From phishing attacks to new and creative malware to infected laptops, cyber-crime is globally growing at an alarming rate. These cyber criminals are not just targeting the blue chip companies and large corporations as the media reports. According to Symantec, 43 percent of cyber-attacks in 2015 targeted small-to-medium sized businesses with around 250 to 500 workers. Experts forecast a continuation of this trend in 2016 with the global cybercrime industry growing to $600 billion a year. The weak cyber security protocols of these businesses make them easy targets. They also offer access to larger corporations and the government who are their clients.
Malware lurks in the background stealing company data such as usernames and passwords. These malware is mostly installed by unsuspecting employees.According to Blue Coat, the average data breach can cost an organization 5.4 million dollars. In April 2016, MetStar, a non-profit organization running 10 hospitals in the Baltimore and Washington area was a victim of SAMSAM ransomware that encrypted sensitive data, requiring them to pay up the amount of 45 Bitcoins (approx. US$ 18,500) for the decryption key. Luckily, the IT department was able to detect the malware and prevent it from spreading further into their internal network.
Because it makes more sense for businesses to utilize available open source software, businesses are exposed to the vulnerabilities in these software. Hackers exploit this by issuing unexpected commands that will bypass logins or firewalls. Failure to look for recent upgrades for the software puts the business at risk since hackers can make use of the vulnerabilities in outdated libraries. The heartbleed bug in OpenSSL that allowed attackers to monitor information passed between a user and a web service is a good example of this.
Widespread adoption of mobile devices as primary computing devices has seen an increase in mobile device threats. The attackers capitalize on vulnerabilities in mobile applications or clone popular and legitimate applications. The aggressive ad libraries enable them to access personal data on the phone or even assess the user’s behavior. In June last year, researchers at NowSecure, a cybersecurity firm, exposed a vulnerability in the Samsung Galaxy phones predictive text software that hackers could exploit through public Wi-Fi and even cell phone networks to spy on the Galaxy phone users. Samsung issued an update to fix this problem.
Threats in Cloud Services
With the increase in popularity in cloud computing due to the security offered, more and more employees are bypassing security protocols set by their IT departments and utilizing services offered by cloud vendors. In March 2016, the Cloud Security Alliance (CSA) released a report that highlighted the top 12 cloud computing threats that employees and businesses face due to poor cloud computing decisions. These include data breaches since the vast amount of data stored makes cloud servers an attractive target, compromised credentials and broken authentication, hacked interfaces and APIs among others.
Stolen Data Aggregation
When data from a single business is stolen, it may not be valued at much. However, when data from a number of businesses is stolen, the value increases exponentially. In June 2014, the chain restaurant P.F Chang was a victim of this kind of attack. Payment information of a number of customers from different restaurant locations was compromised and the stolen credit and debit cards put up for sale on June 9th, 2014. This attack was carried out systematically over the months of March 2014 to May 2014.
Cyberattacks, on both big corporations and small businesses, is on an upward trend. Business owners can therefore not afford to be complacent when it comes to their security. Ensuring the equipment and software is up to date as well as employing the best cyber security practices allows businesses to assure their customers they are safe to do business with them. Talking to security experts and professionals will ensure they get the best security they can afford.