Security operations

Offensive security

Security solutions

Blaming the victim is easy to occur, but the culprits are the criminals, not the victim.

CYBERS 11.10.2023

In Estonia, about 200-300 impactful cyber incidents are registered every month. Unfortunately, there is insufficient public or internal discussion about them.

Jürgen Erm | CEO of CYBERS

There are often multiple (sometimes conflicting) reasons for either discussing or not discussing cyberattacks. At times, it is strategically important not to give cybercriminals a platform, but more often, victims feel ashamed or fear damage to their reputation.Blaming the victim is a common pitfall in cybersecurity – outdated software, unchanging passwords, improper security protocols, or carelessness. While these are all crucial aspects, the culprits are the malicious cybercriminals, not the victims. Admitting to falling victim can be challenging, but in most cases, the benefits of open disclosure outweigh the harm.

The most significant advantage of open discussion is the increase in general awareness and the prevention of future attacks. Understanding what happened and its causes helps individuals and organizations to assess risks. For businesses, the more tangible benefit is a reputable image in the eyes of customers, partners, and employees. Acknowledging the victimization and showing the measures taken enhances the credibility of any organization.

Undoubtedly, there are cases where discussing a cyberattack may be the attackers’ intention. For instance, many distributed denial-of-service (DDoS) attacks against Estonian companies and public services originate from Russia. The aggressor’s interest is simply to show that attacks are happening, thereby raising the general level of fear in society. However, in such cases, these are typically simple and crude attacks that do not have extensive or long-lasting effects. Usually, these cybercriminals leave some distinctive mark, hoping to be mentioned somewhere. In such situations, my recommendation is to be concise – it happened, we dealt with it, and we emerged as winners.

If companies fear damage to their reputation, a similar trend exists in cyberattacks against individuals. For example, individuals who have fallen victim to romance scams or investment fraud often hesitate to confide in their loved ones out of fear of being labeled as “gullible.” Again, the victim is NOT at fault; the blame lies with the malicious cybercriminals. It is worth talking about the attack or even suspicion – it allows for timely assistance, raises general awareness, and, in the best-case scenario, helps fellow citizens avoid falling victim to a similar attack.

Of course, the most critical aspect is the prevention of attacks and creating an unfavorable environment for cybercriminals. However, it is understandable that smaller businesses may lack the resources for proactive cybersecurity measures or may not even consider it until a crisis arises. Upon discovering an attack, immediate response and swift notification of all affected parties are paramount. However, one of the most important things is discussing what happened. This helps both oneself and others better avoid future attacks.

 

Article first published here: ITnews

Share

Keywords

Keywords

Share

Latest blog posts

31.07.2025

Cyber turbulence: why airlines must take cybersecurity as seriously as air safety

The aviation industry is facing an escalating wave of cyber threats that go far beyond flight delays or data leaks. Airlines are now prime targets in modern cyber warfare—critical infrastructure vulnerable to sabotage, espionage, and geopolitical disruption. The July 2025 cyberattack on Aeroflot, which destroyed 7,000 servers and halted dozens of flights, is a stark warning of what’s to come. As digital systems control everything from aircraft operations to passenger data, this article explores why the skies are no longer safe from cyber conflict—and what the industry must do to defend itself.

Keep reading
23.07.2025

Building confidence, not just compliance: how Axinom validated their web application security

In high-trust industries, security is more than a checkbox—it’s a competitive advantage. Learn how Axinom validated the resilience of their DRM platform with NEVERHACK’s Offensive Security team, using deep manual testing to uncover what automation misses. A case study in turning compliance into confidence.

Keep reading
21.01.2025

Cybersecurity in 2025: Challenges and Strategies

Cybersecurity has become a crucial part of business strategy, determining organizations’ ability to protect their digital assets and continue operations during crises. The economic impact of cyberattacks is estimated to reach 1.5% of the global GDP, making 2025 a year of significant challenges and the need for continuous development in defense strategies. This is especially […]

Keep reading
EN ET