Quiz Entry - updated: 2026.05.28
Why is "we're not an interesting target" a dangerous assumption?
Because most attacks are opportunistic — the attacker doesn't pick you, they pick whoever is vulnerable.
The opportunistic actor doesn't care who you are. They scan broadly for exploitable weaknesses (an exposed service, a missing patch, a server without MFA) and hit whatever they find. You don't need to be a bank or a government to be worth attacking — you just need to be reachable and weak.
Why every organisation is a target:
- Your computing power is useful (botnet, crypto-mining)
- Your data has resale value (or extortion value)
- You may be a stepping-stone to a bigger partner (supply-chain attacks)
Tip: Reframe it: attackers aren't looking for interesting targets, they're looking for easy ones. "Not interesting" is irrelevant; "not an easy target" is the goal.