You ARE The Target
“I’m not an executive or celebrity, nobody wants to hack me.” Yes, they do. Full stop. To spin off the wise words of Taylor Swift, hackers gonna hack. Let’s have a quick chat about why you are valuable to malicious actors and how you can keep yourself protected.
Return on Investment
Back in the olden days (2010s) if your device was infected with ransomware, it was as good as gone. Of course, you care about your files, but are they worth 10 Bitcoin, or around $20,000? Probably not. But would you pay $80? Most likely. Ransomware groups now pride themselves on their customer service! By going after everyone, they can maximize their ROI.
Who Do You Know?
Many of us know the scam (borderline hack) that involves an app that asks for access to your contacts, and then sends messages to all your contacts “someone mentioned you on ___.” Similarly, even if hackers don’t necessarily care about your data, you may have a connection to someone with very valuable information. In a corporate sense, you may think you’re not a target if you’re not in a leadership role. As a result, executives have high levels of security and protection, but some individual contributors may not have the same level of policies in place. So a hacker can take over your account and send an internal email to the CEO and the CEO has no reason to believe it’s fake because they’re not spoofing anyone’s email.
What Do You Have?
You may not know just how valuable you are, and I’m not just talking about your strong work ethic and quality results J. You may have access to internal applications that you don’t even know exist, but a bad actor does. There is nothing you can do on your end, aside from telling an administrator if you believe you shouldn’t have access to something.
On the same topic, you may have access to external vendors that hackers view as valuable. Do you email your account reps or have an account with an external financial system? Just like the previous example, you have already established a relationship of trust with these external entities and a bad actor can use that as a jumping off point to gain access to a big fish.
Power in Numbers
It’s simple math – the more accounts in a data breach, the more valuable the breach is to both hackers and companies. Not to burst your bubble, but your data is not worth as much as you think it is (this is your cue to quickly take a guess!).
A recent Twitter data breach exposed 5.4 million accounts’ email address, phone numbers, other PII, and removed their anonymity was listed for sale at… $30,000! Some quick math shows that one account is worth $0.0056. You’re worth more than that! Want an easy way to up your value? Don’t reuse passwords and change them frequently (or use a password service like LastPass or 1Password. Even better, implement passwordless with YubiKey).
Hopefully these scenarios show you why you are a target for hackers and give you a few examples of small steps to protect yourself. As always, multi-factor authentication or passwordless are easy ways to make yourself significantly more secure. Stay up to date on cyber risks by following me on Twitter to know what the newest strategies that malicious actors are using against you.