Most of you stay in tune with current events and read about all types of cybercrimes and events. The media is full of articles ranging from the theft of financial, health, and personal information from large corporations to nation states such as Russia attempting to influence our national election through cyber intervention. So it’s easy to sit back and think they are just after the “big guys” and therefore you are safe. WRONG! WRONG! WRONG! That thinking will get you in trouble. Here are two small firm case studies, Case Studies. Read on…
As a small to mid-size company, you most likely do business with a handful of larger firms, which is one of the reasons you are an attractive target to cyber criminals. You are the gateway to their larger targets. SMEs tend to have weaker network security, therefore cyber-criminal enterprises (CCEs) work to pierce your network, obtain information about your clients, and move up the chain to larger firms. This is exactly how the famous breach of Target™ was conducted. The criminals infiltrated the system of an HVAC sub-contractor and obtained Target’s vital system credentials. With these stolen passwords, the actual hack was relatively easy. Note, hackers are persistent and it’s a numbers game. They make numerous attempts to achieve a hack.
Cyber criminals are getting more “professional” and sophisticated every day. The reason for their improved professionalism is basic economics. Street crime is on the decline in most urban areas because the return is low, and the penalties are stiff. Conversely, the return on cyber-crime is extremely high, and the penalties are relatively mild. You can expect cyber-crime to skyrocket in the near future. Think of the Internet and cyber-crime as the Wild Wild West… there are very few sanctions.
Here is something about cyber-crime that blows even my mind. There is a new cloud service called RaaS. That stands for Ransomware as a Service. It is a system platform to support criminal enterprises that use ransomware – a means of demanding payment in exchange for another party’s information that has been stolen or compromised by a hacker. It is far more efficient than ransomware enterprises (the bad guys) developing their own software. Instead, they use one of the RaaS platforms available to them and pay a commission of about 30% to the platform provider. It gets even better than that. The RaaS firm provides technical support, so if your ransomware victim (the good guy) has an issue creating a bitcoin wallet to pay the ransom, he or she can call a support hotline and they will be happy to guide them through the payment process. How nice of them. Now, if you are doubting what you just read, you read it correctly. I wonder if they track customer satisfaction statistics on their customer service representatives. Do you think they send out surveys – “How did I do, on a scale from 1 to 10?”.
You need to be cognizant of the threats to your business. The threat is here and now and is ever growing. The return on investment for a cybercriminal enterprise (CCE) is too great an attraction, and the corresponding penalties for those caught are too mild. Many will never be prosecuted, or even caught. Simply stated, cyber-crime generates a very high return on investment (ROI) with a very low risk, which is hard to resist for the bad guys!
You must be vigilant, defensive, and prepared to respond to an attack on your business in order to be proactive about cyber security. See the four stages of cyber security, Four Stages of Cyber. Firms that are better prepared, are better positioned to recover from an attack. I wonder, do they have an 800 number?
Domain Technology Group, Inc. is hosting a lunch and learn on cyber security and the dangers of cyber- crime on May 25 in Philadelphia. You and your colleagues are welcome to attend. To learn more on the subject, Please register on the Domain Cyber Event page, Domain Cyber Event.