Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/4/2011
12:39 PM
50%
50%

SMB Security: Don't Get Held For Cyber Ransom

Targeted attacks aren't just the bane of big business. Here's an expert take on how SMBs can prevent cyber crooks from hijacking their data and other corporate assets.

10 Important Cloud Apps For SMBs
10 Important Cloud Apps For SMBs
(click image for larger view and for slideshow)
Why would sophisticated hackers waste their time with the smaller fish when they know the trophy catch creates the headlines? Simple: Follow the money.

"What doesn't make the news and is just as much of a problem--if not more, in volume--are the muggings, the crimes of opportunity," said Jeff Schmidt, founder and CEO at JAS Global Advisors, in an interview. "It's low-hanging-fruit economics from the bad guys' perspective."

That makes small and midsize businesses (SMBs)--particularly those that ignore even basic security practices--a mouthwatering mark for online crooks. According to Schmidt, while the Internet-age-old targets like social security numbers and banking credentials are still sought after, sensitive assets such as customer and supplier information, marketing databases, geolocation data, and other business records now carry increasing value to criminals.

"Data has never been easier [for criminals] to monetize," Schmidt said. "A very sophisticated, very liquid black market for all kinds of data has emerged."

[How long would it take your business to respond to a denial of service attack? Use these five tips to create an action plan.]

The core lesson: Don't be the easy pickings. The fundamentals of reasonable security continue to apply: Stay current on critical patches and downloads for Windows, Adobe, and any other software in use at your company. Use complex passwords--and don't reuse them across systems. The loss of physical media such as laptops, mobile devices, and external drives continues to be an issue; understand the risks if a finance manager's PC, for example, gets left in the backseat of taxicab.

Schmidt also notes that while some firms have trust issues with cloud applications, credible platforms will likely have stronger, more current security systems and practices than their SMB customers can support internally. "There's tradeoffs for everything, but when SMBs can outsource certain parts of their infrastructure they get the [security] advantages without having the investment in IT resources," Schmidt said.

Still, secure environments start internally. A key way for SMBs to avoid wearing bull's-eyes on their virtual backs: Be careful with personal and corporate information on social networks and other public domains.

Schmidt notes that a growing number of targeted attacks against SMBs begin with a crook gleaning information about individual employees online in hopes of finding a potentially profitable mark. This could include, for example, discovering the names of employees that might have banking or other financial authorization, network access credentials, and other data. This information can then be used to launch realistic spear phishing, social engineering, and other direct attacks intended to steal money, hijack systems, or conduct corporate espionage. In some instances, such an attack might involve compromising certain systems or data and demanding a ransom--bad kidnapping movie style--for its healthy return.

Executives and finance professionals continue to make prime pickings for financial scams, but Schmidt said that other roles have become targets as well. That's particularly true in industries like technology where product development roadmaps, source code, and other proprietary data might have external value. In those cases, developers, project managers, and other IT pros might get a longer look from prying eyes.

For SMBs that are already practicing smart security, the next step is a philosophical change: "In many cases, even technically sophisticated SMBs have a 'protect everything' mentality," Schmidt said, adding that this mindset treats security strictly as a technical problem to be mitigated with technical solutions: Firewalls, encryption, antivirus software, and the like. Those tools are all fine and well, but Schmidt advises a different approach for SMBs: Treat security as a risk management problem.

That involves determining the value of various data and other assets across the company, considering who might be interested in it and how they could get their hands on it, and which internal personnel have access to those potential targets. Then, you're able to better assess potential exploits and develop stronger policies and procedures for minimizing the risk of (and fallout from) a security breach. These could include human resources functions such as background checks, "two-man rules" that prevent any single person from having sole access to critical data or systems, and other prevention-minded policies.

"When you start going down those lines, security becomes as much of a policy problem as a technical problem," Schmidt said. "You start looking at it as risk management and the whole range of countermeasures available, not just technical countermeasures."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/8/2011 | 4:56:37 AM
re: SMB Security: Don't Get Held For Cyber Ransom
To the last point: SMBs, and really all organizations, should definitely treat security as a risk management problem in the way Schmidt describes. It is necessary I think for efficiency.
Brian Prince, InformationWeek/DarkReading Comment Moderator
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8220
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .