Advertisement

Blog

Cyber Criminals Have Eyes on Your Business, Large or Small

In the world of cybercrime, every company in the electronics industry has something to lose.

The threat of cyberattacks extends well beyond major corporations. Recent incidents suggest hackers are turning up the heat on the supply chain as the networks of larger companies have become increasingly hard to crack. Bottom line: Watch out.

A special report by Kaspersky Lab, an international IT security vendor with 300 million users, cautions small and midsized businesses against complacency since they tend to be used as “stepping stones” when cyber criminals stage attacks against larger enterprises.

This false sense of security may lead to devastating losses if an attack does occur, not only in pure monetary terms — the bill for a single incident amounts to an average of $50,000 for a small to midsized company, according to Global Corporate IT Security Risks, B2B International. Combined with adverse publicity and legal repercussions, you may spend the next few years repairing your company's tarnished reputation.

In essence, one industry analyst says: “It doesn't matter if you're talking about a Fortune 500 Company, or a two-person start-up operating in someone's parents' garage. Everyone has something to lose.”

The threat comes in many shapes, from old-school phishing schemes and drive-by downloads to sophisticated exploitation of company websites and business software. (For an inside perspective of what we're up against, make sure to read a recent piece in the New Yorker about Anonymous, the world's most powerful nongovernmental hacking collective.)

Take the recent example of “Zombie Zero,” a malware designed to target the shipping and logistics industry around the globe. Embedded in scanners used to inventory items being shipped or transported, Zombie Zero automatically attacked the corporate environment as the scanner was attached to a wireless network and put into production. Attempts by the targeted company to install security certificates for network authentication subsequently failed because the devices were too compromised.

The example also showcases the challenges that companies — large and small — face when trying to protect themselves from an enemy that constantly morphs into even more malevolent forms.

David Monahan, research director at Enterprise Management Associates, an industry analyst firm, sums up the problem in an article on Supply Chain 24/7:

The problem with legacy security technologies is that they are not able to adapt to defend against emerging threats in real-time. Today's threat actors are smarter than ever morphing their attacks multiple times to achieve the goal of undermining existing security defenses. The next generation of security solutions must be just as adaptable to counter these modern threats.

So what's a small business owner to do?

As simple as it may seem considering the sophistication of the opponent, educating and raising awareness among your staff about cyber security risks should be a key requirement of any prevention policy. Cyber criminals still largely rely on a naïve public to steal information and passwords.

The security solution itself needs to be comprehensive to provide effective protection. Kaspersky recommends the following features: vulnerability assessment, patch management, application controls, device controls, web controls, zero-day defenses, data encryption, and mobile security with mobile device management.

It sounds like a lot, but is it enough? Is there even such a thing as fool-proof protection against cybercrime? Let's hear your thoughts.

24 comments on “Cyber Criminals Have Eyes on Your Business, Large or Small

  1. Ashu001
    November 4, 2014

    Frank ,

    A very pertinent and Timely post!!!

    As someone who has to keep track of Security Threats for a living;Even I was amazed by how lacksadaical attitudes at most Businesses towards Security remains even today.

    Take the case of the recent Drupal(one of the most popular CMSes) out there-http://www.computerworld.com/article/2841320/drupal-warns-unpatched-users-assume-your-site-was-hacked.html

    &this too-http://www.computerworld.com/article/2834650/drupal-releases-patch-for-serious-sql-injection-flaw.html

     

    It genuinely amazes me how casually consumers take the issue of non-patched systems.This is an issue which is even greater in today's POS and Supply Chain infrastructure.

    Even for Software;so many Consumers are still using really outdated software because it works-XP or even iOS 4 anyone???

    What these companies /consumers don't understand (until they hacked/audited);that using outdated software is one of the easiest ways to let Hackers in today.

    Not just that,you WILL FAIL most Compliance Tests by using out dated Software.

     

    As far as Education is concerned its very much an ongoing process today.

    Regards

    Ashish.

