One of the cold hard truths behind cybersecurity is that it’s impossible to prevent a hack 100% of the time. It only takes one user mistake, patching error, misconfiguration, or compromised device to breach the network and allow hackers to inject malicious code, steal data, or somehow cause a disruption.
Security solutions are designed to make it so exorbitantly expensive for a hacker to break in, causing them to target other, low-hanging fruit instead.
In this sense, cybersecurity is a zero-sum game – it’s balanced by winners and losers. If you’re winning, then there must be someone else who is losing. This is why it’s best to protect yourself as thoroughly as possible with strong multi-layered security and full visibility as a bare minimum.
Let’s further explore the idea that if cybersecurity is about economics, and how this affects hackers and their targets.
Cost vs. reward
When a hacker goes after a target, part of their consideration is how much effort, cost, and risk they need to incur for some reward, and what that reward is, whether monetary or prestige.
The darknet has also monetized hacking by becoming a marketplace for hacking tools, such as DDoS attacks against networks, providing backdoor codes, or even selling lists of usernames and passwords.
This is one of the reasons why low-hanging fruit targets are so often under attack. The cost and risk are relatively low. Companies who invest even minimal amounts in their cybersecurity infrastructure and employee training will help deter hackers, who will go after easier and softer targets.
Who are easy targets?
Big organizations and enterprises often have large budgets available to provide training and employ strict security protocols and regulations to help defend their network and assets, not to mention a wide range of security tools.
While it’s true that there are many high-profile attacks on companies like Twitter, the majority of hacks are aimed towards small businesses.
It shouldn’t come as a surprise that 71% of ransomware attacks targeted small businesses. They’re much more exposed. They must often rely on their employees’ limited understanding and knowledge of cybersecurity to protect their data, and they are much less likely to invest in point solutions or employ a cybersecurity officer or specialist.
For small businesses, this is a major problem. They hold sensitive data such as employee records, and even financial records of customers such as credit card numbers, names, and addresses. Depending on the type of business, they may also have health records or other sensitive information.
Small businesses are also highly vulnerable to phishing attacks. Hackers pose as someone trusted or in a position of authority to steal credentials to access the internal network. It’s almost impossible to trace and very low risk for hackers.
Common cyber-attacks and defense tools
There are many different types of cyberattacks, but some are more common than others.
Denial-of-service (DoS) – hackers can paralyze your computer or network by overloading the target with huge numbers of data requests. If a business is reliant on its website for revenue, bringing it down can bring a company to its knees.
Spear phishing – similar to phishing, but targeted towards a specific person or business. Hackers will meticulously research their target to craft a legitimate-sounding email complete with names and signature.
Interception – when data is transmitted between two places, it can be intercepted by hackers. Interception can happen when using unsecured networks or using bogus websites that steal the user’s credentials.
Malware – malicious software created with the intent to cause harm such as a computer virus, worm, ransomware, spyware, crypto mining, or adware.
How can businesses protect themselves from cyber threats if they don’t have massive budgets?
- Use security software on all of your computer devices (smartphones, tablets, laptops, etc.) such as antivirus, firewall, and antispam. Security software must always be kept up to date with the latest patches and updates.
- Always encrypt your sensitive data. There are free tools available, including built into the Windows operating system. Even if your data is compromised, it won’t be readable if it’s encrypted.
- Always backup your data. If a hacker accesses your system and deletes your data, as long as you have a recent backup, you can restore it.
- Never share login details such as passwords, no matter who asks for it.
- Employ multi-factor authentication, which requires a unique pin code sent by SMS or generated by an app.
- Refrain from using public Wi-fi as much as possible
- Hire a professional security adviser to help design and implement your cybersecurity
These are the bare minimum businesses should be enforcing to improve their cybersecurity hygiene. The good news is that as the cybersecurity market matures and evolves, comprehensive solutions are becoming more affordable.
Leveling the playing field
Hackers will soon need to contend with powerful concentrated cybersecurity solutions in the form of cloud-based SaaS security solutions, which will commoditize security and make it more accessible.
Products like NaaS (network as a service) and SASE (secure access service edge) bring a broad range of easily consumed security and network tools to consumers for a low subscription price, changing the economic equation for hackers, as suddenly cloud-native, affordable cybersecurity tools will be wildly available.
Naas – Provides a virtual, cloud-based network for businesses and large enterprises with built-in security functions such as firewall and endpoint protection.
SASE – Combines multiple security tools such as CASB, Zero Trust, and FWaaS into one cloud-delivered product.
A burglar who knows what they’re doing won’t just break into any house without first checking if they have a security system in place, and if they do, can they circumvent it?
Even if there are priceless items inside, a sound security system increases the risk and will turn them away in search of easier targets.
Security models like SASE enable businesses to employ holistic and elaborate security systems, which are much more affordable and user-friendly than older legacy systems, which can better deter hackers from attacking them.
Author Bio: Fascinated by computers, I graduated from UCLA with a Computer Science, B.S. I started my career as a Web Developer and then moved into Cybersecurity research after doing the UCLA Cybersecurity Boot Camp.