ITBusiness.ca

Why hackers are targeting small businesses

If you run a small business, and think that none of your data was of interest to a hacker, consider this: what if a hacker could take stolen bank account or credit card information from your computer and package it with the same information from a hundred or a thousand other small businesses? Would it be worth something then?

“SMBs don’t know how defenseless they’ve become, especially to automated and industrialized attack methodologies by organized crime,” Christopher Porter tells PCWorld. Porter, a principal with the Verizon RISK Team, is the author of a new report from Verizon on security risk.

“[Hackers] scan the Internet, looking for remote access services, and then try the default credentials. Once they gain access, they automatically install keyloggers to collect password information [as it’s typed in],” Porter says. “Then they send the information it out via e-mail or by uploading it to an FTP server or a web site. They aggregate the data and sell it on the black market.”

Related Stories

A multi-layered security for your small business
– Botnets – The hacker’s backdoor to your network
Security in the cloud is all about visibility and control

Hackers could use the keylogger to figure out how access and drain a small business’ bank account, but more commonly, Porter said, they’ll target point-of-sale systems, as four Romanians did recently. “That kind of attack is increasing, because they’re low-risk and low-cost attacks for organized crime.” Because they’re geographically widespread, it’s hard for any one police department to follow up.

But if small businesses are increasingly vulnerable, Porter characterized the tactics they should employ in response as “quite simple.

If you have a point-of-sale system, make sure to change the password from the default it came with. It shouldn’t be microsmicros or alohaaloha,” citing two common POS systems. “The problem is that when small businesses think about their POS system, they worry about whether it’s going to be available when they sell the shirt or charge for the burger,” Porter says. “They’re not worried about confidentiality. They’re worried about margins.”

The fifth-annual Verizon 2012 Data Breach Investigations Report, produced in conjunction with the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service, and the London Metropolitan Police’s cybercrime unit, reveals 79 cent of attacks represented in the report were opportunistic.

Of all the attacks the report studied, it found 96 per cent were not difficult to achieve and 97 per cent were avoidable, “without the need for organizations to resort to difficult or expensive countermeasures.”

[Download the full report.]

What does the Verizon report recommend small businesses do? The report cites three simple things:

In addition, Porter recommends some other simple steps:

Porter stresses that, in most cases, these infiltrations are targets of opportunity. If small business follows the simple procedures outlined, they’re less likely to be targeted. “The criminals will pass right by you.”

Exit mobile version