Small Business: The New Black In Cybercrime Targets
Enticed by poor defenses of mom-and-pop shops, hackers turn away from hardened defenses of banks and large enterprises
By Tim Wilson DarkReading
WASHINGTON, D.C. -- Visa Security Summit 2009 -- Hacking banks and large businesses? That's sooo 2008.
Hackers and computer criminals this year are taking a new aim -- directly at small and midsize businesses, according to experts who spoke here today at Visa's annual security event. The consensus: Smaller businesses offer a much more attractive target than larger enterprises that have steeled themselves with years of security spending and compliance efforts.
"As the security becomes better at large companies, the small business begins to look more and more enticing to computer criminals," said Charles Matthews, president of the International Council for Small Business, in a panel presentation here. "It's the path of least resistance."
Matthews quoted industry research that states small businesses are far less prepared to defend themselves against cyberattack. "Nearly one-fifth of small businesses don't even use antivirus software," he said. "Sixty percent don't use any encryption on their wireless links. Two-thirds of small businesses don't have a security plan in place. These numbers are both surprising and disturbing."
And many small businesses still don't know they are targets, according to Chris Gray, director of innovation policy at the Canadian Chamber of Commerce and another member of the panel. "According to a brief survey we conducted, about two-thirds of small and medium-sized businesses believe that large companies are the main target for cybercrime," he reported. "Yet 85 percent of the fraud we see in business occurs in small and medium-sized businesses." Editor's Note: Small to Medium Internet Businesses can provide a dually authenticated, end-to-end encrypted payment solution for their e-shoppers. For these e-SME's the cost of PCI DSS compliance is costly, time consuming and confusing. You can solve your compliance issues and eliminate the cost by employing HomeATM's PCI 2.0 PED's. The cost is far less than achieving PCI 2.0 compliance on your own, and since we employ DUKPT key management techniques, the cardholder's data is NEVER transmitted. End result? Your e-business would be effectively removed from the burden of PCI DSS' scope. For more information, email us...