This morning I am sitting in my Richmond hotel room overlooking the Glen Allen business park area – a beautiful sunny day to be out and about. It’s also a good day to be speaking to business leaders on the events and trends of cybercrime. If you haven’t read your Wall Street Journal this morning – once again there are numerous links to cybercrime trends surrounding our nation.
Iran and the Qassam Cyber Fighters
The latest headline in section A of the Wall Street Journal reads, Iran Renews Internet Attacks on US Banks. The latest victims are BB&T, our 11th largest bank, and Capital One, the nations 13th largest bank. Are these attacks a response to the Stuxnet worm, oil sanctions, or the recent anti-Islamic YouTube video? Or does it go much deeper than that? I suspect the ladder – but we’ll never really know. The real problem is, this is terrorism, perhaps it’s war since it seems to be sanctioned by Iranian government officials, but more importantly, it is a change in the purpose and methods of cyber attacks over the past decade.
Most of the attacks seen around the world in recent years have targeted individuals and private business in an attempt to steal data that can be used and sold for profit. ID theft, fraud, embezzlement, and extortion have been the drivers behind attacks that started with Brian Salcedo (who attacked Lowes in 2003) and advanced to the TJ Maxx and Hannaford’s attacks masterminded by Albert Gonzales in more recent cybercrime history. These attacks are government sanctioned war with an intent to disrupt energy and financial institutions using virus and other malware technology, and our Government isn’t really able to defend the country against them. It’s really up to the individual companies to battle this front. If you understand cyber security, you can probably understand that this is not a clear-cut situation. With computers, it’s hard to really tell who is actually attacking unless someone raises their hand and says, “It’s me.”
Small Business Owners Under Attack
eWeek also reported on cyber trends this morning in an article entitled, Cyber-Security Threats Unaddressed by Small Businesses. The opening line reads,
“Small-business owners are woefully unprepared when it comes to protecting their companies from various forms of internal and external security threats.”
Important Sound Bites on SMB Security
** 77 percent of SMBs said their company is safe from cyber-threats, such as hackers, viruses, malware or a cyber-security breach. (This represents a lack of understanding!)
** 88 percent have no formal cyber security plan in place today!
** 73 percent of respondents said that a safe and trusted Internet is critical to their success, and 77 percent said a strong cyber-security and online safety posture is good for their company’s brand…okay..
** 59 percent admit that they do not have a contingency plan outlining procedures for responding and reporting data breach losses…which makes you wonder about the 73 percent.
** 66 percent of said they are not concerned about cyber-threats (external or internal), such as an employee, ex-employee, or contractor or consultant stealing data…even though the WSJ reported last year that 75% of employees admit that they steal company data.
** 86 percent said they are satisfied with the amount of security they provide to protect customer or employee data, and 83 percent said they “strongly or somewhat agree” that they are doing enough or making enough investments to protect customer data. But…
** Visa found small businesses represent more than 90 percent of the payment data breaches reported to the company. And…
** Almost 40 percent of the more than 1 billion cyber-attacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees!
Obviously there is a disconnect here…these events are meant to educate business leaders to show them what they are up against, and how to tell if they are really secure. This is not about selling more product, its about helping these business owners understand and get what they really need.
© 2012, David Stelzl