A SMLA includes interviews and research to determine where vulnerabilities and risk exist and to determine what security measures are currently in place to protect your organization. The knowledge gained through this assessment will help guide the decisions that will need to be made to improve your security and align your risk with acceptable tolerance levels.
Makaye uses the National Institute of Standards and Technology Cyber Security Framework (NIST) and the Center for Internet Security (CIS) to quantify your security maturity.
The NIST framework is a set of standards designed to safeguard information and provide valuable insights into your current risk exposure. With the NIST framework as a benchmark, your maturity assessment evaluates how well your organization can Identify, Protect, Detect, Respond, and Recover from cyber threats.
CIS has 20 critical security controls—ranked from low to very high—that gauge your security posture.
When you engage Makaye to prepare your Maturity Assessment, we meet with your executive team, IT department, Human Resources, and anyone else in your organization who is responsible for security compliance and policies. Together, we analyze your organization’s security using the techniques described above and
determine your overall maturity level.
We are committed to helping you protect your community, and carry out your mission. We believe that it’s just not right that hackers target organizations that are trying to do good in the world, which is why we provide the support you need to make cybersecurity choices that help you succeed.