     

  2. Daniel
    November 5, 2014

    “This false sense of security may lead to devastating losses if an attack does occur, not only in pure monetary terms — the bill for a single incident amounts to an average of $50,000 for a small to midsized company, according to Global Corporate IT Security Risks, B2B International.”

    Frank, they are using only some distributor or vendor inventory datas; how this much loss can incur by losing the inventory data!!

  3. Daniel
    November 5, 2014

    “Even for Software;so many Consumers are still using really outdated software because it works-XP or even iOS 4 anyone???”

    Asish, frequent updation of security tools and software are very much necessary to make the system tamperproof.  I won't think hereafter XP is secure, eventhough you installed most updated security software too.

  4. Hailey Lynne McKeefry
    November 5, 2014

    I would add that a multilayered approach that safeguards hardware, software, OS, and mobile devices is critical. Further organizations need to make and enforce security policies, offer regular training for their employees, push these requirements downstream to suppliers, and do regular audits on both their own organization and their partners organizations. It's complicated..and getting more so.

  5. Daniel
    November 11, 2014

    “I would add that a multilayered approach that safeguards hardware, software, OS, and mobile devices is critical. Further organizations need to make and enforce security policies, offer regular training for their employees, push these requirements downstream to suppliers, and do regular audits on both their own organization and their partners organizations. It's complicated..and getting more so.”

    Hailey, eventhough there are many layers of security in place, user education is important. If they are not making use of it perfectly; nothing is useful.

  6. Hailey Lynne McKeefry
    November 18, 2014

    @Jacob, you are totally right. i have seen many studies and something like 80 percent of security problems come from a human being doing something. People can be the problem..and that being said, they also have to be part of the solution.

  7. Daniel
    November 19, 2014

    “you are totally right. i have seen many studies and something like 80 percent of security problems come from a human being doing something. People can be the problem..and that being said, they also have to be part of the solution.”

    Hailey, we are hearing and coming across various security issues for more than a decade; but still its continues in same phase. That's only due to user negligence, so educating them is important like securing the system.  

  8. Ashu001
    November 22, 2014

    Jacob,

    Believe me you are preaching to the choir here with your comments.

    But I am telling how routine folks(who have no interest in Tech) apart from making sure something just works.

    These folks are least bit interested in upgrading their Computers(or Phones) every 2-3 years.

    Its just not possible.

    Why look at other people,I (inspite of being extremely Tech Savvy and someone who uses my Computer all the time);refuse to upgrade it until it absolutely breaks!!!!

    Same goes for my Phones also.

    After all,its my Hard-Earned money on the line here;have to be careful about how I spend it.

     

  9. Ashu001
    November 22, 2014

    Hailey,

    Even if all 100% of Security issues are because of Human faults/mistakes;Does that mean we remove/reduce Human Intervention in the system to Zero?

    Will that definitely reduce Security issues?

    I don't think so.

    Given how all those automated Bots are causing havoc online today(building Smartphone Android Bots as well);I doubt this is the right approach.

    Human intervention is absolutely neccesary to make sure we are on the right track today.

     

  10. ahdand
    November 23, 2014

    @Jacob: Yes I feel its better to invest for the future.

  11. Daniel
    November 23, 2014

    “But I am telling how routine folks(who have no interest in Tech) apart from making sure something just works. These folks are least bit interested in upgrading their Computers(or Phones) every 2-3 years.”

    Asish, it's not necessary that you have to update it manually. While installing itself you can configure for an auto upgradation; so no need of any manual interaction. Most of the non techi peoples prefer this way of updations.

  12. Daniel
    November 23, 2014

    “Yes I feel its better to invest for the future. “

    Nimantha, it's better to be safe for a bright future.

  13. Ashu001
    December 26, 2014

    Nimantha,

    Conservatism is a virtue which seems to have been lost to the vast majority of Entrepreneurs(who have access to virtually riskless Capital) today.

    This is a most unfortunate situation to be in and which promotes unneccesary recklessness.

    And when they default on their debts;they very often take down not just their Employees and their families but Banks also with them.

    Triggering catastrophic Bank Runs and Bank Bailouts in the process.

