You could be forgiven for thinking that only large, rich brands like Sony, Adobe, and JP Morgan are the companies targeted by hackers as they’re pretty much the only kind reported in the media. You could also be forgiven for thinking that lesser mortals are strangers to hacker hit lists and you’ve nothing to worry about. But you couldn’t be more wrong.
In fact, there are tens of thousands of reasons why you are wrong: every day, 30,000 websites get attacked. And they are ordinary brands, neither great, nor grand, nor global.
So, are you a potential victim? If you have a device linked to the internet, then the answer is yes. Plain and simple.
The thing to remember is, not all hackers are after financial gain; some have political or religious motives and some just have giant egos and too much time on their hands. Some are hybrids with crossover objectives that aren’t immediately clear.
What is clear, though, is the diverse nature of targets: in the Google Malaysia hack this month, no data was compromised but visitors were redirected to a hacker’s website; also this month, Tasmania’s airport site was plastered with messages from IS; the Scottish Athletics site was similarly the victim of Islamic religious messages; and even a pub in Derbyshire’s website was defaced with extremist text.
With targets as diverse as these, it’s obvious that hackers have declared open season on anyone and everyone.
Their method of attack varies, too: specific companies are sometimes targeted in pre-planned, individualised attacks, while others companies (and individuals) are simply drawn into a ‘botnet’ through the use of an automated program. Indeed, in the US-based Ponemon Institute’s annual global benchmark survey of 257 companies, 59% of the cited cyberattacks were botnet related.
High costs of hacking
High-profile hacks have reached unprecedented levels in the last two years: in 2013, the Sony and Adobe Systems breaches cost $1.5bn (£1bn) apiece and, in 2014, JP Morgan suffered to the tune of $1bn (£670m).
These figures are enough to make anyone’s eyes water, but smaller companies can be left even more devastated by a hack than their giant counterparts: 60% of small businesses close within six months of experiencing a breach.
The cost of a hack doesn’t just boil down to cash, either: even if no data is compromised, or money directly stolen, there’s the problem of reputational damage: it can vary from short-lived and simply embarrassing e.g. when salacious messages have been posted, to long-term distrust resulting in lost business, as in cases where personal customer data has been stolen.
Minding your own business
Surprisingly, there’s some good news about hacks: 90% of them are considered ‘easily preventable’ according to the not-for-profit Online Trust Alliance (OTA).
Other good news is that the OTA’s ‘critical’ practices checklist includes several items that don’t need a big budget, either. Top of their list, for example, is effective password management. Such a scheme can be founded on just two pillars of wisdom: passwords should be long and strong (15+ characters and containing a mixture of upper and lower case letters, symbols, and numbers) and they must be unique to each online account.
The truth about cyber safety
The hack attacks that grab the headlines can mislead business owners into thinking that their own, smaller companies are safe. But having small data and no apparent assets buys absolutely zero immunity from being hacked.
Just by being online, you are a potential victim. Accepting that truth is the start of being safe in the cyber world. Its polar opposite, indeed the most dangerous falsehood of all, is ‘it won’t happen to me’.
No matter the size of your business, the best way to protect it is to acknowledge the threat and be proactive in prevention.
If you are worried about your organization being the victim of a hacking incident, check out our free guide on How to Protect Your Company from being Hacked.