Small businesses are increasingly the target of hackers looking to steal credit card numbers and banking information. Though not garnering nearly the publicity of attacks on big companies and government agencies, the trend threatens the livelihood of business owners and their employees across the country.
In 2010, the Secret Service and Verizon dealt with 761 data breaches between the two of them, a huge leap from the 141 handled in 2009. Nearly two thirds of these were on companies with 100 or fewer employees. Meanwhile, Visa says about 95 percent of the data breaches it discovers take place at small businesses.
To make the challenge tougher, attackers don’t have to be all that sophisticated. They can buy different components of an attack from specialists, sort of like a not-so-glamorous Ocean’s 11, or “simply purchase an exploit kit in the underground and it handles the heavy lifting for them,” says Neil Daswani, a founder and CTO of security firm Dasient.
The problem is money — and not just the money that’s stolen. Small companies rarely have a full-time technical staff, or if they do it’s a small one. With too few hands and too little to spend, these firms have security that can generously be described as porous. At the same time, the stakes are high. If they lose enough money to hackers, many small businesses simply can’t survive. And here “enough money” can often be measured in the thousands of dollars.
“It’s going to get worse before it gets better,” Dean Kinsman, a special agent in the FBI’s cyber division, told The Wall Street Journal. It’s also a sign that security experts are going to be needed in places besides brand-name companies.