In our everyday lives, we go to great lengths to protect our homes, our cars, and our personal property. We do this with security systems, video doorbells, car alarms, GPS tracking, etc. The interesting thing about this is that in many areas of the country, break-ins, grand theft auto, and other similar crimes are on the decline. What has been on the rise, however, is cybercrime. And, contrary to what some believe to be true, these cyber crimes are not just targeting large corporations anymore. Hackers have discovered that they can make just as much money or more by targeting many small companies or individuals as they can spending massive amounts of time trying to go after a larger corporation. These cyber crimes include identity theft, ransomware attacks, website highjacking, website defacing, and system resource theft. In this article, we will take a look at a few of the common attacks we are seeing on small to midsize businesses as well as what can be done to harden your systems against such attacks.
It is almost impossible to go a day without hearing a news story about identity theft or being bombarded by identity theft ads that tout the identity theft protection company’s credit monitoring and restoration abilities. These stories and ads would not be front and center if we were not in the middle of an identity theft epidemic. What many small businesses do not realize is that they are becoming a prime target for hackers who are looking for personal identification information that they can steal and sell on the dark web. There are of course still many high profile data breaches that have successfully hit major companies, but for every one of these, you hear about there are hundreds of similar breaches against smaller and less known businesses.
Prime targets for hackers looking to gain personal information that can be sold on the dark web include credit unions, medical facilities, dental offices, local government organizations, churches, and educational institutions. All of these organizations hold large amounts of personal data on their students, patients, and congregations. What makes these targets so attractive for hackers is the fact that most smaller organizations like those listed above do not have the multi-layered protection that larger corporations and federal government agencies do.
Server Resource Theft
Many of our clients are shocked to hear that they can be a target of hackers even if they do not store valuable data on their networks. Stealing data is only one of the many reasons that hackers do what they do. Another goal of hackers is to take control of a server or network to utilize the CPU resources for their own purposes. By utilizing stolen resources they can accomplish a few things. The first benefit that a hacker gets from stealing CPU resources is that when they start sending large amounts of spam emails or highjacking websites, it is not their IP address that will be caught and blocked, it will be the victim’s IP that will take the hit. The second benefit that a hacker reaps from a highjacked network is reduced cost for their own operations. Any business owner knows that purchasing servers, networks, and digital resources aren’t cheap unless you’re a hacker that is able to leach existing system resources at no cost. And, finally, the most precious commodity for a hacker is scalability. By hacking other people’s networks they can grow their spam, website attacking, phishing, or cryptocurrency mining campaigns exponentially. Every single network they take over offers immediate growth for their operations and thus increased profitability.
What Can Be Done?
Having a network security plan in place is critical to keeping your data and resources safe from those who would gladly steal them for their own benefit. A well-rounded security plan should include employee awareness training, multi-factor authentication into critical systems, firewalls, mail filters, and brute force attack mitigation through failed login attempt limiting just to name a few. The first item we put in this article was employee awareness training and we put it in the first position for a reason. Having a well-trained staff that knows how to avoid phishing attempts and other human level compromises is key. That is why at ABSS Networks we offer world-class security solutions that go beyond hardware/software solutions and include every member of our client’s staff that interacts with the network.
If you have any questions regarding this network security please feel free to contact our world-class network security team here at ABSS Networks.