SlideShare a Scribd company logo

cyber-crime-in-small-business ebook

K
Kerry Desberg
1 of 15
Download to read offline
Hackerz,Ink “Your misery is our business” smb Destruction Kit Wicked Awesome vertical market attack kitMALWARE The Cyber Crime Guide for Small and Midsize Businesses Find out how hackers wreak havoc on Main Street and learn what you can do to protect yourself.
Cyber Crime Comes to Main Street 2 The Bored Hacker Looking for the easy crime Main Street Is a Great Place To Be Cyber criminals are targeting Main Street with sophisticated attacks that are tearing down small to midsize businesses (SMBs) and agencies. These crimes don’t always make headlines like the hacks that hit nation states or huge entities like Sony, but they’re far more pervasive. The good news? You can protect your Main Street business from cyber attacks. We’ll show you how. Your local business or government agency is part of the fabric of your community. People feel secure here. Life is good. But Main Street also has a dark side.
Cyber Crime Comes to Main Street 33 Why Main Street? Today’s cyber threats are more sophisticated than ever, making it easy for big-time villains to target small-town businesses. Cyber criminals may be hacktivists with social agendas who want to disrupt your day-to-day business or organized criminal groups going after your customers’ financial or personal data. of small businesses hit by a cyber attack go out of business within 6 months of the attack 2 60%of small businesses have been victims of cyber attacks1 44% Average cost per attack 1 $8,700
WELCOME HACKERS Personal Info, Inc. Cyber Crime Comes to Main Street 4 Main Street Offers Plenty of Easy Targets Main Street’s SMBs typically spend less time and money on network security than larger firms. That means they’re easy targets for cyber criminals. But even if Main Street businesses aren’t specifically targeted, automated attacks constantly scan the Internet looking for vulnerable data and under-protected computers that can be used as a resource. “[Small businesses] assume hackers would need to pick their business out of 27 million others, not realizing that the attacks are automated and focused on discovering vulnerabilities.” 4 In 2014, small firms with annual revenues less than $100 million cut security spending by 20%, while large companies increased security investments by 5%. 3
Could this happen to you? Cyber Crime Comes to Main Street 5 No Good Deed Goes Unpunished The receptionist for a small municipal court found a box of branded USB drives left on her desk. In hopes of figuring out who they’re for, she plugged one into her computer. The drive was blank, so she gave away the free storage. By then, she had already infected the court‘s office network— and spread the malware to each of the drive recipients. U.S. government agencies alone have lost more than 94 million citizens’ records since 2009, and each lost record represents a cost of $194.5
Open For Hacking Cyber Crime Comes to Main Street 6 Main Street Lets Cyber Criminals Stay under the Radar Hijacking many smaller businesses rather than individual large entities keeps media and government attention off attackers, while still allowing them to make high returns from multiple targets. In some cases, Main Street businesses may not even be the ultimate target. They’re often the weakest link in a chain-of-trust attack in which attackers prey on the security of small, under-protected supply-chain targets to get to their larger business partners. The 2014 Target breach reportedly occurred when attackers stole network credentials from Target’s HVAC provider. 7 Security breaches at large companies cost between £450,000 ($697,000) and £850,000 ($1.3 million) on average in 2013. For a small business, a breach could cost anything between £35,000 and £65,000. 6
HardHatConstructionCo. Could this happen to you? Cyber Crime Comes to Main Street 7 There Is Such a Thing as Bad Press Hard Hat Construction’s (HHC) new building contract for Mega Corporation was well-publicized. On seeing the news, the hackers that had been foiled by Mega’s well-crafted network defenses immediately shifted focus. An attachment in a spear-phishing email to an HHC billing manager infected his computer with a key logger. That gave the hackers access to his account in Mega’s system, which they used to breach the bigger company—and forever tarnish HCC’s reputation. Nearly 90% of SMBs in the U.S. do not use data protection for company and customer information, and less than half secured company email to prevent phishing scams.8
Cyber Crime Comes to Main Street 8 Main Street Is Full of Valuable Data Even small and midsize organizations store valuable data that means money for the bad guys. And cyber criminals can target vertical market segments that let them take advantage of common vulnerabilities while still offering the high returns of multiple victims. Retail is one of the top five most-targeted industries in terms of the volume of attacks and attempted intrusions. 9 Visa Inc. reports that small businesses represent more than 90%of the payment data breaches reported to their company. 10
WestminsterOrthopedic Could this happen to you? Cyber Crime Comes to Main Street 9 A Hack a Day Keeps the Doctor Away Westminster Orthopedic’s new tablet initiative gave practitioners wireless access to patient data throughout this local health clinic. However, a black hat used a rogue access point to trick a doctor into giving up the private network password. Using the stolen password, the attacker accessed the real network and gained access to patient records, including valuable medical identity numbers. In 2013, the cost of medical identity theft to consumers was estimated at $12 billion.11 In 2014, more than 2 million patients were victim to medical identity theft globally, a half million more than were recorded in 2013.12
Cyber Crime Comes to Main Street 10 Where the Threats Come From Blended threats come from many vectors at once An attack may start as a phishing email that uses the web to download malware, and then communicates data back to the hackers over another network service. Advanced malware variants grow exponentially every year Attackers “morph” existing malware to bypass legacy antivirus protection, which is typically two days to two weeks behind. In 2014 alone, 143 million new malware variants were reported.13 Nation-state cyber espionage attacks trickle down Sophisticated techniques of state-sponsored attackers such as spear phishing and watering hole attacks are increasing in the private sector. Zeus, a common banking botnet, uses Stuxnet’s techniques.
