Cybercrime Targeting Small to Mid-sized Businesses

Brian Krebs wrote a very relevant article on the Washington Post‘s Security Fix column yesterday titled “Tighter Security Urged for Businesses Banking Online“.  According to the article, “An industry group representing some of nation’s largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business.”

The article goes on to say, “The alert indicates that the sophistication, stealth, and sheer volume of malicious software being distributed these days is testing the limits of traditional anti-malware protections, such as anti-virus software.”  New Signature agrees with this assessment.  Our experience has shown an increased number of attacks on client networks from any increasingly list of sources.  The most alarming uptick we have seen are targeted attacks against specific clients, often using “spear fishing” techniques to try to gain entry into the corporate network.

The cost of not having the appropriate security policies, procedures, and technology in place can be high.  For example, the article lists several groups that have lost substantial amounts of money through malware related attacks, including Bullitt County, Ky. which lost $415,000; Slack Auto Parts, which suffered about $75,000 in losses; and JM Test Systems that lost almost $100,000.

The increasing prevalence of malware attacks, including targeted attacks, and the real cost associated with these attacks is one of the reasons that New Signature’s technology management teams work closely with our clients to establish, and continually monitor, security policies, procedures and technologies.   Our approach also includes staff education, which is an important element that should not be overlooked.