When we talk to small businesses, we quite often hear a variation of: why should we care about security, we are small and not really interesting, I don’t think there is anybody out there who wants to attack our computers.
This is how we estimate risk of various threats in real life. If we have a house and think about burglars, we will probably start with the location, what our neighbours are like, whether our house looks more posh than others. We may then look at crime statistics and figure out that the chance of our house being burgled is quite low or that we should rather install a security system. One can also assume that the house insurance premiums will be lower if we put better locks on all doors.
We have had a long time to learn to estimate this kind of threats and we are quite good at that. There is a lot of experience, data and statistics that we can use. The question is whether the same thought process can be used for computer threats.
The short answer is NO. The reason for this NO is because you will be attacked not because of WHO you are but WHAT software and systems you are using. There are exceptions of course, and you may become interesting enough for someone to attack YOU directly. If this happens, you are in big trouble.
If you can access the internet from your computer, it will be very quickly fingerprinted, and tested for one of the recent vulnerabilities. It sometimes happen that patching a computer takes so long that it gets hacked more quickly. If you expect to see anything on your screen, you will not. Attacks are quiet and the only “visual” effect would be that your computer will flash as a new entry at a virus command&control centre, possibly on the other side of the world.
Internet attacks are widespread and persistent. Attacks are automated but also more and more sophisticated. Once a computer anywhere in the world is taken over, it will be used to attack other computers.
That is why you should think security. Not because you are a small accounting, or engineering, or other company but because you use Windows or MS Exchange, or Linux, or Internet Explorer or Chrome, or …