CHANNEL PARTNERS EVOLUTION — As large enterprises have become smarter in defending against cyberattacks, criminals have increasingly turned their attention to small and medium-size businesses, an expert noted Monday during Channel Partners Evolution.
About a third of attacks are against SMBs, said Mike Davis of CounterTack. He described common ways that customers get hacked by cybersecurity scoundrels and highlighted the costs for the victims.
Davis said a data breach will cost a small business a whopping $300,000 on average. Just retaining an expert to review systems and determine how the attacker penetrated a system costs a minimum of $100,000, noted Davis, the CTO of CounterTack, which provides behavior-based detection, analysis and response technology.
“The cost of a breach is really expensive,” the security expert said.
Commenting on data breaches, Davis observed the majority involve weak, default or stolen passwords. He recommended using longer passwords, such as your favorite quote from a movie.
Davis highlighted the importance of regularly “patching” or addressing security vulnerabilities. The majority of vulnerabilities observed on enterprise networks are two years old or more, while half of exploitations occur between 10 and 100 days after the vulnerable information is published, he indicated.
Phishing campaigns in particular are very effective for the crooks, with such tactics producing a 30-percent open rate, Davis disclosed. But he shared some good news: Training people to detect phishing email scams also has proven effective in defending against such scams.
Part of Davis’ talk addressed misconceptions around cybersecurity. For instance, he noted credit cards are fairly well protected, while thieves today are targeting email addresses because they hold valuable information concerning one’s identity and may be linked to other services such as a person’s social media accounts.
On the black market, a person’s credit card information is only worth $1.50, while medical records are valued at $50, he noted.
Davis addressed fears over the security of mobile devices. He said a 2015 study indicated that only .015 percent of U.S. mobile devices were infected with malware, a figure he described as “so small it doesn’t matter.” However, mobile security is more prominent in places like Asia and Russia, he cautioned.
Speaking of Russia, Davis described a gang there that is notorious for its cybercrime activities and writes malware software.
While U.S. mobile devices may not be extremely vulnerable to malware attacks, the mobile phones themselves hold valuable information that could be exploited if the devices themselves are stolen. Davis reported that 70 million smartphones are lost each year, with only 7 percent recovered. He recommended not storing data on a mobile phone, using encryption and rewarding – rather than punishing – employees for immediately reporting a stolen or lost device.