TCM Security is offering free Active Directory Health Checks to any company with 10 or more employees. To inquire, please contact us.

While creating a defensive plan against cyber-attacks, knowing your adversary is paramount. Often after the shock has worn off from a breach, the affected company will ask themselves, “Why us?”. It’s a valid question that organizations should ask before an incident occurs to better prepare themselves. There are many reasons why an attacker may choose your organization, and below I’ve captured some of the more common causes.


These attacks are typically based on a unique opportunity that makes your organization an easier target than others. Usually, these items are in an organization’s circle of influence, and your organization can take steps to reduce those types of attacks.

  • Technology stack

Attackers use tools such as search engines (Google, Shodan.io) and job boards to map specific technology use that has experienced recent vulnerability disclosures. Attackers often count on misconfigured technology stacks that provide attackers an opportunity to try weak or default credentials to gain additional access.

  • Public information disclosures

Credential disclosures are commonly shared on the internet and within hacker communities. Employees often reuse their work passwords on outside services that experience a breach, making for easy credential stuffing attacks. Services such as haveibeenpwned.com allow organizations to effortlessly discover when credentials containing their domain have leaked due to a cyber attack.

  • Phishing

Many phishing campaigns permutate domains from lists or crawl websites from the internet in some fashion. If an employee falls victim to a phishing attack, they take advantage of this newly gained access. If not, then they continue to the next potential target.


These attacks are directed at the organization itself and often include detailed research and recognizance. Traditionally attackers will utilize opportunistic attacks for quick access but depending on the situation, they may need to develop more sophisticated attacks.

  • Industry Type

Often, the type of industry that the organization is a part of will draw specific attention, such as financial institutions, government entities, and industrial companies. The attacker is looking for a particular asset that the entity possesses, or perhaps there’s a controversial issue that spawns hacktivism.

  • Target by Proxy

Some organizations that experienced a breach learn that they were simply a stepping stone to leverage a relationship to attack their partner, supplier, or customer.

  • Insider Threat

While not historically thought of as a way of targeting an organization, insider threats such as disgruntled employees or fraud are commonplace and need to be accounted for.

Each organization should be discussing the different ways attackers may try targeting them in the future. In many cases, a quick and easy change could have prevented a drastic and costly security incident.


Penetration testing and consulting services like TCM Security have the ability to test your organization’s security. From your physical security to your internal and external network security, we will access your organization’s security infrastructure to find the vulnerabilities before the bad guys do.