Cybercriminals Stalking Their Next Small Business Victim
Cyber crime continues to grow, and small businesses are now ranked very high on the target list. Why are hackers attacking smaller companies rather than the larger, more financially secure firms?
The small business is unprotected. Easy to attack the smaller company who does not have the financial resources to justify expensive software to protect their computer systems. The smaller companies are unsuspecting and vulnerable to hackers. The hackers slip in their system, grab the content they want, and they’re out before anyone knows they were there. The ransom note arrives, and for the hackers, it’s a “done deal.” What is left is a “Going Out Of Business” sign because the small businesses rarely have the capital to maintain the payoff required to keep the confidential information from being released.
Statistics revealed an upward climb in hackers and adversaries over the last few years directing their aim at smaller businesses are now identifying these companies as prime targets.
Small businesses who are top targets find it hard to stay one-step ahead of the cybercriminals because:
- Ransomeware popularity grows due to ransom payments from victims
- DIY kits are easily available to launch attacks on unsuspecting small businesses
- Hackers take the files to fuel the ransom demands.
- Cyber-extortion is becoming accepted, expected, and part of the norm.
- Database strikes grab huge, sensitive files all over the world.
Cybercriminals are also:
- Wiping out huge data files
- Database tables are being dropped
- Tampering with database records and encryption
What can cybersecurity professionals do to help keep the smaller companies electronically safe?
- Backup encryption or face a complete wipeout, but downtown is expected to perform backups on a regular basis.
- Install a data auditing and monitoring system that alerts a system breach
- Enabling real-time blocking to prevent an attack.
- Plant data decoys for hackers to trip over when entering the system
- Perform classification scans to identify the storage area of sensitive information
Quite often businesses feel the threat to their company is over-estimated and the chances of their data being hacked are not probable enough to consider the trouble and expense they would have to undergo for adequate protection. There are flaws in Android application models that allow an Android application with the basic permissions to access stored WiFi credentials SSIDs, usernames, etc. to be transferred to a remote server without the event ever being noticed, and would only be important if the receiver had malicious intent. Eavesdropping/Session hijacking on secured WiFi networks can be more damaging than most people realize. Cybercriminals are intelligent creatures leaving nothing to the imagination. Everyone must be cognizant of the capabilities and protect their data no matter how large or small their information may be.
Businesses need to introduce their staff to the possibility of the importance of system security and the issues involved in cybercriminals hacking into their database.
The ransomware and cyber-extortion business are only beginning. It is imperative that companies are starting NOW to protect their data against cyber attacks.
Cybersecurity is a major component of national security. Its significance cannot be overemphasized in the wake of recent events such as the NHS cyber-attack and the Manchester terrorist attack. A national health system can be shut down through a cyber-attack and citizens denied access to essential services. Could allowing more intrusive surveillance and data gathering capacity have enabled state agencies to prevent the terrorist attack?
The debate surrounding online privacy and cybersecurity has been going on for a while. The UK goes to the polls in June, and the issue of online privacy and cybersecurity is drawing differing proposals from the three largest political parties in the game namely the Labour Party, the Conservative Party, and the Liberal Democrats. The big debate revolves around how much online privacy to give up to enable state agencies to take better control of cybersecurity.
The Conservative Party promises to fast-track the enactment of data protection laws that safeguard your online data. It also hopes to draw from the privacy frameworks of offline systems to strengthen online privacy protection. Another bold statement from the Conservatives promises to enhance the safety of children. Social media and other online platforms may be required to erase profiles relating to children when they get older completely.
They also plan on getting service providers to foot part of the online safety bill. This borrows from the online gambling industry where the players support responsible gambling campaigns spearheaded by member organizations. The proposals, however, lack critical details that would enable a comprehensive analysis of the effects on the online business industry. It remains unclear how the party proposes to make the country the safest place online.
The Labour Party promises to support the growth of the online industry. There is an elaborate plan that proposes aggressive marketing of the country as an online investment destination. The policy proposal is unclear on many levels, and it is believed the party would undertake significant reforms to current and proposed digital laws. The position leans towards going to extreme lengths in the interests of cybersecurity, sovereignty and the protection of national assets. It also proposes better cooperation on intelligence and security matters with other European partners.
The Liberal Democrat propose a bigger investment in protecting individual privacy and enabling more user freedom. They propose a reform of the Investigatory Powers Act is overdue. They promise private companies the freedom to offer security products that do not leave backdoors or loopholes that state agencies can exploit for surveillance.
Each proposal provides a clear path but raises implementation questions. The online gambling scene is experiencing a boom with more people getting on board. As an innovative industry that sets the pace for regulation and emerging trends, it is evident that some of the policy frameworks will look to borrow from the online gambling industry.
Just as the online casinos have been able to establish responsible gambling guidelines, the best option may be to let the online providers self-regulate. The digital space is expected to keep growing. There is a need for proactive policy that enables opportunity while ensuring cybersecurity, data protection, and online privacy requirements are balanced between the government and the business community.