A new blog post by Symantec's Kevin Haley was brought to my attention recently, where he identified some areas in which cyber criminals can put businesses, well, out of business. I shall run through some of these areas shortly, but what really spoke to me in that blog entry was how Haley clearly demarcates the security situation between what he terms "hunters" and "gatherers."
Hunters, Haley explains, are those who play the "big game," which involves putting together sophisticated attacks targeted at big players. Industry espionage the likes of those successfully conducted against Google and the high-profile 2007 cyber attacks against Estonia are some examples of hunters that come to my mind.
With national agendas or valuable trade secrets at stake, hunters enter the field backed by a dazzling array of resources, incredible talent and the singular goal of cracking into a specific network, whether it belongs to the enterprise or government. And this would be where SMBs seek solace that such targeted attacks will never materialize against the unattractive targets their resource-strapped networks represent. While SMBs are not completely wrong in this rationalization, it certainly does not mean that they can ignore security either.
You see, the majority of cyber criminals are actually gatherers, and are unlikely to possess advanced computer skills. Basically, most of these criminals acquire the toolkits they require on the underground market or deploy existing malware that they've reconfigured or modified slightly. They then cast out their illicit hooks as widely as they can to gather information (passwords, e-mail addresses) and other resources that can be sold for a profit.
Due to the low barrier of entry-all it takes is a toolkit-there are many gatherers. As you can imagine, those who get snared are individuals or businesses that fail to take security seriously by implementing some basic defenses against it. As you can imagine, SMBs need to discard the notion that they are safe from hackers due to their size and start paying more attention to security.
Haley offered the below vectors by which hackers can bring down businesses.
Banking Fraud: Banking toolkits exist that will collect login and password information through various methods such as keylogging. SMBs are especially vulnerable since they tend to have much more money in their bank than individual customers, yet have fewer safeguards than a normal individual would typically employ.
Theft of Intellectual Property and Customer Information: These days, it's practically impossible for a healthy business not to maintain data such as customer databases or information pertaining to proprietary products and company financial transactions in a digital format. Lost revenues or direct financial costs could result from security breaches involving the loss of such important data.
Tarnishing of Brand Reputation: On top of banking fraud or theft of corporate data, stolen passwords to social-networking sites can also be exploited by hackers. This might range from advertising their wares on your Facebook or Twitter accounts, or worse, to misdirecting your followers to malware-laden sites. This would certainly lead to a tarnishing of brand reputation, to say the least.