Home page logo

dataloss logo Data Loss mailing list archives

Why Your Business Might Be a Perfect Target for Hackers
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 26 Nov 2013 22:49:40 -0700


For many years, the average American small business was an unlikely target
for a sophisticated cyberattack. Fewer financial resources and a relatively
unknown brand worked in your favor to ward off hackers. Not anymore.

The dam has broken for small companies when it comes to security. Jeremy
Grant, an adviser at the Department of Commerce’s National Institute of
Standards and Technology, says in the past two years he has seen "a
relatively sharp increase in hackers and adversaries targeting small

According to the security company Symantec, cyberattacks on small
businesses rose 300 percent in 2012 from the previous year.

Smaller companies are attractive because they tend to have weaker online
security. They’re also doing more business than ever online via cloud
services that don’t use strong encryption technology. To a hacker, that
translates into reams of sensitive data behind a door with an easy lock to
pick. If you have any Fortune 500 companies as customers, you’re an even
more enticing target--you’re an entry point.

Worse, the laws safeguarding commercial bank accounts aren’t as strong as
those for personal accounts. Banks won’t always reimburse businesses whose
accounts get hacked, especially if a bank can prove its security meets
federal guidelines, but the business’s isn’t up to snuff. (Individuals
aren’t expected to have strong security in place.)

Patco Construction, based in Sanford, Maine, learned this the hard way when
hackers siphoned $588,000 from its bank account in 2009 and its bank
refused to reimburse the full amount. Patco sued the bank and finally won
after two appeals. The court ruled that despite the bank’s security, it
should have caught the suspicious transactions.

So what can you do about the growing threat of hackers? First, put in place
the best tech barriers you can afford, like a cloud-based security app.
Then patch your biggest vulnerability: your people, says Chris Hadnagy,
founder of security training firm Social-Engineer.

Teach employees not just to devise smarter passwords and spot sketchy
emails but also to think critically about their online actions. "If you
just want people to follow the rules--don’t think, just do--you create an
easy environment for [hackers]," he says.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.

  By Date           By Thread  

Current thread:
  • Why Your Business Might Be a Perfect Target for Hackers Audrey McNeil (Dec 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]