BreachExchange mailing list archives
Small firms ‘easy prey for cyber criminals’
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 20 Nov 2013 01:28:57 -0700
http://www.bdlive.co.za/business/technology/2013/11/18/small-firms-easy-prey-for-cyber-criminals Millions of small businesses with fewer than 20 employees, ranging from dental surgeries, financial advisers, independent legal counsellors, information technology consulting firms, and other companies, are neglecting the security of their information technology (IT) equipment and putting their customers, and the future of their business, at risk, according to a report by international software security group Kaspersky Lab. Kaspersky and Verizon’s 2013 Data Breach Investigations Report, which includes data from global forensic probes, found that of the 621 data breaches analysed, 193 occurred at companies with 100 or fewer staff. Advances in technology across industries are yielding significant opportunities for cyber criminals, says consulting firm KPMG. Paul Orffer, a senior manager risk advisory at Deloitte, says company behaviour needs to change as technology on its own cannot protect against all forms of cyber-attacks. In fact, the security techniques companies adopt need to be reviewed if they are to protect themselves more effectively than in the past. "Social media has certainly contributed to raising awareness around hacks and security loopholes, resulting in more people being vigilant both in their personal lives and at work," he says. One of the targeted sectors is financial services, where cyber crime has become the second-most frequent type of economic crime being experienced by companies in the sector, according to PwC. Although financial institutions benefit from regulatory requirements and industry regulations designed to safeguard customer data, small financial service providers are hindered by limited budgets and lack of expertise when protecting customers’ information, Kaspersky says. These businesses are obvious targets for cyber criminals that seek to steal the stored credit card information, credentials, and bank account details of customers. "For any growing company, successfully earning the account of a well-known business is a milestone in its growth. For small financial service providers, managing the taxes of a local grocery store or helping process payrolls for local charities is a sign of growth, and many will list their clients on their websites. But for cyber criminals, this can be an opportunity to attack the smaller business as a way to gain access to the larger clients," Kaspersky says. The healthcare sector is also under threat and any security breach within the sector could damage the trust patients have in their healthcare practitioners. Healthcare records have become increasingly digital and records can easily make their way onto laptops and mobile devices such as smartphones and tablets. According to Kaspersky, a study released last year by the Ponemon Institute revealed 94% of hospitals in the US had experienced at least one data breach in the previous two years. But cyber criminals are not interested in reports on patient blood pressure or medication, but after patient’s personal details such as billing, says Kaspersky. "The report found the information stolen largely consisted of patient billing and insurance records. Identity theft, again for the purposes of stealing money, was a common outcome," it says. Despite popular belief, Mr Orffer says South African infrastructure is often on a first-world level when it comes to cyber security. But as a result of the booming mobile landscape, there is still a lack of security awareness from a large number of end users. "And while the country is not more of a target than anywhere else in the world, this lack of awareness is seen to make citizens easy pickings. That is not to say attacks could not come from inside Africa. The rise in ‘hacktivism’ sees countries and organisations being targeted for their socioeconomic and political viewpoints." Mr Orffer says most of the attacks on companies seem to be happening "through social engineering on employees". "This is where the greatest risk is for South Africa. The high proportion of an ill-informed user base that is linked to global networks could see us being used as a hop for attacks on other countries or companies," he says. For small healthcare and financial service providers, Kaspersky recommends using a limited number of mobile devices. While smartphones and tablets may add some convenience and accessibility, they add many new layers of risk.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Small firms ‘easy prey for cyber criminals’ Audrey McNeil (Nov 25)