Page 3 - Cyber Warnings
P. 3
SMB’s – Industry’s Biggest “Weak Link” – New Soft Target
Friends,
We’re now starting to see signs that small to medium size businesses
(SMBs), whether they are a small US Government agency such as the FDIC,
who recently lost 44,000 records to a hacker breach or the April 7, 2016
attack on Trump Hotels allegedly by Anonymous or the hacker attack on a
manufacturing/retailer Lamps Plus who lost 1,300 employee records to
hackers – now facing a class action law suit Frank Varela, et al. v. Lamps
Plus Inc., et al., Case No. 5:16-cv-00577, in the U.S. District Court for the
Central District of California. I could go on all day but you can simply visit
http://www.privacyrights.org to learn more about the breaches that have been happening to SMBs since
early January this year. It’s a trend that continues to grow.
As 2016 kicked off with SMB attacks, the Chief Operating Officer of one of the branches of the Federal
Reserve Bank was interviewed in Boston, Massachusetts. In the interview, here’s what he had to say:
“Hackers looking to break into the US Banking system or even to take it down and disrupt the economy
are now looking at SMB banks as the weaker ‘soft’ targets, almost a ‘back-door’ into the larger banking
system, of which they all have network touchpoints.”
(See:http://www.bostonherald.com/business/business_markets/2016/01/fed_officials_hackers_would_star
t_small_on_way_to_banking_system).
What we find, is that smaller to medium size businesses and government agencies – from credit unions to
banks to retail outlets, manufacturers, hospitals, law firms, dentists, doctors’ offices and schools all have
the same thing in common – very small INFOSEC budgets and “over the counter” equipment such as
firewalls and routers that can be purchased at Walmart or Amazon dot com. They choose brand name
antivirus software and then believe they are secure. Then, when they get hit with Ransomware, they
follow the FBI’s original instructions and ‘pay the extortion fees’ to get the data unlocked and avoid
downtime. Many get breached and end up going out of business. The typical cost of a single breach to
an SMB is anywhere from $3,000.00 to over $150,000.00. If the breach is significant enough, it will be
followed by a class action law suit and most likely, the SMB will end up going out of business.
We talk about SMB security in this edition and also the BYOD dilemma. It’s time to rethink how we are
going to use Internet and Intranets to benefit our organizations. We have to balance PRIVACY LAWS
and REGULATORY REQUIREMENTS with the benefits of faster communications, online sales and
marketing opportunities, etc. Now is the time to do a spring cleaning on your network, your policies and
your security posture. Clean it up, organize it better and get stakeholders involved now, before you get
breached. If you don’t have an INFOSEC budget, you better get one soon or you will be the next victim.
You’ll need to find new ways to prevent breaches. Focus on the INSIDE-OUT and make sure the data is
secure and encrypted. Stay one step ahead of the next threat and we’ll see you online next month!
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide