“Since my organization is not a bank, a government agency, a large retailer, or a critical infrastructure provider, we don’t need to worry much about being a cybersecurity target. We have anti-virus software and keep up with our security patching, so we should be all set.”
If this any of this thinking exists in your organization, think again. Every person and organization is a potential political or economic target for cybercrime. Here’s why.
In 1999, I worked in a large office building across from an underground transit station. At the time, there had been a rash of wallet thefts. Criminals were dressing up like office workers, stealing wallets from open offices and then quickly jumping onto the subway. Within 15 minutes, stolen credit card charges were recorded at the shopping mall located two stations away. Back then, our banks didn’t monitor fraud as closely as they do today, so we weren’t notified immediately of the charges. On an OK day, the thieves were happy to snag a few credit cards. On a good day, they hit a sizeable payload.
The point is that those criminals didn’t “profile” their targets. It was all about the opportunity made possible by easy access and low security. The same is true for cyber criminals. Sure, they look for the big opportunities at banks and retailers, but they also are looking for easy scores.
More recently, we’ve learned that cyber criminals aren’t just after financial data, but any data that can be used maliciously. This means even more organizations are at risk. Recent hacks have shown that desirable secrets exist on more than government networks. Hacking a business network can lead to bringing down their infrastructure through viruses and other malicious code, or getting to data that is harmful or costly when in hands of others. Confidential or proprietary information and personal reputations are all at risk.
An organization is only as secure as its weakest link. Even if you are part of a small organization, it is part of the larger ecosystem of the connected world. While your unprotected assets may not hold great value, your networks may provide an access point to another organization with more desirable assets.
Cybersecurity should be on the minds of organizations both big and small. Being a target is not just related to the mission of your organization, but is about opportunity and access. And risk is about what can be lost – whether that is productivity or assets or reputations.
This video, CGI Global Cybersecurity Capabilities—How can we help you?, describes the changing threat landscape and how CGI helps clients assess their security posture.