This Site Requires JavaScript Enabled.
Toolkits
  • IN Individuals Toolkit
  • SB Small Business Toolkit
  • ET Elections Toolkit
  • JO Journalists Toolkit
  • MBO Mission-Based Toolkit
Small Business / General
Yes, Your Company is a Target
By Michael Tanji
04/07/21

No company is too small or unimportant to be attacked. Your perception that the size or nature of your business makes you an unattractive target is just that: your perception, not how bad guys think. 

Yes, there was a time when the nature of your business was what made you a target for cyber criminals and other malicious actors. Banks, credit card companies, and so on were where the bad guys went because, to coin a phrase, that’s where the money was.

As computer technology became more ubiquitous in the home, individuals were targeted because the bad guys figured out how to fool people into giving up the details of their bank accounts, personal information, or otherwise extracting valuable data to exploit. 

Those threats still exist today, but the mere fact that you have computing resources of any type means you’re a target. Why? Two primary reasons: cryptocurrency and ransomware.

Cryptocurrency

If you’ve never heard the term cryptocurrency before you’ve probably heard of bitcoin. Bitcoin is a cryptocurrency. A detailed explanation of the math behind cryptocurrency is beyond the scope of this post, suffice it to say that creating cryptocurrency requires a computer. Generally speaking the more, or more powerful the computers the better. The problem is that as time goes on, it gets harder to “mine” cryptocurrency. In the case of bitcoin, the cost  of electrical power required to make coins exceeds the value of the coins you make. The solution is cryptojacking: hacking other people’s computers, mobile devices, websites, and other internet-connected resources so that the bad guys earn the coins, and you get stuck with the power bill.

Ransomware

Ransomware is a mash-up of “ransom” and “malware”. It is successful to the tune of several billion dollars a year, and it has been around in one form or another for almost 30 years but really came into its own fairly recently. A ransomware attack is very simple: someone infects your computers, encrypts the data on them, and demands that you pay them in order to get an alphanumeric key that will unlock your data.

For a lot of people their first reaction to a ransomware demand is that they don’t negotiate with terrorists…or kidnappers…or datanappers…whatever. It is a perfectly normal response that a lot of people advocate; these are usually people who aren’t facing bankruptcy because their company is being held hostage. If you don’t have current backups you have two choices: clean your systems of infection and attempt to re-create all the data you’ve lost (and all that that implies when it comes to time and money), or paying the ransom. You could engage a cybersecurity company to help you, but the cost of such services is almost certainly going to exceed the price of the ransom, and there is no guarantee that they will be successful in recovering your data.

Another important concern ransomware victims have is the trustworthiness of their adversary. What if the ransom is paid and they don’t provide the key to unlock the files? That’s certainly a risk, and it happens to some people, but in my experience (and everyone I’ve ever talked to who works these issues) the people behind ransomware attacks give up the key once they’re paid, and victims get their files back. In fact, the biggest, most “reputable” ransomware practitioners set up help forums you can use to work out any problems you might have in paying the ransom or decrypting your files. Why? For the same reason they deliver when paid: it’s good business. Think about it: in order for ransomware to work at scale, people have to know that they’ll get what they pay for. If word gets around that you’ll get stiffed if you pay, no one will pay. Why shortchange a few hundred people and make $50,000 when you can be a nice guy to a few thousand people and make $5,000,000?

The bigger risk when it comes to ransomware infections is becoming a victim more than once. If you made the business decision to pay the ransom and then don’t take substantial, concrete steps to harden your enterprise and make it more resilient to such attacks, there is a good chance that you’ll be targeted for infection again. The guidance the resources in our Small Business Cybersecurity Toolkit can help you take those steps, and implementing them won’t cost you a dime. 

The author, Michael Tanji, is the Global Marketing Officer and Chief of Staff at the Global Cyber Alliance. You can follow him on Twitter or connect with him on LinkedIn.

Back to Blog Next Post
  • About
  • Community Forum
  • Submit a Tool
  • Privacy Policy
  • Terms of Service
  • Legal Notice
  • Artificial Intelligence Policy
    and Disclosure
  • Invest in Us

Copyright @ 2024 Global Cyber Alliance | Sitemap

Scroll to top

Tool Types

Third Party Tool
Policy Document
Instructions
Third Party Scan
Video

Time

“Time” defines the approximate time it will take to implement the tool, including installation and setup. Based on your system and experience, the time may be longer or shorter than the time estimated.

Tool Levels

Level 1

Requires minimal technical knowledge to complete setup. Users with little-to-no familiarity with computer systems will still easily be able to implement Level 1 tools.

Level 2

Requires basic technical understanding of operating systems and settings controls. Users with a basic understanding will be able to easily implement Level 2 tools.

Level 3

Requires an intermediate level of understanding to implement. Users will need an intermediate understanding of computer systems and code languages.

Level 4

Requires advanced levels of understanding of computer systems, settings and code languages. Users will need experience with advanced system configurations.

Support

Contact Us
[email protected]

Community Forum
https://community.globalcyberalliance.org/