Why some information may be valuable to cyber-criminals is not always immediately clear. The motives behind targeting some organizations and precisely what data hackers may have been attempting to breach can be hard to pin point, making cyber-crime a seemingly random and unpredictable event.
This seemed to be the case earlier this year when hackers penetrated the computer systems of at least 7 of Canada’s leading law agencies, including some large Bay Street firms, and the Canadian government. Initially believed to be a series of random individual attacks with the precise data targets unknown, the attacks were later reveled to be part of a sophisticated, coordinated effort by Chinese hackers attempting to get information on the $38 billion corporate take over of Potash Corp. based out of Saskatchewan. Only a few of the attacked firms were directly involved with the Potash bid, the others were targeted as means of covering up what information precisely the hackers were after.
“At first, no one investigating the Potash cyber-attacks connected the dots between the widespread attack on the government and similar invasions of the law firms and other companies”, said a leading-cyber crime expert brought in to investigate the attacks told CBC news, “nobody knew the severity of the issue or what was happening. They were just noticing that they had a problem.”
By the end of the attack, the hackers had successfully penetrated the systems of many of the largest Canadian law firms and the Canadian government through targeted ‘spear-phishing’ techniques, where emails addressed from senior level officials infected computer networks with a mal-ware virus when opened. It was not until later this year that a cyber-crime investigator revealed that the attacks were very sophisticated and highly targeted, connected events.
Regardless of the kind of information an organization possesses, the sheer nature of cyber-crime make it imperative to protect your online data. Although you may feel as though you or your organization does not have the kind of information that is valuable to cyber-criminals, the motives of hackers are not always easy to identify and your data may still be at risk; leaving it unsecured can make it all more attractive to hackers.