Cyber Crime Comes to Main Street 11 3 Steps to Protecting Main Street Upgrade your Protection Despite the fast-evolving threats to Main Street, many SMBs and local agencies are still focused on legacy defense strategies such as a simple firewall. The first step is to upgrade to the protection of a next-generation firewall (NGFW) or unified threat management (UTM) device that combines all of today’s necessary defenses in a single easy-to-manage and cost-effective appliance. WatchGuard’s future-proof platform delivers the industry’s best-performing defenses in each category, and performs at line speed so you don’t sacrifice network performance even with all security engines turned on. WatchGuard’s Firebox® M200 and M300 firewalls are up to 218% faster than the competition in overall performance and up to 385% faster for encrypted traffic inspection.14 STEP ONE Easily deploy, maintain, and manage network security with a single cost-effective device. UTM/NGFW Content Filtering Advanced Threat Protection Email Security User Identity-aware Controls Application Control Gateway AntiVirus (AV) Data Loss Prevention (DLP)
Cyber Crime Comes to Main Street 12 3 Steps to Protecting Main Street Break the Kill Chain Today’s sophisticated security devices have controls to catch different parts of an attack, but attackers can still find ways to evade defenses. Defense-in-depth fills the gaps—breaking the attacker’s kill chain. The theory behind the kill chain is that the more layers (or links) of defense you create to prevent different types of attacks, the more you maximize your protection. Each link represents part of an attacker’s methodology, but also represents an opportunity for you to implement a defense. STEP TWO Objectives/Exfiltration: Attacker accomplishes the attack (theft or damage). Lateral Movement / Pivoting: Malware moves through internal network to find and elevate privilege to valuable target. Command and Control (C&C): Malware calls home, providing attacker control. Infection/Installation: Payload establishes persistence in an individual host. Compromise/Exploitation: Attacker takes advantage of a software or human weakness to get the payload to run. Delivery: Attacker transmits payload via a communications vector. Reconnaissance: Attacker gains information about the target.
Cyber Crime Comes to Main Street 13 See the Threat to Defend Against It Small businesses are breached every day, but a third of them admit to being uncertain about whether or not they were attacked.15 For both small and large organizations, it takes an average of 80 days for businesses to notice they’ve been breached.16 By that time, the damage is already done. These breaches are being missed because we’re drowning in an ocean of data. Since you can never have perfect defense, the third critical step in your security strategy is to implement discovery-and-response tools to help you see and handle the incidents that get past your gates. You need a tool that brings the data from all your security controls together and correlates different security triggers into a single incident so you don’t miss signs of a sophisticated, multi-vector attack. 3 Steps to Protecting Main Street STEP THREE
Cyber Crime Comes to Main Street 14 Keep Main Street Safe Visibility and analytics tools such as WatchGuard Dimension™ translate millions of lines of logs into the thimble- full of intelligence you need to recognize and address problems in your network. SMBs and local government agencies are increasingly targets of sophisticated, enterprise-class network attacks. WatchGuard offers enterprise-class defense that’s designed specifically to meet the unique needs of SMBs. We’d love to help you keep Main Street safe. Contact us today!
Cyber Crime Comes to Main Street 15 About Watchguard WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, best-of-breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available basis. ©2015 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and Firebox are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. 505 Fifth Avenue South Suite 500 Seattle, WA 98104 www.watchguard.com North America Sales +1.800.734.9905 International Sales +1.206.613.0895 1 2013 survey by the National Small Business Association, http://www.nsba.biz/wp-content/uploads/2013/09/Technology-Survey-2013.pdf 2 National Cyber Security Alliance, Stay Safe Online, Small Business Online Security Infographic, 2014, https://www.staysafeonline.org/stay-safe-online/resources/small-business-online-security-infographic 3 PWC’s Global State of Information Security Survey 2015, http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf 4 “Hackers put a bull’s-eye on small business.”http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html 5 “2012 Deloitte-NASCIO Cybersecurity Study: State governments at risk: a call for collaboration and compliance.”http://www.nascio.org/publications/documents/Deloitte-NASCIOCybersecurityStudy2012.pdf 6 “The threat from cybercrime?‘You ain’t seen nothing yet.’”PricewaterhouseCoopers (PwC) research, reported by CNBC http://www.cnbc.com/id/100959481 7 “Target Hackers Broke in Via HVAC Company.“ http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ 8 “Cybercrime and hacking are even bigger worries for small business owners.”http://www.theguardian.com/business/2015/jan/21/cybersecurity-small-business-thwarting-hackers-obama-cameron 9 “How Small Businesses Are Vulnerable to Cyber Attack.”http://www.mydigitalshield.com/small-businesses-vulnerable-cyber-attack/ 10 “The challenge of digital security: What will it take for retailers to protect themselves?”http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WHinfotype=SAappname=SNDE_RE_RE_USEN htmlfid=REW03017USENattachment=REW03017USEN.PDF#loaded 11 “2013 Survey on Medical Identity Theft.”http://medidfraud.org/2013-survey-on-medical-identity-theft/ 12 “2014 Fifth Annual Study on Medical Identity Theft.”http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft/ 13 AV-Test report http://www.av-test.org/en/statistics/malware/ 14 Miercom Performance Report http://www.watchguard.com/docs/analysis/miercom_report_062015.pdf 15 “The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations.”https://sophos.files.wordpress.com/2013/11/2013-ponemon-institute-midmarket-trends-sophos.pdf 16 “The Post Breach Boom.”Ponemon Institute study 2013. http://www.ponemon.org/local/upload/file/Post%20Breach%20Boom%20V7.pdf

