The truth is that most small companies think that they are “below the radar of the hackers” because the news media spends so much time focusing on large defense contractors, Facebook and other large companies that have data breaches or get hacked. The truth is that small companies are pretty attractive to hackers and a number of research papers put estimates near $10 billion in loss for SMBs in 2010 in the US alone due to computer fraud. Now that’s a pretty big number to ignore. Another glaring example of targeted attacks is that small businesses were twice as likely as individuals to suffer non-credit card fraud. Do I have your attention yet?
One typically successful hacking exploit example is the Zeus banking Trojan that has been used to steal banking login credentials and can be directly linked to millions of dollars of theft. The truth is that most hackers are not targeting small business. Rather, they are developing sophisticated mailing lists scouring the web for personal information and contact information for the people who control the bank accounts and then sending emails or hooking up through Facebook to push Trojans embedded in messages and other tools to those people. It is really a numbers game. Having worked in the security industry and having been paid to launch spearphishing attacks against small bank clients, you would be amazed at how easy it is to get credentials and access even from banking employees.
Start with some real simple rules. Don’t friend people on Facebook you do not know. Do not put all of your email addresses on your website (especially not the person who does your banking). Don’t open email attachments. Be careful about how you use online media like Facebook and how much information you share publicly. The more hackers can find out about you and your business, the more that enlarges your threat surface. Take a look at our checklist and work to improve your overall security. Hackers are looking for low hanging fruit and easy targets. They are inherently lazy and will often just move on when they run into an obstacle that will require time to overcome. There are too many “easy targets” out there. Do not be one of them.
Stay tuned for more information. Go to the Check List for ways to thwart those initial attempts by hackers.