Why would a cyberattack on 15-person company raise any alarm bells? Why is it the a concern to anyone let alone the Department of Homeland Security?
There are millions of small businesses in the USA and globally, in fact over 100 million of them and this number is growing each year, and faster as the world changes employment strategies.
So, why are any of them a concern to a government agency like the DHS? Surely the DHS is focused on banks and larger companies, this is where the threat is? Keep them safe.
No, this is not so true. In a recent example, a small business working with utilities and government agencies, suffered a cyberattack that was an early thrust in the worst known hack by a foreign government into the USA’s national electric grid.
The Wall Street Journal have reconstructed the events around the hack that revealed huge vulnerabilities at the heart of the electric power system.
Rather than strike the utilities head on, the hackers went after the system’s soft and unprotected contractors and subcontractors. There are hundreds of them, all vulnerable and some more than others.
This should be sounding an alarm bell to every large corporate if not every company.
Small and medium sized businesses generally have no reason to be on high alert against foreign agents 24 hours a day. Why would they be? They also don’t have the people, systems or solutions in place to do this.
Yet through these small companies the hackers, in this case, found the footholds necessary to work their way up the supply chain. Enabling the final target to be reached, hacked and exposed. Some experts believe 20 or more utilities ultimately were breached.
The hackers have the time and resources to do this and they are aware that small and medium sized businesses are a very soft target.
Have you read it yet?
On a similar note and to underline the issue the FBI is investigating the alleged theft of 18,000 insurance and legal documents relating to the September 11 attacks on the World Trade Center by a hacker with a long record of holding companies to ransom. This ransom attack, if it did happen, highlights the vulnerability of a business not just from within but across a huge web of suppliers and partners.
This type of breach can lay your clients details bare, data lost and cause untold issues, at the very least a PR nightmare.
Where does this leave you?
What can you do about the growing threat of hackers? First, put in place the best tech barriers you can afford, get some advice too – know where you are weak. Buy cyber liability insurance to cover the recovery costs too. vulnerabilities change all the time, insurance is there to bring you back to life when all else fails.
Then patch your biggest vulnerability: your people. They need training and awareness of these issues, especially if you work for large corporates or government bodies.
It’s not just about employees having smarter passwords and spotting sketchy emails but also to think about their online actions. This is not about a list of rules, it’s about awareness and responsibility. Remember rules create a path for hackers to follow….