Despite privacy concerns being painted all over the news, we still frequently run into IT organizations that do not seem to have the support of their business partners when it comes to security. The rationale often falls somewhere along the lines of "How could we be a target? All we do is sell xyz widgets." Granted, this mentality has become somewhat rare in those industries that have been under scrutiny for a while (i.e. financial, government, healthcare). But others are still experiencing the "Are we really a target?" syndrome.
Given the wide range of motives, every organization should consider itself a potential target and should be asking itself better questions. The most obvious attackers are financially motivated and after credit cards and personal information. Do you store or process any of this type of data? Then you are most definitely a target, and if you haven't already done so it is time to get your PCI-compliance groove on! Some attackers are hacking into organizations just to make a statement. They will seek out ways to tie their name to any organization that could result in gaining free publicity and attention. Do you have a marketing department? News feeds? Blog? Do you get a lot of website traffic? Any of these things can make your organization a target! Some attackers are after the end users, often considered the "weakest link" in an organization. They will attempt to compromise employee machines to gain a foothold or distribute malware and grow botnets using employees and customers alike. Do your employees use computers? Do your customers use your website? Then yes, you are a target!
Every business needs to think about and invest in security. Organizations need to assume they are targets and ask themselves questions such as "Are we really doing everything we should be doing to protect the privacy of our employees and customers?" and "What would be the consequences if our network was breached or data stolen?" In most cases the answer to the question "Are we a target?" should be assumed to be a big fat "Yes."
Ready to find out what an attacker could do to your organization?
Our team performs penetration tests that simulate real-world attacks against your network, applications, and people. Reach out to discuss a security assessment.
Talk to Our Team