If you have been reading the news lately and picking up on all the commotion around hack attacks on some of the big guns like Google, Yahoo and Adobe you may be experiencing a twinge of anxiety over the security for your own business. You may have believed your network was invincible so this news could leave you feeling shaky. You have good reason to feel this way – according to an article in the Sydney Morning Herald the number of hackers tampering with private financial information belonging to Australian business is on the rise. Obviously using the internet and intranet for business has become a viable solution to accomplishing company objectives, but on the downside the criminal faction sees just as much opportunity.
Australia is a Frequent Target for Cyber Crime
Symantec, a data security firm reported that Australian and New Zealand businesses suffer 75% more security breaches than the global average with 89% of the companies polled in the last 12 months admitting at least one intrusion. Hackers are not necessarily going after the major companies where they can make off with large sums of money. Like any other thief, they go where the risk is low and they can get in and out of a system quickly and without detection. The fact is you don’t have to be at any particular level of business profitability to be targeted. Smaller companies tend to use less comprehensive IT security making them more susceptible. In general, hackers are interested in easy money. hacker list italia
Google and Other Large Corporations are Not Exempt
The threat does not always revolve around banking information or sensitive intellectual property. As Google discovered in December 2009, issues such as human rights are at stake in cyber attacks. The advertising and search giant was appalled that a highly organized effort dubbed “Aurora” was being made to hack into the Gmail accounts of Chinese human right activists. They managed to infiltrate only two accounts and were not able to see the account holders’ actual correspondence. The action put Google in the position where it felt it necessary to warn the Chinese human rights community of the attack and to prepare to withdraw business ties with China. Officials at Google did not directly accuse the Chinese government of being the perpetrators but they decided to review doing business with the country based its attempts to limit free speech on the internet. Google stated concern for the safety of the Chinese citizens and the potential for them to be interrogated and imprisoned.
There were at least 20 other large internet, media, finance and technology companies included in the attack: Yahoo, Adobe, Symantec, Dow Chemical and Northrop Grumman to name a few. It was accomplished through a technique called “spear phishing.” This resembles an attack against 100 IT companies in July 2009 where company employees were targeted with infected email attachments.
Small and Midsize Businesses have Minimal Defense
Most businesses are totally defenseless against these sophisticated attacks. They use instant messages and emails that seem innocent at first because the senders appear to be friends and trusted colleagues. The messages are fine-tuned to evade the anti-virus programs designed for these applications. Evidently the best practices for IT security that have successfully held attackers at bay for many years are no longer sufficient. There is an innovative caliber of attacks circulating around the globe using custom malware written specifically for individual companies. The hackers don’t seem to mind if it takes longer to get around the antivirus software in use by the large corporations. They continue painstakingly to tweak their malware until it is effective. Smaller companies that don’t have the budget for a large scale security have not stood a chance. The hackers have the ability to commandeer only one employee’s laptop and make it a gateway for total administrative access to the company’s entire network.