The already alarming number of targeted attacks aimed at small to medium sized businesses is on the rise and provides an indication that hackers are devoting resources to what they see as the most vulnerable targets.
Example: Target stores data breach in 2013 and millions of dollars later to settle!
Who, what, when, where and why?
A targeted attack is one that’s tailored to a specific company and in some cases even an industry. This is simply where Mr. What meets Mr. Who. Cyber-criminals A.K.A “hackers” are furnishing customized malware acts to particular vulnerabilities and can use information gathered publicly — or stolen from other companies. All of this can be done simply to create emails containing malicious attachments that have a higher chance of being opened by your employees. The industry calls it Social Engineering; a type of attack that is proving to be successful because it targets your greatest asset yet exposes your greatest vulnerability – your employees. Despite warnings and your IT department’s efforts to increase security, regular awareness training and warning workers away from opening potentially dangerous emails can help lower instances of these hackers getting in to your system.
Hackers are shifting resources toward small companies because they often partner with large businesses in fulfilling major contracts. This is where Mr. Who meets Mr. When & Why. Smaller companies can be the weakest link in the resell, distribution, fulfillment and eCommerce chain. Cyber-criminals can use small businesses to gain information that can used to penetrate the security posture of their larger partners.
Small businesses can improve their security posture by following best practices, such as having a process in place to ensure that all software is up-to-date and patched regularly. Hackers go after known vulnerabilities (say hello to Mr. Where), so having the latest version of an application goes a long way towards protecting your company’s most valuable asset – your data.