Businesses Most at Risk for Internet Hacking
Career criminal Willie Sutton is credited with saying that he robbed banks, “because that’s where the money is,” and while Sutton later claimed to have never uttered that infamous line, he did say in his autobiography that criminals “go where the money is … and go there often.”
Unfortunately for many businesses, today’s Internet criminals seem to be going where the money is and they are, indeed, going there often—as the recent hacking of Sony’s PlayStation Network has proven. Cyber crime experts say that virtually all businesses online are targets.
“Money attracts criminals,” says Melih Abdulhayoglu, CEO of Comodo, the maker of antivirus and firewall solutions for business. “The financial industry continues to suffer a lot from cyber crime attacks.”
Abdulhayoglu says that high-profile companies that rely on Internet for revenue are seeing an increase in attacks. One of the reasons this is happening is that there has been a shift from the lone hacker or specialized cyber criminal to criminal enterprises that are looking to make online attacks part of a new business model.
“Cyber crime has become a more lucrative industry than trying to smuggle drugs across the border,” says Abdulhayoglu, “and it is actually far less risky.”
Moreover, just as criminals in the off-line world have specialties and thus unique skill sets that target specific businesses, so too are there specialized cyber criminals, putting more businesses at risk.
“It isn’t so much that some industries are more susceptible,” says Mark Bell, Executive Vice President of Operations for Digital Defense, “but there are now different threats based on particular industries.”
Money remains a big target, putting banks, credit unions and other financial institutions that move money in the cyber crosshairs, but money isn’t the only target. Defense industries and governmental institutions are also being targeted by cyber criminals and terrorists looking to gain information and find other vulnerabilities.
But regardless of whether money is the directly target, it is still all about the money in the end.
“There is the threat against intellectual property,” says John Kindervag, Senior Analyst at Forrester Research. “There are hackers who are looking to steal another companies R&D because they can sell the information to a company that has a small R&D budget. So it may be about intellectual capital or money, or just something you can turn into money.”
The threat is also increasing for smaller businesses and entities. While these had been largely ignored by cyber criminals, small and medium sized businesses have become the low hanging fruit for hackers.
“They don’t have the budget to be as diligent as larger companies,” says Kindervag, “But they still have data that can be monetized. It is like robbing a small bank or robbing a large bank. The smaller bank might have less guards and just as much money to steal.”
Doug Johnson, Vice President, Risk Management Policy, American Bankers Associationagrees that smaller banks are indeed targets, just as much as larger institutions.
“We’re accustomed to being a target,” says Johnson, who adds “you are only as secure as your weakest link. It is up to the institution to conduct risk assessment and to mitigate risks, along with transaction monitoring. What is important is that the financial institutions have multiple layers of security.”
Johnson says that while threats do run down hill, and that cyber criminals may target larger banks before moving to community banks, the protection is also passed down.
“We represent the entire industry, so while we represent the largest banks, we also work with community banks around the country. This ensures that the larger threats to the big institutions are known to community banks. That protects the entire environment.”
Regardless of the size of the institution, there is concern that handheld devices are now opening new holes. A recent study from Origin Storage found that 41 percent of what should be a security savvy audience are carrying sensitive data on mobile devices unprotected. The study also found that 19 percent of respondent organizations suffered a data breach following the loss of a portable device that contains unencrypted data.
“Mobile devices are opening new holes to networks, and the addition of apps means corporate data is being put at risk,” says Tom DeSot, Executive Vice President and Chief Information Officer for Digital Defense, noting this is increasing a problem with small and medium sized businesses. “Things that connect wirelessly or via a USB tether are further adding new issues. It is hard for a small business to stay on top of everything.”
Protecting from cyber crime is also unfortunately becoming ever more difficult, in part because too many people are far too trusting online.
“When is the last time you opened the door blindfolded to someone you don’t know,” asks Abdulhayoglu? “Most people would never do this at home or work, but we do it every day in the digital world.”