Blaming the victim is easy to occur, but the culprits are the criminals, not the victim.

CYBERS 11.10.2023

In Estonia, about 200-300 impactful cyber incidents are registered every month. Unfortunately, there is insufficient public or internal discussion about them.

Jürgen Erm | CEO of CYBERS

There are often multiple (sometimes conflicting) reasons for either discussing or not discussing cyberattacks. At times, it is strategically important not to give cybercriminals a platform, but more often, victims feel ashamed or fear damage to their reputation.Blaming the victim is a common pitfall in cybersecurity – outdated software, unchanging passwords, improper security protocols, or carelessness. While these are all crucial aspects, the culprits are the malicious cybercriminals, not the victims. Admitting to falling victim can be challenging, but in most cases, the benefits of open disclosure outweigh the harm.

The most significant advantage of open discussion is the increase in general awareness and the prevention of future attacks. Understanding what happened and its causes helps individuals and organizations to assess risks. For businesses, the more tangible benefit is a reputable image in the eyes of customers, partners, and employees. Acknowledging the victimization and showing the measures taken enhances the credibility of any organization.

Undoubtedly, there are cases where discussing a cyberattack may be the attackers’ intention. For instance, many distributed denial-of-service (DDoS) attacks against Estonian companies and public services originate from Russia. The aggressor’s interest is simply to show that attacks are happening, thereby raising the general level of fear in society. However, in such cases, these are typically simple and crude attacks that do not have extensive or long-lasting effects. Usually, these cybercriminals leave some distinctive mark, hoping to be mentioned somewhere. In such situations, my recommendation is to be concise – it happened, we dealt with it, and we emerged as winners.

If companies fear damage to their reputation, a similar trend exists in cyberattacks against individuals. For example, individuals who have fallen victim to romance scams or investment fraud often hesitate to confide in their loved ones out of fear of being labeled as “gullible.” Again, the victim is NOT at fault; the blame lies with the malicious cybercriminals. It is worth talking about the attack or even suspicion – it allows for timely assistance, raises general awareness, and, in the best-case scenario, helps fellow citizens avoid falling victim to a similar attack.

Of course, the most critical aspect is the prevention of attacks and creating an unfavorable environment for cybercriminals. However, it is understandable that smaller businesses may lack the resources for proactive cybersecurity measures or may not even consider it until a crisis arises. Upon discovering an attack, immediate response and swift notification of all affected parties are paramount. However, one of the most important things is discussing what happened. This helps both oneself and others better avoid future attacks.


Article first published here: ITnews



Latest blog posts


Major milestone in cybersecurity: CYBERS integrated into NEVERHACK’s ecosystem

Press release: CYBERS joins NEVERHACK SAS, a leading European cybersecurity group, to enhance its market position, expand reach, and offer added value to its clients.

Keep reading

Strategic Merger Unites CYBERS and NEVERHACK: A New Dawn in cybersecurity

CYBERS and NEVERHACK Merger: A Game-Changing Alliance in cybersecurity

Keep reading

Securing the future: uniting service design and cybersecurity for digital excellence

Explore the fusion of service design and cybersecurity in our latest blog post, inspired by KüberCAST’s enlightening episode with Andres Kostiv. Learn how this integration not only enhances digital service innovation but also fortifies user trust and safety in the evolving digital landscape.

Keep reading