If you’re reading this article from a small business, then you might be asking yourself something along the lines of:
- Who on earth would carry out a cyber attack on us?
- Why would someone be interested in attacking us?
In this article, I’ll attempt to answer those questions by explaining who the likely attackers are, and what motivates them.
Targeted and indiscriminate cyber-attacks.
Many perpetrators of cyber attacks don’t care about who is on the receiving end of their attacks. They use freely-available tools to attack vast swathes of internet users. Because they launch their attacks against so many people, they can be sure of finding a lot of victims.
As well as being the target of these indiscriminate attacks, there could be others who may take a specific interest in your business, either for commercial or personal gain, or merely to cause disruption.
Who are the perpetrators?
There are five main groups of people who might be targeting your business. Read on to find out who they are and what they want from you.
Cyber-criminals are interested in making money through fraud or from the sale of valuable information. Since the rise of cryptocurrencies such as Bitcoin, which are virtually untraceable, and with more people conducting financial business online, cyber-crime has become a multi-billion dollar industry. Small businesses are often the target of this crime because criminals might see them as soft targets with weak security controls.
Competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries, will primarily seek to steal sensitive information or cause disruption. Small businesses in the supply chains of defence contractors or utility companies and could be targeted as they may hold information themselves, or be used as a route to attack their larger customer.
Hackers interfere with computer systems because they find it enjoyable. While this might seem fairly innocuous, it can cause business disruption and loss of reputation. Hackers will often deface websites, which is embarrassing and disruptive to the victim company.
Hacktivists who wish to attack companies for political or ideological motives will look to cause disruption to businesses they have a grievance against and may even target companies who trade with those businesses.
Employees, or those who have legitimate access, can cause problems either by accidental or deliberate misuse. Those leaving for pastures new might look to take information with them, and staff might disclose information as a result of bribery or blackmail.
Every business is a potential victim.
The key takeaway from this is that every business is a potential victim of cyber-attack. You have no control over the capabilities or motivations of a likely attacker, but you can make it harder by deploying cyber-security defences and being aware of the threat.
This article is part of our Free Cyber Security Awareness Training. If you came across the article on our website through another route, you can access the rest of the course using the form below.