    This is money which could very well have gone for other more worthwhile causes.

  14. Ashu001
    December 26, 2014

    Jacob,

    I meant upgrading your Phone(and BUying a New one).

    Software Updates are all manual but not most Current Generation Phones can be upgraded effectively enough to the Latest OS,etc.

    Look at the Disaster which Apple had to face when they automatically pushed the latest Buggy version of their OS to all their older  Phones and Laptops (including some really-really old iphone4s).

    You have to plan this carefully (which Apple did'nt ) creating horrible experiences for all consumers.

    By Contrast with Android because you have to depend on the Carrier as well as the Device Manufacturer(who each conduct their own tests) before pushing any update through things get managed that much better today.

     

  15. Daniel
    December 29, 2014

    “I meant upgrading your Phone(and BUying a New one). Software Updates are all manual but not most Current Generation Phones can be upgraded effectively enough to the Latest OS,etc.”

    Asish, it's a costlier suggession.

  16. Daniel
    December 29, 2014

    “By Contrast with Android because you have to depend on the Carrier as well as the Device Manufacturer(who each conduct their own tests) before pushing any update through things get managed that much better today.”

    Asish, the biggest issues with vendors like Samsung, LG etc are they are not releasing any patches for updating the pre installed OS versions. So customers are forced to opt for new hardware 

  17. Ashu001
    December 31, 2014

    Jacob,

    Have you tried installing Kitkat[Android 4.4 ]on a Samsung SII?

    Its just not possible(the Memory is insufficent).

    That is why you will see the need to upgrade to new Hardware atleast once every 4-5 years.

    But then that also depends on your needs and wants.

     

     

  18. Ashu001
    December 31, 2014

    Jacob,

    It works both ways.

    Because they take more time testing Android Patches before passing Updates through;the chances are limited that they will send something through which will end up crippling your phone-Like what happens repeatedly with iPhones because Apple blindly pushes all updates through to all Hardware.

     

  19. Daniel
    January 1, 2015

    “Have you tried installing Kitkat[Android 4.4 ]on a Samsung SII? Its just not possible(the Memory is insufficent).
    That is why you will see the need to upgrade to new Hardware atleast once every 4-5 years. But then that also depends on your needs and wants.”

    Asish, the other issue is we cannot upgrade the OS with existing Hardware; especially with third party handsets like Samsung, LG etc. But if you are using Google hardware Nexus versions, it's very easy.

  20. Daniel
    January 1, 2015

    “Because they take more time testing Android Patches before passing Updates through;the chances are limited that they will send something through which will end up crippling your phone-Like what happens repeatedly with iPhones because Apple blindly pushes all updates through to all Hardware.”

    Asish, an using Samsung S4 for more than 03 years, so far I hadn't received any updates with respect to OS. But they frequently sent updates about other Samsung Apps.

  21. Ashu001
    January 10, 2015

    Jacob,

    WoW!

    That seems way too long to go without an update.

    Have you tried updating the Software Manually yourself?

    I have a phone which is now 2 years old;and it got updated Twice via the vendor only.

     

  22. Ashu001
    January 10, 2015

    Jacob,

    A fair enough statement to make.

    There is no doubt that Google Nexus updates the OS faster than via third Party OEMs.

    But even with third party OEMs on Average you get one full-scale upgrade atleast .

  23. Daniel
    January 14, 2015

    “A fair enough statement to make. There is no doubt that Google Nexus updates the OS faster than via third Party OEMs. But even with third party OEMs on Average you get one full-scale upgrade atleast .”

    Asish, Third paty OEMs are offering very less such upgrades. For my Samsung S4 Galaxy, so far they haven't provide any upgrade to Lollipop.

  24. Daniel
    January 14, 2015

    “That seems way too long to go without an update. Have you tried updating the Software Manually yourself? I have a phone which is now 2 years old;and it got updated Twice via the vendor only.”

    Asish, I used to have small updates with respect to OS from 4.2 to 4.21, 4.22 etc. but so far hadn't provided any update to Lollipop 5.0

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.