Small & Medium Businesses targeted by cyber-attacks

Apr 10 2013

11406985424_457c44045fThroughout history, unfortunately war has been a constant. Countries have fought for resources, land, political position, and it goes on and on. There have been many attempts to shape the rules of engagement. Whether it’s banning the use of certain weapons, or outlining ways to protect innocent civilians, there are many ways that detail how war works.

But there’s a new battlefield forming – one we cannot see and we have yet to truly regulate. It’s a digital war and the combatants are many. Worse, countless people and organizations do not realize they’re the target in this new war. For the purposes of this post, we’re going to set aside the personal effects (identity fraud, stolen credit card details, etc.) as well as the fear surrounding our national infrastructure (foreign powers with the capability to take down our electrical grid and more) and focus on one aspect of this war – attacks on small and medium business.

These organizations are the heartbeat of our nation. They are vital to our economic health, the definitive leaders in innovation and the targets of relentless waves of cyber-attacks.

There’s a new story, a new breach, a new victim every time you turn around. Just type “cyber-crime” into Google News and count the hits. Yet 86 percent of small businesses still believe they’re safe. And nearly as many of them have inadequate plans for protection.

If you look at the SMB victims, it’s a bleak picture: 60 percent of them will close within 6 months, unable to recoup their losses and cope with the damage. Nearly all of them will not realize they have been hacked for 15 months.

The game is changing: hackers are no longer nerdy teenagers sitting in their mom’s basement scamming people while they chow down on pizza pockets. The real criminals now are much more prepared with fully-funded and sometimes government-sponsored initiatives. The new trends in cyber-crime are transforming what used to be little hacks and cyber-attacks, into an all-out cyber war.

“Computers have turned into the new weapon of choice when it comes to industrial espionage,” says Alana Maurushat, academic co-director of the Cyberspace Law and Policy Centre at the University of New South Wales.

These hackers’ goals are unique: some want to learn private information (i.e. the Chinese targeting the New York Times and the Wall Street Journal to discover their sources for an unflattering story), others want to siphon your valuable ideas to get ahead without making similar R&D investments, still others are interested in initiating ‘denials of service’ for organizations with initiatives they to do not condone.

Going back to more traditional warfare, if your organization’s physical building was bombed or, more realistically, if it was shot or attacked, you would certainly report that to local authorities. Undoubtedly you would take the appropriate steps to repair or rebuild and add new security measures to prevent a repeat of that incident.

But if you’re the victim of a cyber-attack, what do you do? What is the standard procedure? Keep in mind, the hacker(s) could be anywhere in the world. Whose jurisdiction does this fall into? Do you report this to the local police, the FBI (and/or a foreign country’s equivalent?), a cyber-crime investigations unit? (Hint: do all three and you’ll likely also want to hire legal counsel as well to determine your reporting obligations.)

The even bigger question is how you will afford to do all this. With R&D stolen or customer information compromised, how can a business maintain profitability and also find the resources to take the appropriate action? More often than not, the answer is they can’t. This is why so many hacked SMBs go out of business. The real solution to this growing problem is to get proactive.

Now is the time for the SMBs of America to sit down and ask some tough questions. The CXOs, presidents, board members and other asset owners all need to look each other in the eye, determine what is invaluable to their company, and take steps to protect it. Make data security a real focus during your executive meetings and show a vested interest.

If you don’t know where to begin, start by engaging an outside source with the expertise you need – and feel free to post questions in the comments below.

Image (cc) perspec-photo88 via Flickr

Leave a Reply