New study reveals the features that make a company most attractive for hackers
The go-to targets for cybercriminals have been revealed, and a private small company from Canada operating in the retail field would definitely be one of them, according to the latest study by NordPass.
In partnership with NordStellar, NordPass evaluated nearly 2,000 data breach incidents worldwide from the past two years, extracting insights on which companies are most likely to experience a cybersecurity breach. Experts ranked companies based on their likelihood for a breach depending on their industry, size, company type, and country of registration. Additionally, company developed a free tool allowing to check if company is exposed to data breach.
“While small retail companies are highly attractive, other profiles are no less appealing for hackers. This analysis helped us illustrate which businesses face higher risks and explain what measures can be taken to avoid them,” says Karolis Arbaciauskas, head of business development at NordPass.
Retail and technology sectors are in the line of fire
Among the data security incidents investigated by experts , most occurred in the retail industry (95 incidents). The second most breached sector is technology, with 56 incidents recorded in the past two years.
The top 10 most attractive industries also include more specific technology-related sectors, such as internet and web services, IT services and consulting, software development, and computer hardware development.
According to Arbaciauskas, these results are rather surprising, given that many think that the technology or IT sectors are less vulnerable and are better equipped against threats online. However, the reality is that hackers see technology firms as an appealing target — even if the company is equipped with high-end IT solutions, human mistakes can still occur. Therefore, companies should choose tools that eliminate possible risks, invest in employee training, and carefully evaluate their cyber preparedness.
Canada ranks among the most affected markets
The study reveals that companies operating in the United States get the most attention from hackers, with almost a quarter of businesses (489) investigated for this research registered there. India (114) and the United Kingdom (73) also got into the top of the list, while Canada (37) ranked in the 6th position. Among the countries in the European Union, Spain and France are more appealing to hackers than others.
“It’s natural that bigger countries are in the spotlight, given that hackers see a lot of opportunities there. However, no country is resilient to cyber threats and this is important to stress. It is up to businesses themselves to ensure their own and their clients’ security online, no matter their address,” says Arbaciauskas.
SMBs aren’t too small for hackers
In terms of company size, hackers seem to prefer small and medium businesses (SMBs). In the past two years, the absolute majority of investigated breached companies had up to 200 employees. Arbaciauskas explains that the problem could simply lie in SMBs underestimating their value to hackers.
“There are targeted attacks, yes, but hackers often go for much broader scope activities, such as credential stuffing, dictionary or rainbow attacks that do not choose their victims. Because of employees’ reused and poor passwords, or downloaded malware, company credentials appear in the leaked credentials’ databases, which gives a chance for hackers to break in. For smaller companies, a data breach is a risk for business closure — financial costs and reputational damage carry significant aftermath effects,” says Arbaciauskas.
Having investigated the company types that fall under the hackers’ radar the most, NordPass concluded that private businesses are targeted most often. As much as 85% of the analyzed data breaches were against such companies.
What should you do if your business profile falls under this study?
According to Arbaciauskas, any organization, no matter its size or type, should be cautious of its cybersecurity. Employing critical tools such as password managers that allow for secure management of company credentials and accesses, or virtual private network (VPN) solutions is a first step towards better resilience against the threats online.
In addition, cybersecurity auditing is helpful to spot weaknesses in a company’s IT infrastructure and prepare resilience strategies. It is also critical to invest in the overall cybersecurity awareness raising among the organization to avoid human mistakes that often lead to serious data breaches.
Methodology
This study was carried out in collaboration with NordStellar, which specializes in researching cybersecurity incidents. The data was analyzed based on factors such as country, industry, business type, company size, and the types of data involved. The study focuses on breaches that occurred between August 31, 2022, and September 1, 2024.