Recommended

Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Scott Wright
 
Eitzen13e.chapter18.lecture.ppt 194000
Eitzen13e.chapter18.lecture.ppt 194000Eitzen13e.chapter18.lecture.ppt 194000
Eitzen13e.chapter18.lecture.ppt 194000
soc102ms
 
The Channel Chief Insomniac Final Final Final
The Channel Chief Insomniac Final Final FinalThe Channel Chief Insomniac Final Final Final
The Channel Chief Insomniac Final Final Final
Kerry Desberg
 
CyberCrime Comes To Mainstreet infographic
CyberCrime Comes To Mainstreet infographicCyberCrime Comes To Mainstreet infographic
CyberCrime Comes To Mainstreet infographic
Kerry Desberg
 
Unlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionUnlocking the Promise of UTM Protection
Unlocking the Promise of UTM Protection
Kerry Desberg
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 

Recommended

Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Scott Wright
 
Eitzen13e.chapter18.lecture.ppt 194000
Eitzen13e.chapter18.lecture.ppt 194000Eitzen13e.chapter18.lecture.ppt 194000
Eitzen13e.chapter18.lecture.ppt 194000
soc102ms
 
The Channel Chief Insomniac Final Final Final
The Channel Chief Insomniac Final Final FinalThe Channel Chief Insomniac Final Final Final
The Channel Chief Insomniac Final Final Final
Kerry Desberg
 
CyberCrime Comes To Mainstreet infographic
CyberCrime Comes To Mainstreet infographicCyberCrime Comes To Mainstreet infographic
CyberCrime Comes To Mainstreet infographic
Kerry Desberg
 
Unlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionUnlocking the Promise of UTM Protection
Unlocking the Promise of UTM Protection
Kerry Desberg
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
Christy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
Alireza Esmikhani
 

More Related Content

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Featured (20)

