Cyber Security training from QA

Who would hack a hairdresser?

QA Cyber Security Trainer, Graeme Batsman, explains why seemingly valueless targets are frequently hacked.

Graeme Batsman | 5 October 2018


"I'm just a hairdresser - who would ever want to hack me?"


Cyber security professionals like myself get asked variations of this question all the time. It seems common sense that no one would bother to hack a small high street hairdresser with just a handful of staff. However, if you think about the question more deeply, there are many reasons why even small businesses may be hacked. Threat actors vary by company, location, size, type, sector and another important consideration: supply chain.

Automated attacks

A vast number of cyber attacks, from over a decade ago until the present day, are completely automated. Someone sets up a tool, which goes after a WordPress vulnerability and it goes out scanning a massive range of public IP addresses. If you look at any websites access log you will see various attacks, trying to attack software which is not even present. The automated script will get lucky occasionally.

Masking identity / proxy

If you ask the question in the title to an ex-black hat they will tell you one main reason - "to hide my identity when I hack the real target". Instead of using a paid VPN or proxy service, which could be corroborated back to the true IP, you can bounce the attack through many zombie servers. Hack random targets and use SSH tunnelling to confuse so it looks like x company hacked you.


Ransomware has been used to target companies and organisations of all sizes, including the NHS, large American finance firms, sheriff’s departments, and (yes) hairdressers.

Cryptocurrency mining

I have seen this personally going after FTSE 100s website infrastructure.

Banking trojans

Every firm has a bank account. Malware can be used to capture logins and pinch money.

Client records

Can involve spear phishing, phishing, identity theft or the request of phoney invoices to be paid.

Staff records

In addition to the motives above, staff records can be used to find out where someone lives in order to burgle their house.

Supply chain

Imagine the hairdresser offers services to Claridge's hotel - the hackers could gain information on UHNWI clients. Let's look at two quick scenarios to better illustrate the value of hacking a small constituent of a larger supply chain:

  • Aerospace engineering manufacturer - the company supplies Boeing & Airbus (which is not giving much away since they have thousands of suppliers). They make parts for engines and sell them directly. Boeing & Airbus have a massive supply chain and perhaps the company in question has new design plans to steal, or how about the designs to the end part so someone could make it cheaper?
  • Multi-national property management firm - they own property globally and rent out floors and offices. All the properties are known to the public and you cannot remotely steal a building. The main target then is cash, and this company has tonnes of it! They get tonnes of emails requesting money transfer to fictitious suppliers. It only takes a few to get through the spam filter for criminals' payday.


Related Courses

Cyber Security – An Introduction

Digital Cyber Safety

Threat Hunting


Visit for more information on how they can help solve the Cyber Security skills gap.


Graeme Batsman

Graeme Batsman

Cyber Security Technical Consultant

Graeme joined QA in 2017 and has worked in security on and off for 13 years. His last role was as a Senior Technical Security consultant at Capgemini covering public and private sector. From the age of 17 he was running investigations into online scams and phishing. Today his experience is in OSINT and thinking like a hacker to review + tweak settings with a fine tooth comb.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.