By: Jameson P. McShea
"How will I get hacked? I barely use the internet!"...Sound familiar?
This seems to be a common response from businesses who are smaller in size. Business owners seem to have this common misconception that the malicious hackers of this world only target larger companies; this is not the case. 43% of cyber attacks target small businesses. And, even when those hackers are not targeting YOUR business, they could be using your business to get to a larger business- say, one of your clients.
If a hacker uses YOUR business to hack one of your clients of substantial size, are you properly insured to cover the cost?
SMALL BUSINESS THREAT EXAMPLE:
Fazio Mechanical Services, an small HVAC company contracted by Target Corporation, did a job for a local Target store branch. Target has a web hosted application for vendors like Fazio to submit contracts, electronically bill, and provide project management information. Hackers were informed of the business conducted between the vendor and Target, and decided to "phish" the HVAC company.
Phishing is a scam scheme, typically in the form of a email. The email usually appears to be from a company you use or have sensitive information in, like a bank. The email will "phish" to extract sensitive information, usually by scaring you into thinking your information has been breached and asking to confirm some personal information- say your social security number, credit card number, etc.
Succeeding with the phishing tactics, the hackers attained access to the web hosting service Target provides for vendors. Now all the hackers had to do was upload a file that seemed legitimate. Using a hacking tactic called, "hiding in plain sight", the hackers were able to upload a file to Target that ultimately gained them access to 40 million credit card numbers.
The hackers sold this information on the black market for a price. A day later Target was informed of the breach.