The following article is excerpted from Under Attack: How To Protect Your Business and Your Bank Account From Fast-Growing, Ultra-Motivated and Highly Dangerous Cybercrime Rings, which was published by CelebrityPress on January 14th, 2016.
Belief and opinion are the biggest hurdles in implementing effective security that can help prevent an attack by cybercriminals.
I remember growing up and hearing people say, “One man’s junk is another man’s treasure.” For businesses, what they perceive as something of “no value” can be extremely valuable to a criminal. They will maximize it and expose it, giving themselves a pretty sweet deal while the business and its customers suffer. This likely disturbs you to your very core, but it doesn’t disturb the perpetrator at all.
There are six specific areas of data that are considered the jackpot for cybercriminals. If you know what the gold is, you’ll know how to protect it better.
1. Banking credentials
Think about your payroll accounts and the abundance of information that is in them. A thief will not hesitate to figure out your banking credentials and piece them together, which will give them the ability to impersonate an authorized user on the account. Then—in a matter of a minute—the payroll account is drained. What would you do if your payroll account was suddenly emptied the night before payroll processing?
2. Sensitive data from customers, vendors, and staff
Credit card numbers, Social Security numbers, and other data that help a thief take over someone else’s identity are valuable pieces of information. In the cyber underground, they can go for anywhere from $10 to $300 per record, depending on its value. Does your business have any of this type of information stored on technology of any sort?
Related article — Cybersecurity Fails: 5 Times Businesses Put Their Customers at Risk
3. Trade secrets
Entrepreneurs and innovators work hard, many creating products and services that become a part of all our futures. Along with these exciting innovations come valuable information and data such as: secret formulas, design specs, and well-defined processes. There is a market out there for this information, because some people want to shortcut the path to success by copying those who paved the way. Are your ideas and processes safeguarded from thieves?
It’s hard to imagine that an email account could be of real value, but there is information on there that cybercriminals love. Here are some numbers that a prominent credential seller in the cyber underground can get:
1. $8 for an iTunes account
2. $6 for accounts from Fedex.com, Continental.com, and United.com
3. $5 for a Groupon.com account
4. $4 for hacked credentials to hosting provider Godaddy.com, as well as the wireless providers ATT.com, Sprint.com, Verizonwireless.com, and Tmobile.com
5. $2.50 for active Facebook and Twitter accounts
If your inbox was held for ransom, would you pay to get it back? If your Webmail account got hacked and was used as the backup account to receive password reset emails for another Webmail account, do you know what would happen? The result would be that an attacker could now seize both your accounts!
And here’s a startling fact: If you have corresponded with your financial institution via email, the chances are decent that your account will eventually be used in an impersonation attempt to siphon funds from your bank account. Have you ever conducted any personal business on your email that you don’t want criminals to have access to?
5. Virtual hiding places
Using your unprotected network to launch attacks against others—perhaps one of your top clients or vendors—is a favorite technique for cyber attackers. They will expose the weakest link to their end target and literally “work their way up.”
They start with a smaller company that does business with a larger firm and may have access to some of its passwords and accounts due to the type of working relationship. Then the cybercriminal finds their way into that system and starts to extract the data that they desire. They may also infect the small business’ site with malware.
When larger corporate clients and vendors visit the infected site, the malware secretly attacks that person’s computer and infects the organization. This is known as a watering hole attack. If you were attacked and it impacted your clients, would they understand?
6. Your reputation
The higher up the scale of success you go compared to your peers, the more likely it is that some of them may desire to see you come back down a bit and “make room for someone else.” There are unscrupulous competitors out there, and also disgruntled employees.
Today, targeted reputation damage is a serious concern for small to mid-size businesses. In fact, damaging attacks, whether it be data theft or destruction by rogue employees, has moved up to the third leading cause of loss according to NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims — A Study of Actual Claim Payouts. Do you rely on your reputation to help drive your business?
Most everything that a business has access to using technology, whether it is to either retrieve or store information, is of value to someone who has made a career out of attacking businesses for their own malicious gain. It may be hard to accept this, because most of us do not think like a cybercriminal—we think about our futures, our reputations, and conducting the best business we can. However, in order to know what you’re up against, you really need to start understanding what criminals may see in your business through an honest and thoughtful perspective. It’s a conversation best had with someone who understands the full scope of cybersecurity.