Is your organization a potential cyberattack target? Large enterprises know they must answer yes to this question, and many make significant investments in cybersecurity as a result. But what if you’re a mid-market company or a small business: Do you still have a big target on your small or mid-size back? The answer is still a resounding yes — and here’s why.
Hackers and cybercriminals think about targets in terms of impact and the potential reward, and to realistically evaluate their level of risk, every organization needs to think that way, too.
So says BlackBerry Vice President of the Threat Research and Intelligence Ismael Valenzuela, who explained the concept to me in a recent video podcast interview.
“It's not necessarily about how much money you have, or the size of your organization. It's more about the impact and how much you are willing to pay,” clarifies Valenzuela. “If your business is a priority to you and is how you make a living, you can’t afford for your systems to be down,” he continues. “This increases the odds you would pay a ransom following a ransomware attack, in the hopes you get up and running again and get access to your data.”
Valenzuela also cautions that small and mid-size organizations are often at risk of cyberattacks for another reason they may not consider.
“You might be a small fish, but if you work with larger companies and attackers can leverage this access to get into another organization, you are a potential target,” he explains. Once again, this type of attack is about impact: Compromise the small organization, potentially steal data or intellectual property, and then proceed to a goal of breaching that small organization's large business partner or client.
This was only one part of my livestream video conversation with Valenzuela during the 2023 RSA Conference in San Francisco. We also discussed the value of regularly updated and contextualized cyber threat intelligence that organizations of any size can act on. Watch the video now, on demand.