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 

cyber-crime-in-small-business ebook

  • 1. Hackerz,Ink “Your misery is our business” smb Destruction Kit Wicked Awesome vertical market attack kitMALWARE The Cyber Crime Guide for Small and Midsize Businesses Find out how hackers wreak havoc on Main Street and learn what you can do to protect yourself.
  • 2. Cyber Crime Comes to Main Street 2 The Bored Hacker Looking for the easy crime Main Street Is a Great Place To Be Cyber criminals are targeting Main Street with sophisticated attacks that are tearing down small to midsize businesses (SMBs) and agencies. These crimes don’t always make headlines like the hacks that hit nation states or huge entities like Sony, but they’re far more pervasive. The good news? You can protect your Main Street business from cyber attacks. We’ll show you how. Your local business or government agency is part of the fabric of your community. People feel secure here. Life is good. But Main Street also has a dark side.
  • 3. Cyber Crime Comes to Main Street 33 Why Main Street? Today’s cyber threats are more sophisticated than ever, making it easy for big-time villains to target small-town businesses. Cyber criminals may be hacktivists with social agendas who want to disrupt your day-to-day business or organized criminal groups going after your customers’ financial or personal data. of small businesses hit by a cyber attack go out of business within 6 months of the attack 2 60%of small businesses have been victims of cyber attacks1 44% Average cost per attack 1 $8,700
  • 4. WELCOME HACKERS Personal Info, Inc. Cyber Crime Comes to Main Street 4 Main Street Offers Plenty of Easy Targets Main Street’s SMBs typically spend less time and money on network security than larger firms. That means they’re easy targets for cyber criminals. But even if Main Street businesses aren’t specifically targeted, automated attacks constantly scan the Internet looking for vulnerable data and under-protected computers that can be used as a resource. “[Small businesses] assume hackers would need to pick their business out of 27 million others, not realizing that the attacks are automated and focused on discovering vulnerabilities.” 4 In 2014, small firms with annual revenues less than $100 million cut security spending by 20%, while large companies increased security investments by 5%. 3
  • 5. Could this happen to you? Cyber Crime Comes to Main Street 5 No Good Deed Goes Unpunished The receptionist for a small municipal court found a box of branded USB drives left on her desk. In hopes of figuring out who they’re for, she plugged one into her computer. The drive was blank, so she gave away the free storage. By then, she had already infected the court‘s office network— and spread the malware to each of the drive recipients. U.S. government agencies alone have lost more than 94 million citizens’ records since 2009, and each lost record represents a cost of $194.5
  • 6. Open For Hacking Cyber Crime Comes to Main Street 6 Main Street Lets Cyber Criminals Stay under the Radar Hijacking many smaller businesses rather than individual large entities keeps media and government attention off attackers, while still allowing them to make high returns from multiple targets. In some cases, Main Street businesses may not even be the ultimate target. They’re often the weakest link in a chain-of-trust attack in which attackers prey on the security of small, under-protected supply-chain targets to get to their larger business partners. The 2014 Target breach reportedly occurred when attackers stole network credentials from Target’s HVAC provider. 7 Security breaches at large companies cost between £450,000 ($697,000) and £850,000 ($1.3 million) on average in 2013. For a small business, a breach could cost anything between £35,000 and £65,000. 6
  • 7. HardHatConstructionCo. Could this happen to you? Cyber Crime Comes to Main Street 7 There Is Such a Thing as Bad Press Hard Hat Construction’s (HHC) new building contract for Mega Corporation was well-publicized. On seeing the news, the hackers that had been foiled by Mega’s well-crafted network defenses immediately shifted focus. An attachment in a spear-phishing email to an HHC billing manager infected his computer with a key logger. That gave the hackers access to his account in Mega’s system, which they used to breach the bigger company—and forever tarnish HCC’s reputation. Nearly 90% of SMBs in the U.S. do not use data protection for company and customer information, and less than half secured company email to prevent phishing scams.8
