Cybercrime is a big and nasty business. According to Cybersecurity Ventures, small business (organizations with fewer than 250 employees) becomes a prevalent and profitable target: 58% of them were cyberattack victims in the recent year, and the astounding amount of $6 trillion is expected to be the cost of cybercrime the by the year 2021.
The news headlines typically feature large corporations being victims of cybercrime, and it may give small business owners a false sense of security. What the majority of users don’t realize, is that often the hack starts at the less obvious source. Imagine a personal computer being compromised, where login credentials are being stolen and used to continue the hack down the chain. Let’s take a look at the infamous Target hack of 2013, where cyber criminals gained access to Target’s network by infiltrating a small HVAC vendor and stealing that company’s access credentials to Target’s network.
Steps hackers took to infiltrate Target network
- Used (previously obtained) credentials of Target’s HVAC vendor and installed Malware that steals credentials
- Connected using stolen credentials
- Exploited a web application vulnerability and used a web-shell backdoor to upload malicious executable files
- Searched relevant targets for propagation to find the servers that held customer information, including credit card data
- Stole access token from domain admins
- Created a new domain admin account using the stolen token
- Propagated to relevant computers using the new admin credentials
- Stole 70 million personally identifiable information (PII) records
- Installed Malware and stole 40 million credit cards records
- Sent Stolen Data via Network Share
- Sent Stolen Data via FTP
(see source article for detailed information)
Two key mistake SMBs make is they assume they are safe because they are “too small” for hackers. Too often organizations do not take proper steps to secure their network, justifying it by limited budget, time restraints, or simply out of ignorance. To make matters worse, they do not give priority to cybersecurity training for their employees.
What to do if you don’t want to be the victim of cybercrime:
- To minimize the risk, properly safeguard against malicious attack
- To minimize the damage, have a rapid recovery plan.
The most important thing small businesses can do to ensure endpoint security is to let their IT and security professionals proactively implement and protect mission-critical business elements and processes:
- create cybersecurity awareness and accountability program and train your employees regularly
- backup essential systems and data;
- regularly run backup and practice restore procedures;
- create a disaster recovery plan;
- implement programs for timely patch management;
- procedures;
- create and practice a disaster recovery
- implement necessary measures to harden business and user systems;
- constantly monitor systems security.
Does your SMB need reliable business computer network support, expert Security, Data Backup, and Disaster Recovery Services in New Jersey?
Call us at (855) 551-7760 x 311 to speak to our IT Security experts or to request a consultation today. Let’s start a conversation to make sure your business continuity is secured.
Intelligent Business Continuity services by powersolution.com, a New Jersey local IT Security consulting and Computer Network Support company for Small Business include all assets of Managed Security Services.
How is your state of IT? Call Us: (855) 551-7760 with any questions.
