Victims of a cyberattack don’t generally act in a way that puts them at risk. Instead, they tend to lack the information necessary to protect themselves.bAccording to Hal Lonas, Chief Technology Officer, Webroot, cybersecurity is really an information problem. At a recent RSA conference, he argued that people wouldn’t click on websites that they knew were bad for them; if their firewall knew that the IP was bad, they wouldn’t accept the incoming connection; if their mobile devices knew that an app was bad, it wouldn’t download and install it. However, he believes that traditional cyberthreat reports and analysis only confuses the average consumer.
This is especially true of small and medium-sized enterprises (SMEs) who read about the indicators of compromise and the tactics, techniques, and procedures employed by hackers but don’t have a way to distill that information into actionable insights. SMEs also have less time and fewer resources. They also don’t have any threat researchers or spare personnel to help secure their business network. This puts SMEs at greater risk for hacking, ransomware, and other cyberattacks.