Cyber criminals are deliberately targeting small and medium businesses because lower security measures make them easier to breach. While large companies can afford to invest in state of the art security systems, small business are often exposed to hacking attacks because of their inability to invest in such assets.
A study conducted in collaboration with law enforcement agencies around the world has revealed that cyber criminals consider small enterprises an easy prey and that making money from attacking multiple small business is a lot less risky than targeting large companies, according to Verizon’s 2012 Data Breach Investigations Report.
“Cyber criminals have figured out that if their goal is to make money, attacking a large organization that’s well defended and probably has ties to law enforcement that is going to pursue them, is a high-risk solution,” said Verizon’s security research director, Wade Baker.
Taking low risks and targeting a large number of small companies seems to be the preferred method for cyber criminals to steal records and inflict DDoS attacks. Using endpoint protection, vulnerability management, strong password policies and an increased security awareness could diminish the number of breaches and limit cyber-attacks to a bare minimum.
“Alternatively, they can mass produce a commoditised attack and use that exact same method against smaller organisations that have fewer defences because it’s scripted and a very low risk. They can redo that across the entire internet as much as they want to,â€ claims Baker.
The same report concludes that data breaches and information theft was a major form of hacktivism in 2011 and the lack of pattern prediction makes cyber crooks even more terrifying. Streamlining hacking methods and picking low-risk targets has sprung a new market for trading classified information and trade secrets.