WordFence’s blog posted an excellent article addressing the fallacy that many website owners have that their website isn’t significant enough for hackers to care about and therefore they don’t need to implement all best practice security and disaster recovery measures.
A quick summary of the reasons why attackers make the effort to attack many smaller and seemingly “insignificant” websites include:
- If offers server resources they can use to run other malicious schemes
- It’s connected to the internet and likely has a good reputation (i.e. is not a suspicious platform for malicious activity).
- It may contain user data
- It probably has traffic coming to it
- The site is important to you and therefore there is a chance for the criminal to collect a ransom
- Many websites of smaller businesses and organizations are not implementing proper security and therefore the cost of acquisition to the criminal is low.
Please read the entire article at WordFence.com.