The Cyber Element – Oct 2017

In the News

(From reports in Technewsworld and CNBC.com)

On October 9, Nationwide released a survey revealing that 60% of small businesses (having fewer than 299 employees) have been hacked in the last year. Startlingly, the vast majority of them had no knowledge of the attacks until long after the fact. The survey indicates that a major weakness is simply the lack of knowledge of what constitutes an attack, since those surveyed only recognized cyber attacks after being given a list of the possible types such as phishing scams, trojan horses, and ransomware.

Small businesses are much less likely than medium sized or larger businesses to be prepared for attacks or have plans for recovery. They are far less likely than larger firms to have a dedicated employee or service tasked with monitoring for cyberattacks.

Recovery from cyberattacks is especially onerous for smaller businesses, due to the expense and time required. About 20% of victims surveyed spent $50,000 and took more than six months to recover, while 7% spent more than $100,000 and took more than a year to recover.

What this Means for You

Small business data, especially customer credit card numbers and personal information such as names, addresses, and Social Security Numbers, is just as valuable to hackers as that of larger businesses. Hackers are well aware that small businesses are more likely to be vulnerable to attack than larger companies.

Small businesses need to make sure that their computer systems are password-protected, are running up-to-date operating systems, and are armed with up-to-date antivirus and firewall software. They should ensure their data is backed up, whether locally or using a cloud service. It is also important to check that their insurance protects them from cyber risks.

The Nationwide survey indicates that vigilance is especially necessary for technology firms and manufacturers (or other companies with complex supply chains), since they are targeted more frequently. On average they sustained 40 attacks per company over the last year.

Inc.com’s Kevin Kerridge urges companies to create a written response plan to attack, and to make sure every person in the company understands their role. This “human firewall” is key in lowering the probability of an attack.

It Happened to Them, Don’t Let it Happen to You!

(From reports by NPR and Calyptix)

Thieves used a Trojan horse to capture the online banking credentials of PATCO Construction in Maine, stealing about $588,000 in less than seven days. Trojans are usually downloaded from emails, so do not open an email attachment unless it is an item you are expecting, from someone known to you.

This means that employee training is the most important thing you can do in order to reduce this threat.  Companies like Phishme offer services that send fake Trojan horses to attack your employees.  If they fall for the trap, it sends them to a 3 min training video.

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in