Small Business a favorite Attack Vector

Small businesses are hardly immune to attacks by hackers.

  • The illusion of low attack risks comes from the publicity that only huge corporations get when they are breached, like Target, Sony and Anthem. These are giants, so of course it makes headline news.
  • But when a “ma and pa” business gets attacked, it’s not newsworthy.

11DIf you own a small business, ask yourself just how the mega-giant Target got infiltrated by cybercriminals in the first place. Answer: a ma and pa HVAC vendor of Target’s!

Cybercriminals thrive on the myth that only big companies get attacked. They know that many small outfits have their guards down; have only rudimentary security measures in place. Never assume you know everything that a hacker wants—or doesn’t want.

Think of it this way: Which burglar is more likely to make off like a bandit? One who attempts to infiltrate a palace that has a 10-foot-high stone wall, surrounding a moat that surrounds the palace, with motion sensors everywhere that set off piercing alarms; an army of Dobermans; and a high tower where guards are keeping a lookout?

Or the burglar who tries to break into a small townhome with only a deadbolt and window screens for security? Sure, the palace has millions of dollars worth of wall art alone, but what chances does the burglar have of getting his hands on it? The little townhome just might have some electronics and jewelry he can sell underground.

No business is too small or its niche too narrow to get a hacker’s attention; just like any burglar will notice an open ground floor window in that little townhome at 3 a.m.

  • Never use lack of funds as an excuse to cut corners on security.
  • Share security information with competitors in your niche.
  • Consider the possibility that a cyber attack can be an inside job in your little company—something relatively easy to pull off (e.g., every employee probably knows the direct e-mail to the company owner).
  • Get cyber attack insurance. A halfway-sized cyber attack could cripple any small company and have tangential fallout.

Robert Siciliano CEO of, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Banks Big And Small Targets of Cyber Gangs

Brilliance historically is often expressed in the simplest of technologies, the wheel or the light bulb are perfect examples. Today brilliance is often attributed to advances in technologies that cure illness, solve problems and make life easier.

In the past decade coders, programmers and hackers of all kinds are coming up with the simplest to the most brilliant inventions transforming life as we know it. And unfortunately it’s the criminal hackers that seem to be the smartest in the room.

CIO spoke to how “ZeuS, SpyEyeSunspotOddJobGameover. Villains in the next James Bond movie? No. These are names for sophisticated and dangerous crimeware used by real villains – internationally organized gangs of cyber criminals – to hijack online bank accounts and steal money.”

They further state “The Anti-Phishing Working Group estimates that 45% of all computers are now infected with software designed to steal money.”

When banks began building out their infrastructure to allow for online banking, they didn’t anticipate the thousands of ways in which the bad guy would scheme and come up with brilliant ways to separate banks and their clients from their cash.

A Texas bank sued one of its customers who was hit by an $800,000 online bank theft to determine who is to be held responsible for protecting their online accounts from fraud.

Now the FFIEC has stepped in telling banks to smarten up and enhance their online banking security. Effective this past January banks must use multi layers of security and educate their clients on security risks.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Consumers must protect themselves by updating their devices operating systems critical security patches, antivirus, antispyware, antiphishing and firewall. It is also critical they use a secure, encrypted wireless internet connection.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.