Cyber attacks were a constant ticker across the headline news in 2012, making future breaches to businesses of all sizes, more and more likely to be a reality. Even those with significant resources to prevent a breach–larger financial institutions and arms of the government–have been penetrated.
So why then do so many of us feel it will not happen to our business?
Can we hide from the attacks?
- Smaller businesses are no longer able to ‘hide’ from these attacks. Of the targeted attacks documented by Symantec in 2011, more than half were against businesses with fewer than 2,500 employees and 18% with fewer than 250 employees.
- A Verizon Business study shows that 72% of hacker breaches targeted businesses with less than 100 employees.
- National Cyber Security Alliance (NCSA) and Symantec report that small businesses are four times more likely to experience a general malware attack than a large company.
The Cyber “Ticker”
- Late 2012 brought high government alerts of cyber threats to US Banks and other institutions–Wells Fargo, US Bank, JPMorgan Chase, and Bank of America all were plagued with some attack.
- The federal government cautions that attackers are developing the ability to strike US power grids and government systems.
- Cyber criminals threatening your business are not limited to those in your town, state, or even country. Risks emanate from thousands of miles away by faceless predators.
- As technology becomes more sophisticated, so do the the cyber criminals’ methods of attack.
- Email, which has allowed many businesses to operate more efficiently, has also increased their exposure to cyber attacks.
- The Federal Communications Commission (FCC) states that 83% of small businesses do not have a formal cyber security plan to protect against cyber threats.
How are we vulnerable?
Smart Phones & Tablets
- Android devices are the hottest target for cyber criminals.
- More than 70% of smartphones are Androids.
- More than 35,000 malicious Android programs were reported in 2012–6 times that of the previous year.
- Apple has some of the industry’s strongest security features. This has become a double-edged sword as many rely solely on Apple and fail to implement their own safeguards. Can Apple really foresee and protect against weaknesses of all apps which can serve as an entry point for cyber criminal activity? Case in point, in 2012 a bug in Pay Pal’s app allowed a hacker to place malicious code into a stolen iPhone, allowing the retrieval of all login information that a user entered. Examples like this challenge the common misconception that Apple devices are impenetrable to cyber attacks.
Mobile Malware
- More malicious software, which is used to gain access to or disrupt your system, was reported in 2012 than in the prior 7 years combined.
- It is anticipated that 2013 will bring the first “worm” spreading through text messages.
- Europe suffered the first large scale attack on financial accounts via mobile phones. ‘Eurograbber’ stole more than 36 million euros out of 30,000 European bank accounts. When will the US attack be attempted?
Targeted Attacks
Attacks continue on random individuals but there has also been an increase in those aimed directly at certain organizations or executives.
CEOs, management, sales, and marketing individuals are increasingly targeted to gain access to business information via their personal devices.
Do your procedures stipulate tight controls on password protection of all devices?
Ransom Malware
- More sophisticated, undetectable, and untraceable malware is anticipated.
- Criminals stealing data–contacts, notes, pictures, etc.–and holding it for ransom is on the rise. It is usually difficult if not impossible to reverse their actions.
- Non-profits and foundations are a particularly ‘sweet’ target due to wealthy donor data that can be accessed.
Intercepting Text Messages
Malware used to eavesdrop on incoming text messages is on the rise. These programs intercept and forward text messages to other numbers or servers in search of valuable data to exploit. At particular risk are mobile transaction authentication numbers which allow access to your financial accounts.
Hactivism
Political activists have begun hacking into data bases to access contacts or media outlets to make political or social points. Similarly, rogue employees (past or present) or anonymous parties could do the same with the intent to negatively impact business operations and/or reputation.
Cloud Attacks – ‘Hyper Jacking’
With the ever increasing amount of information that businesses are expected to retain, “cloud” computing has become a popular solution to meet these storage requirements. As hackers break into “clouds”, they no longer are winning the information of one business but rather thousands of people’s private information could be obtained in one hit.
Interested in learning more on how a Cyber Liability policy can help your business survive a cyber attack? If so, contact us for a review on strategies that will help keep your business safe.
For resources on how to implement proper data privacy policies, visit:
www.business.ftc.gov/privacy-and-security
www.staysafeonline.org/stay-safe-online/resources