  • 8. Cyber Crime Comes to Main Street 8 Main Street Is Full of Valuable Data Even small and midsize organizations store valuable data that means money for the bad guys. And cyber criminals can target vertical market segments that let them take advantage of common vulnerabilities while still offering the high returns of multiple victims. Retail is one of the top five most-targeted industries in terms of the volume of attacks and attempted intrusions. 9 Visa Inc. reports that small businesses represent more than 90%of the payment data breaches reported to their company. 10
  • 9. WestminsterOrthopedic Could this happen to you? Cyber Crime Comes to Main Street 9 A Hack a Day Keeps the Doctor Away Westminster Orthopedic’s new tablet initiative gave practitioners wireless access to patient data throughout this local health clinic. However, a black hat used a rogue access point to trick a doctor into giving up the private network password. Using the stolen password, the attacker accessed the real network and gained access to patient records, including valuable medical identity numbers. In 2013, the cost of medical identity theft to consumers was estimated at $12 billion.11 In 2014, more than 2 million patients were victim to medical identity theft globally, a half million more than were recorded in 2013.12
  • 10. Cyber Crime Comes to Main Street 10 Where the Threats Come From Blended threats come from many vectors at once An attack may start as a phishing email that uses the web to download malware, and then communicates data back to the hackers over another network service. Advanced malware variants grow exponentially every year Attackers “morph” existing malware to bypass legacy antivirus protection, which is typically two days to two weeks behind. In 2014 alone, 143 million new malware variants were reported.13 Nation-state cyber espionage attacks trickle down Sophisticated techniques of state-sponsored attackers such as spear phishing and watering hole attacks are increasing in the private sector. Zeus, a common banking botnet, uses Stuxnet’s techniques.
  • 11. Cyber Crime Comes to Main Street 11 3 Steps to Protecting Main Street Upgrade your Protection Despite the fast-evolving threats to Main Street, many SMBs and local agencies are still focused on legacy defense strategies such as a simple firewall. The first step is to upgrade to the protection of a next-generation firewall (NGFW) or unified threat management (UTM) device that combines all of today’s necessary defenses in a single easy-to-manage and cost-effective appliance. WatchGuard’s future-proof platform delivers the industry’s best-performing defenses in each category, and performs at line speed so you don’t sacrifice network performance even with all security engines turned on. WatchGuard’s Firebox® M200 and M300 firewalls are up to 218% faster than the competition in overall performance and up to 385% faster for encrypted traffic inspection.14 STEP ONE Easily deploy, maintain, and manage network security with a single cost-effective device. UTM/NGFW Content Filtering Advanced Threat Protection Email Security User Identity-aware Controls Application Control Gateway AntiVirus (AV) Data Loss Prevention (DLP)
  • 12. Cyber Crime Comes to Main Street 12 3 Steps to Protecting Main Street Break the Kill Chain Today’s sophisticated security devices have controls to catch different parts of an attack, but attackers can still find ways to evade defenses. Defense-in-depth fills the gaps—breaking the attacker’s kill chain. The theory behind the kill chain is that the more layers (or links) of defense you create to prevent different types of attacks, the more you maximize your protection. Each link represents part of an attacker’s methodology, but also represents an opportunity for you to implement a defense. STEP TWO Objectives/Exfiltration: Attacker accomplishes the attack (theft or damage). Lateral Movement / Pivoting: Malware moves through internal network to find and elevate privilege to valuable target. Command and Control (C&C): Malware calls home, providing attacker control. Infection/Installation: Payload establishes persistence in an individual host. Compromise/Exploitation: Attacker takes advantage of a software or human weakness to get the payload to run. Delivery: Attacker transmits payload via a communications vector. Reconnaissance: Attacker gains information about the target.
