Inside the Mind of Cybercriminals: Any Target Is a Valuable Target

By Dave Moorman, Founder and President, DynaSis

The increasing number of cyber attacks against governments and large, often multi-national corporations makes for great headlines (and deep concern on the part of these giant entities). Despite the best efforts of expert in-house IT teams, governments and big (often Fortune 500 or even 100) companies continue to have sensitive business and customer data stolen by individuals and organizations with bad intent.

The unsung story behind the headlines is that small and medium-sized businesses are increasingly becoming targets, as well. In its latest Internet Security Threat Report, security software developer Symantec found that 31% of targeted attacks in 2012 were on businesses with fewer than 250 employees.

Why, you may ask, are cybercriminals interested in SMBs? Don't larger firms offer more data to steal, and profits to make? While the answer to this question is certainly yes, the decision-making process for cyber-attacks isn't limited to the profit potential or the size of the data pool.

Think of it this way. You are given the opportunity to scale a 100-foot wall by any means and at the top of it is $500.  You can also climb a 10-foot hill and collect $50. While you may take the time to gather climbing gear and attempt to collect that big prize, you're certainly not going to ignore the easy target. The same is true for cybercriminals.

In this analogy, SMBs are the 10-foot hill. Most of them devote less money and resources to Internet security and protection, making them easy prey. Furthermore, today's sophisticated cyber-ploys often don't focus on one company, alone. Some of the most successful attacks have involved compromising machines at less-well-guarded companies and using them as "back-doors," gaining access to larger targets through trusted networks.

In other cases, criminals gain access to smaller businesses and then compromise their blogs or websites. When the target visits them, the attack code downloads to their machine or mobile device in the background. If the target has already marked the site as "trusted," the attack is that much easier to pull off. Web-based attacks increased by one third in 2012; many of them originated from the websites of SMBs. And of course, your data is valuable, as well. While you may not have data on 50,000 customers, if a cyber attacker can use automated routines to compromise 500 SMBs with 100 customers each, they've collected quite a bit of data with very little effort.

Attacks and their behaviors can go undetected for a long time, because they often show up only through slow Internet speeds or poor machine performance. And SMBs often have budgetary restrictions that cause them to ignore these performance issues for weeks, months and even years.

This doesn't mean that any performance issues are the result of a cyber-attack. However, it does point out the need to maintain robust defenses, including an actively managed security program (in-house or third party) that can stay up to date with emerging threats. In addition, network and system assessments (even for firms with security programs in place) can identify current and emerging problems. The final piece of the puzzle is to protect yourself from the inside out (many security "holes" are accidentally opened by employees), but that is a discussion for a different day. Stay tuned, and in the meantime, contact me if you would like to know more.