It’s commonly thought that hackers attack whoever crosses their path. This may be true for “amateur” hackers, but not when it comes to professional “black hat” users. So, let’s take a look at how they choose their prey and how your organization can avoid being the next target of a cyberattack.
Hackers generally try to take advantage of less technical people and organizations. In particular, organizations without cybersecurity staff, policies or updated software are the dream victims; and believe me, it’s not hard at all to find. According to the Nonprofit Enterprise Network (NTEN), only 20% of organizations have a policy in place to address cyberattacks. This is why nonprofits are the ideal target for any hacker.
These ill-intended users may not even have to search far to find their next victim. They often go to social media platforms to select their prey because people share a huge amount of content which ends up overexposing their lives. For example, hackers are able to gather where the victim lives, where they’re going on vacation and what car they drive – giving them an idea of how much you can afford to pay when they attack you.
Another common way in which hackers choose their victims is by searching the dark web. There they can find stolen personal data such as Social Security numbers and credit card information that gives them a solid idea of who they will attack next.
After doing this “field research”, they often begin an attack by using free tools to scan the internet, looking for organizations that left their networks open. This provides them with an entry point to start digging and gain more information about your organization. Think of it as a burglar going from house to house, trying to open doors and windows. They’ll most easily get into homes without locks or alarms. It’s the same with cybercriminals: they look for organizations with no cybersecurity policies.
One way to know where your organization stands when it comes to cybersecurity is by doing a Security Maturity Level Assessment. This will reveal the weaknesses and how to overcome them, so your organization doesn’t become the next victim of a cyberattack. Have you done one yet?
Get in touch with Makaye Infosec for more information.