Monday, February 8, 2010

Defending Against the Small Business Threat

A great and overdue article in the Wall Street Journal this morning:  "Wanted: Defense Against Online Bank Fraud".   The article discusses a now popular cyber-crime first popularized in 2008 which is initiated by an online theft/fraud of insecured ATM/payroll data on user/client/small business PCs.  Fake payroll members are created and then [recruited] "money mules" cash out fraudulent paychecks from ATM terminals across the globe.  If the fraud is timed right, a small business can lose large sums from their payroll accounts within 24 hours or less. The FBI and the IC3 has been warning about this for some time:

Small businesses during a recession make  excellent targets.  It is a bit like capitalizing on sick children.  Large businesses and banks know the value of security infrastructure and development. They have lots to lose and they have been high priority targets in the past. (And they have just received big chunks of "Stimulus funding." ) Most small business employ limited staff, have a few PCs (perhaps running some accounting software), maybe some server or cloud infrastructure investments, and a web site or web/commerce site.
The few aggressive owners/proprietors that investigate securing their infrastructure may have done so on a "self-help" basis - implementing firewalls, UTM, anti-virus, anti-spyware.  But even these self-motivated individuals are in no way prepared to be the targets of dedicated information warfare from skilled global criminal enterprises originating in eastern Europe, South America, Russia, China, etc. Thus, in less than 24 hours, small business payroll accounts, many of these derived from  'bridge loans' from local banks, are wiped out.  The targeting of small business by cyber-criminals is an "anti-stimulus" effort; functioning to effectively siphon funds from a weakened American economy.

No comments:

Post a Comment