“I’m Just a Mid-Sized Company. No Hacker is Going to Attack Me, I’m Not Big Enough”
Or
“No Hacker is Getting Through…I’m Too Smart to Fall for Their Tricks”
Those are just a couple of the excuses we hear often when we suggest extra security measures against hackers and CyberCriminals.
Let’s answer both of those excuses, one at a time.
Excuse #1:
“I’m just a small- to mid-sized company. No hacker is going to attack me, I’m not big enough.”
Many small- to mid-sized companies believe CyberSecurity is a problem only for large high-profile corporations, or those that conduct mainly financial transactions. Or those executives are naive; they think a serious breach never will happen to their system. When in fact, these things are happening all the time. No one talks about it, because they’re embarrassed they were tricked & would rather keep it quiet.
In fact, small and mid-sized businesses may be more vulnerable to attack, because criminals know these businesses do not take substantial preventative measures.
Companies with 250 or fewer employees accounted for 31% of CyberAttacks last year.
Hackers have probably infiltrated many mid-sized businesses already, and the malware sits undetected in their network, incrementally collecting data that shows how to access other systems or stealing proprietary product information.
Part of the problem, is that a controller likely set up the I.T. department, and no data security specialist has been appointed. Or, the “I.T.” person wears too many hats & can’t keep up with the latest malicious code and software patches.
Another part of the problem is that executives may believe that CyberCriminals can’t be stopped, so they are strictly reactive and focus on damage control instead of prevention.
Network entry points for hackers often are the same as for larger, and smaller, companies: passwords that are easy to guess, lost laptops, vendor access, uninstalled security updates and patches, and employees accessing social networking sites (such as Facebook, Twitter, and LinkedIn) on company computers.
Hackers are resourceful, and if they want in, they will keep trying until they find a way. Some of the most resourceful breach points: videoconferencing, networked printers, thermostats (one leading retailer’s attacker gained access to the company through its heating and cooling system vendor). Hackers even once invaded an oil company via an online menu at a nearby Chinese restaurant.
The potential ramifications of CyberHacks for small- to mid-sized companies are the same as larger ones – possibility of fines or lawsuits, expense of notifying victimized clients, expense of loss of clients’ confidence, loss of business. However, the small- to mid-sized business will feel the damage more.
According to a 2014 study:
The average cost of a data breach was $5.9 million for all U.S. companies.
The most common causes were malicious or criminal attacks (44%), employee negligence (31%), and system malfunctions (25%).
Still feeling safe?
Excuse #2:
“No Hacker is Getting Through…I’m Too Smart to Fall for Their Tricks”
The Pentagon thought they were too smart to get hacked too…until they got hacked.
The Pentagon has divulged that its computer networks were penetrated by suspected Russian hackers using spear-phishing tactics. The hackers got into their unclassified email network used by the Joint Chiefs of Staff office with approximately 4,000 military and civilian employees. Although the email system hacked was unclassified, emails can be extremely sensitive (especially at the most senior levels of the Pentagon), and offer details into planning, schedules, or personnel.
Andre McGregor, a former cyber special agent at the FBI, who is now the Director of Security at Tanium, a CyberSecurity firm, states:
“If you are able to get all that information from three or four individuals’ emails or communication, you have an entire picture of what’s been worked on the classified side.”
The hackers came in through a spear-phishing attack, in which the attacker crafts an email designed to trick the receiver into opening an attachment that contains malware, or clicking on a link to a compromised website. Once the attack was detected, the Pentagon shut down the computer network, to prevent additional data from leaking.
The Pentagon, Anthem, Sony, Target, and Home Depot all thought they were too smart & too hackproof.
Think You Should Worry Now?
What You Can Do To Prevent CyberHacking?
- Partner with a trusted I.T. firm, to gain relevant advice for your CyberSecurity infrastructure.
- Think twice about obtaining Cyber-Insurance – it often doesn’t cover much.
- Realize that CyberSecurity is a business issue, which should be considered part of your firm’s overall strategy.
- Monitor networks for unusually high traffic volume.
- Work with your financial institution to implement multi-factor authentication and dual controls for financial transactions.
- Strengthen administrative passwords.
- Educate employees about CyberSecurity and what to look for.
- Do not rely on system users – clients or employees – for protection.
Ask About Our “Core Security Solution” Package!
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.
Leave a Reply