You and a friend are camping in the woods. A bear attacks. Who do you have to run faster than?

The bear? Or your friend?

The correct answer for most companies is: both.

This classic security metaphor highlights the need to defend against both opportunistic and targeted attacks.

Running faster than your friend means being more secure than other projects in the crypto space. (Or whatever vertical you're in.) A hungry bear that just wants to eat will eat someone else.

But competing on security is not enough to keep you from being eaten.

What about when the bear decides that it wants you? Specifically, you?

When Kim Jong Un walks into a cubicle farm in Pyongyand and says, "That crypto project. You know the one. Target them. Monday to Friday for the next eighteen months. Your only job is to get. that. camper. Successful hacker gets their favorite relative released from the gulag. Go."

Or if you're not in the crypto space, maybe you have some juicy intellectual property. R&D that only your company possesses.

Or a ransomware gang decides they specifically want your company. Because they don't like your CEO, or the company's politics, or for any million other motives.

Or maybe a geopolitical power struggle puts your company in the crosshairs. Did Ukrainian accounting firm M.E. Doc ever think that Russia would hack them to deliver NotPetya to the world?

Now, I don't know that your company or mine is being targeted right now. There is no way for me to know. But given enough time, every crypto company will eventually be targeted. It's inevitable. A targeted attack by North Korea. The Russian mafia. Or some other bear.

Every company, in fact, will be targeted sooner or later. How long you have until it happens varies from company to company. It's a known unknown. Are you ready?

Because running faster than your friend doesn't help if the bear decides he wants to eat you.