Skip Navigation
BlackBerry Blog

Am I a Cyberattack Target? How to Think Like a Hacker

Is your organization a potential cyberattack target? Large enterprises know they must answer yes to this question, and many make significant investments in cybersecurity as a result. But what if you’re a mid-market company or a small business: Do you still have a big target on your small or mid-size back? The answer is still a resounding yes — and here’s why.

Hackers and cybercriminals think about targets in terms of impact and the potential reward, and to realistically evaluate their level of risk, every organization needs to think that way, too.

So says BlackBerry Vice President of the Threat Research and Intelligence Ismael Valenzuela, who explained the concept to me in a recent video podcast interview.

“It's not necessarily about how much money you have, or the size of your organization. It's more about the impact and how much you are willing to pay,” clarifies Valenzuela. “If your business is a priority to you and is how you make a living, you can’t afford for your systems to be down,” he continues. “This increases the odds you would pay a ransom following a ransomware attack, in the hopes you get up and running again and get access to your data.”

Valenzuela also cautions that small and mid-size organizations are often at risk of cyberattacks for another reason they may not consider.

“You might be a small fish, but if you work with larger companies and attackers can leverage this access to get into another organization, you are a potential target,” he explains. Once again, this type of attack is about impact: Compromise the small organization, potentially steal data or intellectual property, and then proceed to a goal of breaching that small organization's large business partner or client.

This was only one part of my livestream video conversation with Valenzuela during the 2023 RSA Conference in San Francisco. We also discussed the value of regularly updated and contextualized cyber threat intelligence that organizations of any size can act on. Watch the video now, on demand.

Steve Kovsky, editorial director, talks with Ismael Valenzuela, vice president of threat intelligence at RSA 2023.

Small and Mid-Market Cyberattack Targets and Defense

When small and mid-market organizations realize they are potential targets for sophisticated cyberattacks emanating from anywhere in the world, Valenzuela says, mounting an equally sophisticated defense may seem impossible.

However, many organizations of this size are finding that cybersecurity services, like managed detection and response (MDR), allow them to “punch above their weight.” MDR lets businesses affordably protect themselves against cyberthreats on a 24x7x365 basis. And with a service like CylanceGUARD®, the world-class BlackBerry team becomes their cybersecurity team, as well.

This type of coverage is crucial because, in today’s hyper-connected world, every organization is part of a larger “supply chain.”

"As we wrote in our most recent BlackBerry Global Threat Intelligence Report, we're going to see more supply chain attacks. If you’re a small company that builds a little tool you might think, ‘Who would want to target me?’ Well, you might be that ‘carrier’ that can be leveraged to get access into other organizations — and that can be enough to take your small company out of business.”

For more of our discussion, watch my video interview (above) with Valenzuela, and be sure to stop by and meet the BlackBerry Threat Research and Intelligence Team in person at Black Hat USA 2023.

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Steve Kovsky

About Steve Kovsky

Steve Kovsky is former Editorial Director at BlackBerry.