Congress recently authorized an additional seven years of identity theft protection for the victims of the OPM breach. This is because the victims of the breach are likely to be targeted for many kinds of attacks beyond identity theft. The congressional focus on this shows how important and dangerous targeted attacks can be.
Many people feel that they are unlikely to be a target of hackers because they are not important or valuable enough. The reality is very different. It is very likely that they have access to systems with valuable data, or can provide a path to those systems. Consider the hack of Target’s point of sales terminals. The attack was carried out through computers in an HVAC contractor’s network. Those people probably thought that the worst that could happen would be maliciously heating or cooling a client. An attacker could easily discover many vendors for most businesses and launch attacks against these often less defended systems. As the conduit for the attack the business impact on these vendors could be catastrophic.
The reality is that almost everyone has some kind of information or access that could be valuable to an attacker and could make them the individual target of a hacker. It is critical that we all take appropriate precautions and act as though we were being targeted right now.