Security Experts: Small to Midsize Firms Vulnerable to Cyber Espionage
That was the daunting message by security experts who addressed cybersecurity issues at a Wisconsin Homeland Security Council gathering.
Breaches of customer databases can be advanced persistent threats that begin as intelligence gathering to find ways around an organization's defenses.
MADISON, Wisc. – Small and midsize companies are among the most vulnerable organizations to cyber attacks, according to security experts who addressed a cyber-training session here sponsored by the Wisconsin Homeland Security Council.
Small and midsize companies are probably more at risk because they don’t always have adequate staffing to manage their Web sites and online business, said William Adams, a vice president with the Merit Network, a Michigan nonprofit that assists government and businesses with cyber security issues, via the Journal Sentinel.
“This is important because they don’t understand all of the links in the chain. They don’t understand that the website they put up, that takes people to their PayPal account or credit card processor, is vulnerable,” Adams said.
A cyber attack could have long-term consequences.
“The cost of a security breach is incredible. You can lose business and your reputation. … I would say the small and medium-size companies are at most risk,” Adams said.
That’s also true for some local governments, said Bill Nash, chief information security officer for the state of Wisconsin.
“They are outsourcing (cyber) services because they can get them at an economical rate, but they don’t always subscribe to the security services to go with it because that’s an additional cost…and they don’t understand how big the threat is,” Nash said.
RELATED: How to Protect Your Security Business Against Cyber Espionage
The threat to businesses and government is hard to quantify, partly because many organizations aren’t aware they’ve been hacked, and some don’t make the information public for fear it could damage their reputations, the newspaper reported.
Often the hackers move in “quietly,” so that nothing appears wrong, when in fact they’re copying intellectual property or confidential information that could be sold to a company’s competitors or otherwise used against it.
“They aren’t necessarily going to kick the door down, grab everything they can and run. They want to get in quietly and be persistent,” Adams said.
Sometimes the cyber criminals take over web servers and use them to attack others or run child pornography rings. That could get a company in trouble with law enforcement, even though it knew nothing of the illegal operations.
“When the FBI comes knocking, they are arresting you because it’s your server,” Adams said.
Mobile phones are another common target for criminals, as they’re easily hacked and often contain valuable company information, including confidential email. When traveling abroad, consider using a mobile phone that doesn’t contain personal and business information. It could be a temporary “disposable” phone.
Foreign governments, including border security officials, sometimes hack into travelers’ phones to see what’s on them, especially if the visitors are government officials or business executives.
RELATED: Biometrics Is Helping Defend Against Cyber Attacks in Health-Care Industry
Never leave a phone in luggage, where it could be easily inspected by border security and airline agents out of the owner’s presence. Free thumb drives, sometimes left in public places as “bait,” can contain malware that copies all of the information in a computer and transfers it to a criminal organization. Similarly, threats can lurk in public wireless hot spots. Don’t do online banking in the hotel lobby, said Byron Franz, an FBI special agent in Milwaukee.
“Wait until you get back to your protected network of your company or your home,” Franz said.
Breaches of customer databases can be “advanced persistent threats” that begin as intelligence gathering to find ways around an organization’s defenses.
“These are the ‘special forces’ of the hacking world. They are elite hacking groups, often supported by their governments or criminal groups,” Franz said.
“They will send credible emails to key decision-makers and people who have access to information they want to steal. Those emails will entice the user to click on a link or open a file, and the consequences are the ‘bad guys’ are taking control of the computer. They are stealing from the biggest and smallest American companies,” he said.
“Any organization that deals with sensitive information needs to be concerned about these threats,” Franz said.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
