Online hackers set sights on small and medium-sized businesses

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.biv.com/article/2015/4/online-hackers-set-sights-small-and-medium-sized-b/


When the recent cyberattack on Sony Pictures Entertainment released huge
amounts of internal company data into the public domain, it sent large
corporations scrambling to beef up security in hopes of avoiding being the
next victim of a debilitating public relations nightmare.

Theft from businesses is nothing new; however, theft of data and
information is still a new threat for the average business owner. Public
Safety Canada estimates that over a one-year period as many as 86% of large
Canadian organizations suffer a cyberattack, and the number of attacks has
been growing since 2006.

But while large corporations usually have plenty of money to throw at the
problem, small and medium-sized enterprises (SMEs) aren’t usually as lucky.
Richard Frank is a Simon Fraser University professor based part-time out of
the Surrey campus. He holds PhDs in computing science and criminology, and
his main area of research is computational criminology, cybercrime, hackers
and security issues, such as online terrorism and warfare. Frank said SMEs
are prime targets for internal data breaches and are much more vulnerable
than larger organizations.

“Depending on size, if an SME is small enough, or lax enough about their
security, then they might not even have sufficient internal checks in place
to catch internal attacks. Due to resources available, they will have to
rely more on their employees.”

Criminals can now sell stolen information online, such as credit card
numbers, login passwords for computer servers and malicious software
designed to infiltrate and damage targeted systems. Frank said the average
small business that stores its information electronically needs to realize
its data security is now just as important as putting locks on the doors
and bars on the windows.

“An SME will not have sufficient resources to dedicate to security, so
rather than develop this internally, they should outsource it to the
professionals who do have the expertise to do it properly. If a company
sells widgets, they should focus on selling and supporting. But they could
outsource their store, the browsing of product, the shopping cart, to a
company that has done it properly rather than implementing everything on
their own.”

Frank added that a key  cybercrime issue now is that many smaller hacks go
unnoticed. Statistics are therefore tough to accumulate when the crime goes
unreported.

“With physical goods, if it’s stolen, the evidence is clearly visible: it’s
missing. However, duplicating personal information will not deprive the
owner of that information. So if the theft is done carefully enough, the
owner will not even notice it because their information, credit cards, are
still there. There’s a copy somewhere else, true, but this theft can go
unnoticed until someone uses that information, which could be years down
the road.”

According to the Center for Strategic and International Studies, cybercrime
is estimated to cost the global economy about US$445 billion annually.

Sgt. Laurie White of the RCMP’s Federal Serious and Organized Crime
division said the best way for smaller businesses without dedicated
cybersecurity employees to protect themselves is through education.

“Safety precautions do not necessarily have to be costly,” said White.
“There are many simple ways to protect your business, including training
your staff on counterfeit currency, taking basic security precautions with
debit and credit card transactions and increasing your awareness about the
ever-changing types of Internet scams and frauds.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!