Why breadth of experience is critical in your cybersecurity provider
If there’s one thing we’ve learned from our vast experience in cybersecurity, it’s that cybercriminals don’t discriminate: for the most part they are not looking at location or even industry in their attacks, rather holes to climb through for a breach.
Like many target-driven professions (if we can call cybercrime a profession), cybercriminals look for the path of least resistance to achieve their aims. They don’t care if your business is big or small or if you specialize in finance or healthcare. They only care how easy it is to hack into your business and how much they stand to earn on their investment.
This is why you need a cybersecurity provider that has seen it all – and that knows how to respond to any and all types of cyber-attacks.
Ways in which cybercriminals don’t discriminate
In a study of confirmed data breaches that took place in 2020, Verizon found that the hardest-hit sectors among small businesses were professional services (29%), information (13%), healthcare (12%), and finance (10%). However no industry was immune to cybercrime, with education, retail, manufacturing, public services, entertainment, construction, mining and agriculture among the many other victims.
The reason all types of business get hit by cyberattacks is because cybercriminals are generally happy to target any type of business so long as they achieve their aims.
Consider advanced persistent threat attacks or APTs. These attacks fall into two categories:
- State-sponsored APT groups, e.g. Russian hackers targeting American businesses. These hackers don’t care whose business they hurt, as long as they hurt someone.
- Financially-motivated APT groups e.g., the REvil, DarkSide and BlackMatter groups that have terrorized businesses since August 2020. These groups deploy ransomware in an attempt to obtain sensitive information from businesses. They don’t mind who they hit, as long as they get paid. In some cases, these types of groups have branched out into Ransomware-as-a-Service (RaaS), where they sell their malware to other attackers. RaaS providers don’t care who they sell the malware to and don’t know who their customers are going to attack. Again, all they care about is getting paid.
- NOTE: Some countries such as North Korea and Iran have financially motivated attack groups to get more money for their cyber operations.
Another type of attack that can hit any business and any operating system is phishing attacks, one of the most common tactics used by cybercriminals. A phishing attack involves the use of unsolicited communication (usually by email) where the attacker disguises themself as a trustworthy entity in order to gain sensitive information such as usernames and passwords. Phishing and BECs (business email compromise) are also still used today for fraud attacks, costing upwards of $4B last year alone reported to the FBI.
In a recent phishing attack directed at one of our clients (and described in detail in this blog post), the attacker sent an email from what appeared to be an official Microsoft address but containing a link leading to a phishing site. Fortunately, the employee who received the email noticed that something felt “off” and didn’t click on the link. It could have ended badly for this company. Furthermore, this type of attack could easily have been directed at any company that uses Microsoft.
Versatility is key to good cybersecurity
Obviously, not having a security operations center (SOC) services provider will leave you the most exposed to cybercrime.
However, another common mistake made by businesses is to select cybersecurity companies that are too focused on certain types of protection (e.g. malware, endpoint protection) or certain industries (e.g. finance, healthcare).
As we have shown above, cybercriminals are versatile, so your cybersecurity provider needs to be versatile as well.
Versatility comes from diversity of experience. SOC services providers that work with businesses in different types of industries will have seen all types of cyber-attacks. This reduces their tunnel vision, putting them in a strong position to recognize when the next cyber-attack occurs – and to respond accordingly.
In a certain way, your business is like your car. Cars can break down for any number of reasons, including the engine, gearbox, battery, tires, and brakes. When you take car to be serviced, you want a mechanic who knows how to identify all the potential problems. That means having a mechanic who has dealt with all sorts of cars and seen all sorts of car problems. If your mechanic has only ever dealt with engine faults, then they’ll be great at spotting engine faults but lousy at spotting problems with other components of your vehicle.
The same goes for cybersecurity. The more types of attacks your provider has dealt with, and the more experience they have dealing with different types of attacks, the better their ability to connect the dots and detect the next attack. In other words, when your cybersecurity company has breadth of experience and diversity of experience, you get better protection.