SMBs Increasingly Targeted by Cyber Thieves
With less sophisticated security systems, small and midsize businesses took a hit from hackers in 2009, to the tune of $40 million. But there are cost-effective ways to fight back.
By Cecilia Galvinalvin
Smaller corporations and banks with less sophisticated computer security systems than their bigger competitors are becoming the favored targets of cyber thieves, according to the FBI.
Jeffrey Troy, head of the FBI’s cybercrime section, told London’s Financial Times that hackers skimmed $40 million from corporate bank accounts in the U.S. in 2009, primarily targeting small and midsize businesses that were themselves the customers of smaller and midsize banks. He said spearphishing was the hackers’ weapon of choice, with the victims’ security systems frequently unable to recognize the software being used against them.
As a result, hackers were often able to revisit bank accounts they had already plundered. In one case, a client was suing its bank for allowing an unauthorized transfer of more than $50,000 only six days after allowing another unauthorized transfer of $45,000 to the same Moscow bank.
“For a small to medium-sized enterprise, this is serious money,” says Stuart Morris, director of UK-based Tricerion Ltd, which created the SafeLogin image-based mutual authentication system to combat such attacks. “Larger companies may feel that losses on this scale are manageable, but for an SME a loss of nearly $100,000 in the space of a week could very well put it out of business.”
Morris also says smaller banks can’t afford to be as quick to compensate victims as larger competitors, so more and more cases will end up in civil courts, making the situation expensive and creating tension between banks and their clients. “And what makes it all the more tragic is that it’s completely unnecessary,” says Morris.
In addition to SafeLogin–which is also designed to protect against pharming, identity theft, spyware/keystroke logging, and other attacks–there are a host of companies that provide solutions to protect SMBs from cybercriminals. In fact, earlier this year Gartner Inc. named its picks as leading-edge providers of identity and access management (IAM) solutions for SMBs in its report, Cool Vendors in Identity and Access Management, 2009. These include AdmitOne Security in Issahquah, Wash.; Napera Networks, based in Mercer Island, Wash.; Apere of San Jose, Calif.; PacketMotion, also in San Jose; and PhoneFactor, based in Overland Park, Kan.
The FBI believes that cyber raids on financial institutions will increase in 2010 if the banks continue to have difficulty authenticating genuine account holders. “With the global economy only just beginning to crawl out of recession,” says Morris, “every cent is precious and needs the effective protection of a secure login system that spearphishers can’t access.”