  • 13. Cyber Crime Comes to Main Street 13 See the Threat to Defend Against It Small businesses are breached every day, but a third of them admit to being uncertain about whether or not they were attacked.15 For both small and large organizations, it takes an average of 80 days for businesses to notice they’ve been breached.16 By that time, the damage is already done. These breaches are being missed because we’re drowning in an ocean of data. Since you can never have perfect defense, the third critical step in your security strategy is to implement discovery-and-response tools to help you see and handle the incidents that get past your gates. You need a tool that brings the data from all your security controls together and correlates different security triggers into a single incident so you don’t miss signs of a sophisticated, multi-vector attack. 3 Steps to Protecting Main Street STEP THREE
  • 14. Cyber Crime Comes to Main Street 14 Keep Main Street Safe Visibility and analytics tools such as WatchGuard Dimension™ translate millions of lines of logs into the thimble- full of intelligence you need to recognize and address problems in your network. SMBs and local government agencies are increasingly targets of sophisticated, enterprise-class network attacks. WatchGuard offers enterprise-class defense that’s designed specifically to meet the unique needs of SMBs. We’d love to help you keep Main Street safe. Contact us today!
  • 15. Cyber Crime Comes to Main Street 15 About Watchguard WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, best-of-breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available basis. ©2015 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, and Firebox are registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. 505 Fifth Avenue South Suite 500 Seattle, WA 98104 www.watchguard.com North America Sales +1.800.734.9905 International Sales +1.206.613.0895 1 2013 survey by the National Small Business Association, http://www.nsba.biz/wp-content/uploads/2013/09/Technology-Survey-2013.pdf 2 National Cyber Security Alliance, Stay Safe Online, Small Business Online Security Infographic, 2014, https://www.staysafeonline.org/stay-safe-online/resources/small-business-online-security-infographic 3 PWC’s Global State of Information Security Survey 2015, http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf 4 “Hackers put a bull’s-eye on small business.”http://www.pcworld.com/article/2046300/hackers-put-a-bulls-eye-on-small-business.html 5 “2012 Deloitte-NASCIO Cybersecurity Study: State governments at risk: a call for collaboration and compliance.”http://www.nascio.org/publications/documents/Deloitte-NASCIOCybersecurityStudy2012.pdf 6 “The threat from cybercrime?‘You ain’t seen nothing yet.’”PricewaterhouseCoopers (PwC) research, reported by CNBC http://www.cnbc.com/id/100959481 7 “Target Hackers Broke in Via HVAC Company.“ http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ 8 “Cybercrime and hacking are even bigger worries for small business owners.”http://www.theguardian.com/business/2015/jan/21/cybersecurity-small-business-thwarting-hackers-obama-cameron 9 “How Small Businesses Are Vulnerable to Cyber Attack.”http://www.mydigitalshield.com/small-businesses-vulnerable-cyber-attack/ 10 “The challenge of digital security: What will it take for retailers to protect themselves?”http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WHinfotype=SAappname=SNDE_RE_RE_USEN htmlfid=REW03017USENattachment=REW03017USEN.PDF#loaded 11 “2013 Survey on Medical Identity Theft.”http://medidfraud.org/2013-survey-on-medical-identity-theft/ 12 “2014 Fifth Annual Study on Medical Identity Theft.”http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft/ 13 AV-Test report http://www.av-test.org/en/statistics/malware/ 14 Miercom Performance Report http://www.watchguard.com/docs/analysis/miercom_report_062015.pdf 15 “The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations.”https://sophos.files.wordpress.com/2013/11/2013-ponemon-institute-midmarket-trends-sophos.pdf 16 “The Post Breach Boom.”Ponemon Institute study 2013. http://www.ponemon.org/local/upload/file/Post%20Breach%20Boom%20V7.pdf