I came across this interesting Q&A with an FBI agent who played a pivotal role in busting a transnational cybercrime outfit. Agent J. Keith Mularski spent two years infiltrating an underground Internet forum used to facilitate the buying and selling of stolen credit card data for identity fraud, which led to 60 arrests around the world.
While the article was interesting enough purely in terms of how the investigation took place, I feel that the interview really crystallizes the notion that SMBs need to be more proactive than ever in terms of how they approach IT security.
A couple of thoughts struck me upon reading the article.
Exploits and botnets are more sophisticated than ever
Mularski noted how security attacks are more sophisticated than ever. A case in point: The majority of botnets in the past were coordinated from IRC channels, which is considered to be fairly simple, if not downright primitive. I think any fairly savvy administrator would be able to find and eliminate any such infected machines on the network relatively quickly.
Unfortunately, the situation has changed dramatically. At the moment, botnets such as the Storm worm are much more sophisticated and operate via peer-to-peer networks. Throw in some protocol obfuscation or data encryption, and it is easy to see why it becomes extraordinarily hard to track down and locate infected terminals, much less identifying and eliminating the command and control servers.
All about the money
Remember the Web defacement attacks of yesteryear? Well, rather than the stereotyped "18-year-old pimply faced kid" in his dorm committing cybercrimes these days, such attacks have passed into the domain of organized crime groups. And instead of petty demonstrations of hacking skills, the primary driving motivation for these crime groups is profit.
When it comes to stealing the credit card numbers of your customers or making off with a copy of your human resource database, your small and medium-sized business is as fair game as any. In fact, I think it would arguable be easier to infiltrate an SMB than an enterprise with its dedicated security personnel and independent security audits.
SMBs need to stop thinking that all security entails is the presence of an antivirus application and corporate firewall. In truth, these are simply tools to reduce the probability of security incidences, and not the solutions per se.
And rather than relegating the idea of implementing computer security as yet another unnecessary chore, it is time for small and medium businesses to wake up and think hard about this.