In the world of cybercrime, every company in the electronics industry has something to lose.
The threat of cyberattacks extends well beyond major corporations. Recent incidents suggest hackers are turning up the heat on the supply chain as the networks of larger companies have become increasingly hard to crack. Bottom line: Watch out.
A special report by Kaspersky Lab, an international IT security vendor with 300 million users, cautions small and midsized businesses against complacency since they tend to be used as “stepping stones” when cyber criminals stage attacks against larger enterprises.
This false sense of security may lead to devastating losses if an attack does occur, not only in pure monetary terms — the bill for a single incident amounts to an average of $50,000 for a small to midsized company, according to Global Corporate IT Security Risks, B2B International. Combined with adverse publicity and legal repercussions, you may spend the next few years repairing your company's tarnished reputation.
In essence, one industry analyst says: “It doesn't matter if you're talking about a Fortune 500 Company, or a two-person start-up operating in someone's parents' garage. Everyone has something to lose.”
The threat comes in many shapes, from old-school phishing schemes and drive-by downloads to sophisticated exploitation of company websites and business software. (For an inside perspective of what we're up against, make sure to read a recent piece in the New Yorker about Anonymous, the world's most powerful nongovernmental hacking collective.)
Take the recent example of “Zombie Zero,” a malware designed to target the shipping and logistics industry around the globe. Embedded in scanners used to inventory items being shipped or transported, Zombie Zero automatically attacked the corporate environment as the scanner was attached to a wireless network and put into production. Attempts by the targeted company to install security certificates for network authentication subsequently failed because the devices were too compromised.
The example also showcases the challenges that companies — large and small — face when trying to protect themselves from an enemy that constantly morphs into even more malevolent forms.
David Monahan, research director at Enterprise Management Associates, an industry analyst firm, sums up the problem in an article on Supply Chain 24/7:
The problem with legacy security technologies is that they are not able to adapt to defend against emerging threats in real-time. Today's threat actors are smarter than ever morphing their attacks multiple times to achieve the goal of undermining existing security defenses. The next generation of security solutions must be just as adaptable to counter these modern threats.
So what's a small business owner to do?
As simple as it may seem considering the sophistication of the opponent, educating and raising awareness among your staff about cyber security risks should be a key requirement of any prevention policy. Cyber criminals still largely rely on a naïve public to steal information and passwords.
The security solution itself needs to be comprehensive to provide effective protection. Kaspersky recommends the following features: vulnerability assessment, patch management, application controls, device controls, web controls, zero-day defenses, data encryption, and mobile security with mobile device management.
It sounds like a lot, but is it enough? Is there even such a thing as fool-proof protection against cybercrime? Let's hear your thoughts.