Why SMBs Are Easy Targets, But Don't Know ItMonday, March 18, 2013
Posted by Andy Wendt
An interview with Sam Glines, CEO of NorseCorp
1. Should SMBs be worried about targeted attacks by hackers and cybercriminals?
Getting hacked isn’t something that keeps most website owners—the majority of whom are small and medium business owners—awake at night. What we need to understand is that today’s hackers do not discriminate by size, revenue, or type of site they attack. A hacker will certainly prize a larger site over a smaller one when it comes to a potential target, but gaining access to a site is not always the end goal. Often the goal is hijacking the bandwidth or servers of a company and marshaling those assets in a DDos attack on other targets. We have seen instances where a small, local law firm’s website was used as a bot in an attack on a large national bank.
2. Why do most small businesses have the mentality that they won’t get hacked?
“Why would anyone want to hack MY website?” is the most common mentality we see. For most, cyber-attacks are the concern of major corporations. Essentially, businesses are missing a global perspective on all the malicious bots and attacks happening around the world and their origin. From DVRs, smart TVs to old laptops there are many devices out there within these businesses' walls that are vulnerable to attack or spreading malware unknowingly from the owner's network.
3. How should SMBs protect themselves today vs. five years ago?
Ten years ago hackers chose a target site, studied it to discover its vulnerabilities, potentially developed exploit code to test multiple attack scenarios, and then tried to compromise and take over control of the server. It was also very popular to develop a computer virus to spreads across the Internet essentially clogging corporate email systems.
The biggest shift in Internet security is the surge in cybercrime and malicious hacking from automated hacking programs and botnets. Today, ever-improving tools and cheap computing power, and virtualized servers have allowed hackers and cybercriminals to change their game. A hacker can now automate an attack, simultaneously probing, attacking and compromising thousands of sites around the world, and launch it from an unsuspecting user or organization’s computer.
Conventional security solutions are reactive, using static and mostly out-of-date data. Despite a plethora of available security solutions, hackers always seem to be one step ahead forcing users into a never-ending cycle of patching and updating catch-up. To the average user, these bots are mostly invisible and victims usually don’t learn of an attack until the damage is done. The key to modern-day cyber security is live threat intelligence that can identify threats on the Internet live and prevent security breaches before they occur.
4. How do hacks impact SMBs using their websites for online retailing and e-commerce?
Any SMBs who have e-commerce or online financial information within their sites are playing with fire if they don’t take the necessary steps to secure their site. Security breaches put their customer’s and the company’s information at risk for fraud. As much of the world’s commerce has been moved online, the rate of cybercrimes has increased. For instance, a small business website can be hijacked and used to submit fraudulent credit card transactions. The most salient information for website owners is what they can do to protect themselves and their business against fraud.
One good example we saw was in 2012 a political campaign’s fund-raising Web site became the target of a sophisticated, automated attack that continued for months. The attack seeded the campaign’s donation system with fraudulent transactions using stolen and otherwise compromised credit and debit card data. Significant losses accrued from more than 1,500 fraudulent transactions, putting $403,000 at risk before campaign staff recognized a problem. By embedding Norse’s technology into the fund-raising website, the campaign was able to implement it and eliminate the threat to its fundraising efforts.
5. NorseCorp just launched IPVenger, a WordPress plug-in aimed at website security– Can you tell us a little more about the technology behind it?
Sure, IPVenger focuses on blocking malicious and high risk web traffic using Norse’s live threat Intelligence before it gains access to a website. It automatically assesses the risk level of every visitor to a website, proactively blocking hackers, bots, malware, and comment spam before it has a chance to enter the site. It does this based on Norse’s proprietary IPQ risk score, which uses over 1500 to calculate the risk level of an IP address. The technology behind IPVenger is based on NorseCorp’s IPViking, our core technology. IPVenger is different from other web security solutions in it’s ability to detect and block zero-hour exploits and adapts to new threats automatically.
6. What’s the most important thing for SMBs to understand about security in an era of increased cybercrime?
It is important to understand that your site is only as secure as your host. WordPress, which powers nearly 70 million websites operated by individuals, small and medium businesses, enterprise-level companies, agencies and organizations – many of whom are responsible for multiple domains. How a WordPress site is configured and hosted is critical to its security – it can be run on a private physical server, a virtual private server, a shared hosted server or a hosted virtual private server. The majority of websites live in a shared hosting environment supported by a third party hosting provider. This is where site owners and operators will want to be especially careful. A shared hosting provider may support thousands of other websites, and a given server could easily host 100 or more websites in addition to yours. Even if your site doesn’t draw a lot of traffic, it still shares architecture, source code and other technical similarities, including security vulnerabilities, with millions of other sites. In short, a hack on a site with shared architecture means your site is also at high risk.
Most of today’s websites rely on a reactive model of security. They can prevent the kind of attacks already known, but they remain helpless against undiscovered vulnerabilities and threats. Unfortunately, it’s these unknown threats that cause the most damage. The nature of today’s cyber threats requires solutions using live threat intelligence.
7. How is the era of hacktivism and advance persistent threats impacting SMBs as compared to enterprises?
SMBs constitute a cybercrime sweet spot. They are usually more lucrative targets than private individuals, and they typically devote far less time and fewer resources to online security than their enterprise-level counterparts. Most bloggers and website owners make the security of their WordPress site an afterthought. In developing a mindset that is more attuned to the new era of cybercrime, individual site owners should make the assumption that his or her site or network is already vulnerable and under attack and carefully consider the potential impact to their business if their website was hacked and unavailable for a period of time. For many small businesses this can be catastrophic.