Opportunistic Hacks vs Targeted Hacks

December 30, 2014

Risk Management

Not all data breach occurrences are equal. As we’ve discussed in the past, while there is a difference between being hacked and accidentally disseminating sensitive information (here), both require significant reporting and expense management. Employee negligence is still the highest risk for many small to middle market companies, but these organizations are not immune to a malicious hack. There are two distinct types of hacks, and it is important to understand the differences.

The first is the targeted hack. The most recent example of this would be Sony. There is both intent and resources dedicated to this type of attack. The hardest part to comprehend is that no matter how great your security and IT department are, there is almost no way to prevent a focused hack like this. The criminals behind this behavior work tirelessly with many resources and effectively stay one step ahead of the prevention. Having a solid defense in place can help avoid this loss, but it really becomes “a matter of when” a loss will occur. This doesn’t mean organizations being targeted should just throw in the towel – much to the contrary. Have the comprehensive response including notification, legal assistance, and an established and practiced response in place is all the more vital. The question that should be asked is, “how do we maximize prevention, and minimalize loss?”

The second type of hack is a non-targeted hack which results from things like malware or viruses. Your network is constantly being tested with this type of contact. This hack is a crime of opportunity, not specific targeting. It is in these cases that a solid cyber defense and network testing can do the most to avoid breaches. A well-rounded risk mitigation program will be vital to avoiding an unwanted breach of sensitive data resulting from a phishing scam or visiting any number of commonly utilized websites.

Not all companies will be targeted for a malicious hack of their system. That doesn’t mean, however, that it can’t happen. Being aware of your decisions and the public perception of your organization can be the most important tool at your disposal. Social media and cyber activism allow for an unprecedented level of visibility for companies and their employees. For the untargeted and targeted companies alike, the ongoing battle between cyber security and cyber criminals will continue into the foreseeable future. A comprehensive understanding of the exposures faced, shared by executives and employees will help prevent losses and secure your organizations financial future.

Linkedin Facebook Twitter Email

No comments yet.

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.