Cyber Attack Plague

This article excerpt, written by Jakub Lewkowicz, originally appeared on LIBN:

The passwords won’t work, the files are stolen, the money is leaking and you suddenly realize the company was hacked.

Whether it’s a large corporation or a small business, hackers don’t discriminate who they steal from. Any data that has value – credit cards, Social Security numbers, client files, intellectual property or medical information – is a target.

Some 44 percent of small businesses claim they have been victims of these attacks, according to a 2013 Small Business Association Technological Survey. Between $5 billion and 10 billion are lost annually in New York due to these attacks and $26.3 billion were lost due to identity theft in the United States in 2014.

“In most of the cases companies had old legacy software, weak passwords, information that wasn’t secure or a text file with all the passwords,” said Scott Schober, CEO and president of Metuchen, N.J.-based Berkeley Varitronics Systems and a cybersecurity expert. “Anybody could look at the screen and copy down the passwords.”

Hackers get through the digital point of sale, get onto the network, install malware and get the credit card numbers, said Blake Cornell, chief technology officer of Integris Security in Garden City.

“Most breaches are caused by human error,” said David Tan, CTO of CHIPS Technology Group in Syosset.

Cornell said the biomedical industry is a huge target for hackers now and in the future.

“Protected health information is more valuable than a credit card number on the Internet,” Cornell said. “Even when the company is hacked, customers, patients, everyone from children to grandmothers could be vulnerable.”

“Oftentimes hospitals don’t have the greatest security,” Schober said. “They have enough trouble processing medical claims normally.”

The primary incentive for hackers is usually to steal money but sometimes they look for “companies that have intellectual property that can shape the future,” Cornell said. This may include companies with blueprints for military equipment or medicines and biotechnology in their early stages.

Hacking critical infrastructure could have the most deadly potential because it causes physical damage. Water purification, sewage treatment and even nuclear weapon systems could be tampered with and taken advantage of by terrorists, posing a new national security risk, experts said.

Over the past few years, companies have neglected the importance of bolstering their security systems. As a result, big names such as Target, Home Depot and Sony Pictures fell prey to malicious hackers.

Big companies need to minimize risk by conducting risk assessments,” said Cornell, adding that employers need to train their employees about how to keep information secure. “Trust your IT department but have a third party come to verify.”

Tan said that big businesses have been bigger targets simply because they hold more valuable information but some small businesses are a conduit into big companies, adding to the fact they are viable targets.

Unfortunately, not all companies have the ability to shield themselves equally.

Schober said that law enforcement is not doing enough to tell company owners what caused them to get hacked and how they can prevent it in the future.

Tan said law enforcement can’t really prevent it.

“It’s difficult fighting an uphill battle,” Tan said. “There’s not a lot they can do before the fact.”

Go here to see the original article: