Cybercrime is a big and nasty business. According to Cybersecurity Ventures, small business (organizations with fewer than 250 employees) becomes a prevalent and profitable target: 58% of them were a cyber attack victims in the recent year, and the astounding amount of $6 trillion is expected to be the cost of cybercrime the by year 2021.
The news headlines typically feature large corporations being victims of cybercrime, and it may give small business owners a false sense of security. What majority of users don’t realise, is that often the hack starts at the less obvious source. Imagine a personal computer being compromised, where login credentials are being stolen and used to continue the hack down the chain. Let’s take a look at the infamous Target hack of 2013, where cybercriminals gained access to Target’s network by infiltrating a small HVAC vendor and stealing that company’s access credentials to Target’s network.
Steps hackers took to infiltrate Target network
- Used (previously obtained) credentials of Target’s HVAC vendor and installed Malware that steals credentials
- Connected using stolen credentials
- Exploited a web application vulnerability and used a web-shell backdoor to upload malicious executable files
- Searched relevant targets for propagation to find the servers that held customer information, including credit card data
- Stole access token from domain admins
- Created a new domain admin account using the stolen token
- Propagated to relevant computers using the new admin credentials
- Stole 70 million personally identifiable information (PII) records
- Installed Malware and stole 40 million credit cards records
- Sent Stolen Data via Network Share
- Sent Stolen Data via FTP
(see source article for detailed information)
Two key mistake SMBs make is they assume they are safe because they are “too small” for hackers. Too often organizations do not take proper steps to secure their network, justifying it by limited budget, time restraints, or simply out of ignorance. To make matters worse, they do not give priority to cybersecurity training for their employees.
What to do if you don’t want to be the victim of cybercrime.
- To minimize the risk, properly safeguard against malicious attack
- To minimize the damage, have a rapid recovery plan.
Does your SMB need reliable, expert Security, Data Backup and Disaster Recovery Services in New Jersey?
Call us 201-493-1414 x 311 to speak to our IT Security experts or to request a consultation today. Let’s start a conversation to make sure your business continuity is secured.
Intelligent Business Continuity services by powersolution.com, a New Jersey local IT Security consulting and Computer Network Support company for Small Business include all assets of Managed Security Services.