Research Shows Businesses are Prime Targets for Cybercrime

High profile security breaches such as Target, Snapchat, and Neiman Marcus often make headlines. However, research shows that both large and small businesses are targets of cybercrime.

Verizon published a data breach investigations report that looked at 621 confirmed incidents of cybercrime among their customers in the 2012/2013 time frame. Close to half of the cyber attacks occurred at smaller companies with the rest affecting larger firms. While larger firms have the resources to perform penetration testing, code review, and vulnerability testing, smaller firms typically just don’t have those kinds of resources.

Cybercriminals are also using small businesses as pathways to larger companies. Small businesses that are partners or suppliers of large corporations often offer an easy path into the larger company’s network. Attackers frequently design malware that uses the smaller company’s website as bait to break into their larger partner’s SQL database. One technique that is on the rise is ram scraping. Cybercriminals also employ the tactic of “lying in wait.” While many used to attack quickly, they are now more prone to waiting until the moment is right. As an example, waiting until the busiest shopping season.

However, small businesses are not always the stepping stone. They have valuable information as well. They often store customer credit card information (PCI data), intellectual property, and vital data about their own finances.

Don’t become complacent in thinking that you do not have anything a cybercriminal would want. Follow the basic principles of security including technical, physical, and administrative controls. Even basics like using good passwords and updating your anti-virus software shouldn’t be overlooked. Prevention is key. Superior Solutions has a team of professionals trained to recognize vulnerabilities. Let us evaluate your security and lower your chances of becoming a victim. Contact us about your cybersecurity strategy.

This entry was posted in Cyber security, Hacking, IT and Computer Security, Training and Education and tagged , , , , , , . Bookmark the permalink.

Comments are closed.