The trend for cyber-attacks against small businesses is reportedly increasing. But since mainstream media seldom reports the details of attacks against small businesses, it is hard for people outside of the cybersecurity world to know what crimes are really happening. Here is a selection of cyber-crimes that occurred in the last few months. The actual crime in several instances lasted at least six months before the crime was detected.
Online Aquarium Seller
The online seller’s website was compromised and customer data stolen. The attack may have continued for six months before discovered. The company set up website monitoring and hired a cybersecurity company to perform ongoing security testing. Customers were offered credit monitoring for free for a year.
Online Vegan Cosmetic Company
The seller’s website was hacked possibly several times and data was stolen. It was reported to have occurred for over four months. The company discussed its data breach on social media and several commenters responded that the company had an out-of-date SSL certificate. Free credit monitoring was offered to customers. On one blog, a customer suggested victims report the theft to California State Attorney General for investigations, since the person was not sure if the company would report it.
Nonprofit Drug and Alcohol Rehabilitation Organization
It was reported that someone with inside information attacked the payroll database of this organization. The payroll system was hosted by a third party and personal data of approximately 2,000 employees was possibly stolen. The non-profit worked with law enforcement in its investigation.
Internet Marketing Company
Several sites were recently disrupted with Islamic State of Iraq and al-Sham, commonly known as ISIS, messages. It is not known who the attackers were, but one target was an internet marketing company. Its website content was removed and replaced with a “Hacked by Islamic State (ISIS) We are everywhere.” message on the home page. Another company that suffered a similar attack was a speedway site.
Online presence and internal systems are being hacked frequently, for a variety of reasons. None of the above companies knew they would be a target. Some were better prepared than others. The financial and reputational impact can be significant. Savvy businesses now realize they are as likely to be a cyber victim as a large corporation.
To receive our daily blogs, please follow us on Twitter!